From 910a78c55a08bcb9c3cabbca4b38198dc5b58e21 Mon Sep 17 00:00:00 2001 From: "Mauro S. M. Rodrigues" Date: Mon, 1 Jun 2020 17:34:32 -0300 Subject: [PATCH] Squashed 'libstb/tss2/ibmtpm20tss/utils/' content from commit fae1383d3d git-subtree-dir: libstb/tss2/ibmtpm20tss/utils git-subtree-split: fae1383d3d859bacac1084fe822ce9f313e01f4e Signed-off-by: Oliver O'Halloran --- .../ibmtpm20tss/utils/CommandAttributeData.c | 960 ++ .../utils/CommandAttributeData12.c | 121 + .../ibmtpm20tss/utils/CommandAttributes.h | 108 + libstb/tss2/ibmtpm20tss/utils/Commands.c | 2294 +++++ libstb/tss2/ibmtpm20tss/utils/Commands12.c | 599 ++ libstb/tss2/ibmtpm20tss/utils/Commands12_fp.h | 93 + libstb/tss2/ibmtpm20tss/utils/Commands_fp.h | 505 ++ libstb/tss2/ibmtpm20tss/utils/Makefile.am | 594 ++ libstb/tss2/ibmtpm20tss/utils/Platform.h | 361 + libstb/tss2/ibmtpm20tss/utils/Unmarshal.c | 4961 +++++++++++ libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c | 542 ++ .../ibmtpm20tss/utils/activatecredential.c | 328 + libstb/tss2/ibmtpm20tss/utils/applink.c | 107 + libstb/tss2/ibmtpm20tss/utils/cakey.pem | 30 + libstb/tss2/ibmtpm20tss/utils/cakeyecc.pem | 7 + .../ibmtpm20tss/utils/certificates/.cvsignore | 4 + .../IFX_TPM_EK_Intermediate_CA_01.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_02.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_03.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_04.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_05.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_08.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_17.pem | 25 + .../IFX_TPM_EK_Intermediate_CA_18.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_20.pem | 27 + .../IFX_TPM_EK_Intermediate_CA_21.pem | 25 + .../utils/certificates/IFX_TPM_EK_Root_CA.pem | 26 + ..._TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem | 25 + ...n_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem | 25 + ...C_Manufacturing_CA_011.crt-C-v01_00-EN.pem | 20 + ...A_Manufacturing_CA_011.crt-C-v01_00-EN.pem | 33 + ...M1.2_VRSN_root_certificate-C-v01_00-EN.pem | 24 + .../Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem | 15 + ...n-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem | 25 + ...-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem | 25 + ...-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem | 25 + ...-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem | 25 + ...-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem | 25 + ...-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem | 25 + .../Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem | 33 + .../certificates/InfineonECCChain010.pem | 35 + .../InfineonOPTIGAECCManufacturingCA010.pem | 20 + .../InfineonOPTIGARSAManufacturingCA010.pem | 33 + .../certificates/InfineonRSAChain010.pem | 66 + .../certificates/IntelEKIntermediate.pem | 23 + .../utils/certificates/IntelEKRootCA.pem | 16 + .../utils/certificates/NationZEkMfrCA001.crt | 20 + .../utils/certificates/NationZEkMfrCA002.crt | 20 + .../utils/certificates/NationZEkMfrCA003.crt | 20 + .../utils/certificates/NationZEkRootCA.crt | 15 + .../certificates/NuvotonTPMRootCA0100.pem | 13 + .../certificates/NuvotonTPMRootCA1110.pem | 13 + .../certificates/NuvotonTPMRootCA2110.pem | 13 + .../ibmtpm20tss/utils/certificates/cacert.pem | 21 + .../utils/certificates/cacertecc.pem | 13 + .../utils/certificates/gstpmroot.pem | 23 + .../utils/certificates/rootcerts.txt | 49 + .../utils/certificates/rootcerts.windows.txt | 49 + .../utils/certificates/stmtpmeccint01.pem | 15 + .../utils/certificates/stmtpmeccroot01.pem | 17 + .../utils/certificates/stmtpmekint01.pem | 23 + .../utils/certificates/stmtpmekint02.pem | 23 + .../utils/certificates/stmtpmekint03.pem | 23 + .../utils/certificates/stmtpmekint04.pem | 23 + .../utils/certificates/stmtpmekint05.pem | 23 + .../utils/certificates/stmtpmekroot.pem | 24 + .../utils/certificates/tpmeccroot.pem | 17 + libstb/tss2/ibmtpm20tss/utils/certify.c | 411 + .../tss2/ibmtpm20tss/utils/certifycreation.c | 453 + libstb/tss2/ibmtpm20tss/utils/certifyx509.c | 1497 ++++ libstb/tss2/ibmtpm20tss/utils/changeeps.c | 216 + libstb/tss2/ibmtpm20tss/utils/changepps.c | 216 + libstb/tss2/ibmtpm20tss/utils/clear.c | 238 + libstb/tss2/ibmtpm20tss/utils/clearcontrol.c | 258 + .../tss2/ibmtpm20tss/utils/clockrateadjust.c | 260 + libstb/tss2/ibmtpm20tss/utils/clockset.c | 310 + libstb/tss2/ibmtpm20tss/utils/commit.c | 395 + libstb/tss2/ibmtpm20tss/utils/contextload.c | 146 + libstb/tss2/ibmtpm20tss/utils/contextsave.c | 162 + libstb/tss2/ibmtpm20tss/utils/create.c | 717 ++ libstb/tss2/ibmtpm20tss/utils/createek.c | 294 + libstb/tss2/ibmtpm20tss/utils/createekcert.c | 488 ++ libstb/tss2/ibmtpm20tss/utils/createloaded.c | 635 ++ libstb/tss2/ibmtpm20tss/utils/createprimary.c | 806 ++ libstb/tss2/ibmtpm20tss/utils/cryptoutils.c | 2079 +++++ libstb/tss2/ibmtpm20tss/utils/cryptoutils.h | 333 + .../utils/dictionaryattacklockreset.c | 216 + .../utils/dictionaryattackparameters.c | 255 + libstb/tss2/ibmtpm20tss/utils/duplicate.c | 353 + libstb/tss2/ibmtpm20tss/utils/eccparameters.c | 172 + libstb/tss2/ibmtpm20tss/utils/ecephemeral.c | 195 + libstb/tss2/ibmtpm20tss/utils/ekutils.c | 2314 +++++ libstb/tss2/ibmtpm20tss/utils/ekutils.h | 258 + .../tss2/ibmtpm20tss/utils/encryptdecrypt.c | 363 + libstb/tss2/ibmtpm20tss/utils/eventextend.c | 390 + libstb/tss2/ibmtpm20tss/utils/eventlib.c | 1095 +++ libstb/tss2/ibmtpm20tss/utils/eventlib.h | 212 + .../ibmtpm20tss/utils/eventsequencecomplete.c | 399 + libstb/tss2/ibmtpm20tss/utils/evictcontrol.c | 279 + libstb/tss2/ibmtpm20tss/utils/flushcontext.c | 143 + libstb/tss2/ibmtpm20tss/utils/getcapability.c | 819 ++ .../ibmtpm20tss/utils/getcommandauditdigest.c | 395 + .../tss2/ibmtpm20tss/utils/getcryptolibrary.c | 76 + libstb/tss2/ibmtpm20tss/utils/getrandom.c | 295 + .../ibmtpm20tss/utils/getsessionauditdigest.c | 391 + libstb/tss2/ibmtpm20tss/utils/gettestresult.c | 206 + libstb/tss2/ibmtpm20tss/utils/gettime.c | 395 + libstb/tss2/ibmtpm20tss/utils/hash.c | 310 + .../ibmtpm20tss/utils/hashsequencestart.c | 253 + .../ibmtpm20tss/utils/hierarchychangeauth.c | 358 + .../tss2/ibmtpm20tss/utils/hierarchycontrol.c | 291 + libstb/tss2/ibmtpm20tss/utils/hmac.c | 356 + libstb/tss2/ibmtpm20tss/utils/hmacstart.c | 278 + .../utils/ibmtss/ActivateCredential_fp.h | 88 + .../utils/ibmtss/ActivateIdentity_fp.h | 64 + .../tss2/ibmtpm20tss/utils/ibmtss/BaseTypes.h | 85 + .../utils/ibmtss/CertifyCreation_fp.h | 95 + .../ibmtpm20tss/utils/ibmtss/CertifyX509_fp.h | 91 + .../ibmtpm20tss/utils/ibmtss/Certify_fp.h | 93 + .../ibmtpm20tss/utils/ibmtss/ChangeEPS_fp.h | 79 + .../ibmtpm20tss/utils/ibmtss/ChangePPS_fp.h | 79 + .../utils/ibmtss/ClearControl_fp.h | 79 + .../tss2/ibmtpm20tss/utils/ibmtss/Clear_fp.h | 78 + .../utils/ibmtss/ClockRateAdjust_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/ClockSet_fp.h | 81 + .../tss2/ibmtpm20tss/utils/ibmtss/Commit_fp.h | 94 + .../ibmtpm20tss/utils/ibmtss/ContextLoad_fp.h | 84 + .../ibmtpm20tss/utils/ibmtss/ContextSave_fp.h | 84 + .../ibmtss/CreateEndorsementKeyPair_fp.h | 64 + .../utils/ibmtss/CreateLoaded_fp.h | 90 + .../utils/ibmtss/CreatePrimary_fp.h | 96 + .../utils/ibmtss/CreateWrapKey_fp.h | 65 + .../tss2/ibmtpm20tss/utils/ibmtss/Create_fp.h | 96 + .../ibmtss/DictionaryAttackLockReset_fp.h | 79 + .../ibmtss/DictionaryAttackParameters_fp.h | 86 + .../ibmtpm20tss/utils/ibmtss/Duplicate_fp.h | 91 + .../utils/ibmtss/ECC_Parameters_fp.h | 84 + .../ibmtpm20tss/utils/ibmtss/ECDH_KeyGen_fp.h | 85 + .../ibmtpm20tss/utils/ibmtss/ECDH_ZGen_fp.h | 86 + .../utils/ibmtss/EC_Ephemeral_fp.h | 84 + .../utils/ibmtss/EncryptDecrypt2_fp.h | 93 + .../utils/ibmtss/EncryptDecrypt_fp.h | 93 + .../utils/ibmtss/EventSequenceComplete_fp.h | 88 + .../utils/ibmtss/EvictControl_fp.h | 82 + .../tss2/ibmtpm20tss/utils/ibmtss/Extend_fp.h | 64 + .../utils/ibmtss/FlushContext_fp.h | 78 + .../utils/ibmtss/FlushSpecific_fp.h | 58 + .../utils/ibmtss/GetCapability12_fp.h | 65 + .../utils/ibmtss/GetCapability_fp.h | 90 + .../utils/ibmtss/GetCommandAuditDigest_fp.h | 91 + .../ibmtpm20tss/utils/ibmtss/GetRandom_fp.h | 84 + .../utils/ibmtss/GetSessionAuditDigest_fp.h | 93 + .../utils/ibmtss/GetTestResult_fp.h | 79 + .../ibmtpm20tss/utils/ibmtss/GetTime_fp.h | 91 + .../ibmtpm20tss/utils/ibmtss/HMAC_Start_fp.h | 88 + .../tss2/ibmtpm20tss/utils/ibmtss/HMAC_fp.h | 88 + .../utils/ibmtss/HashSequenceStart_fp.h | 88 + .../tss2/ibmtpm20tss/utils/ibmtss/Hash_fp.h | 89 + .../utils/ibmtss/HierarchyChangeAuth_fp.h | 80 + .../utils/ibmtss/HierarchyControl_fp.h | 83 + .../ibmtpm20tss/utils/ibmtss/Implementation.h | 1446 +++ .../tss2/ibmtpm20tss/utils/ibmtss/Import_fp.h | 93 + .../utils/ibmtss/IncrementalSelfTest_fp.h | 84 + .../utils/ibmtss/LoadExternal_fp.h | 87 + .../ibmtpm20tss/utils/ibmtss/LoadKey2_fp.h | 66 + .../tss2/ibmtpm20tss/utils/ibmtss/Load_fp.h | 88 + .../utils/ibmtss/MakeCredential_fp.h | 89 + .../utils/ibmtss/MakeIdentity_fp.h | 66 + libstb/tss2/ibmtpm20tss/utils/ibmtss/NTC_fp.h | 52 + .../ibmtpm20tss/utils/ibmtss/NV_Certify_fp.h | 98 + .../utils/ibmtss/NV_ChangeAuth_fp.h | 81 + .../utils/ibmtss/NV_DefineSpace12_fp.h | 52 + .../utils/ibmtss/NV_DefineSpace_fp.h | 83 + .../ibmtpm20tss/utils/ibmtss/NV_Extend_fp.h | 83 + .../utils/ibmtss/NV_GlobalWriteLock_fp.h | 79 + .../utils/ibmtss/NV_Increment_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/NV_ReadLock_fp.h | 81 + .../utils/ibmtss/NV_ReadPublic_fp.h | 85 + .../utils/ibmtss/NV_ReadValueAuth_fp.h | 65 + .../utils/ibmtss/NV_ReadValue_fp.h | 65 + .../ibmtpm20tss/utils/ibmtss/NV_Read_fp.h | 89 + .../ibmtpm20tss/utils/ibmtss/NV_SetBits_fp.h | 83 + .../utils/ibmtss/NV_UndefineSpaceSpecial_fp.h | 81 + .../utils/ibmtss/NV_UndefineSpace_fp.h | 81 + .../utils/ibmtss/NV_WriteLock_fp.h | 81 + .../utils/ibmtss/NV_WriteValueAuth_fp.h | 57 + .../utils/ibmtss/NV_WriteValue_fp.h | 55 + .../ibmtpm20tss/utils/ibmtss/NV_Write_fp.h | 85 + .../tss2/ibmtpm20tss/utils/ibmtss/OIAP_fp.h | 78 + .../tss2/ibmtpm20tss/utils/ibmtss/OSAP_fp.h | 60 + .../utils/ibmtss/ObjectChangeAuth_fp.h | 89 + .../utils/ibmtss/OwnerReadInternalPub_fp.h | 62 + .../utils/ibmtss/OwnerSetDisable_fp.h | 50 + .../utils/ibmtss/PCR_Allocate_fp.h | 89 + .../ibmtpm20tss/utils/ibmtss/PCR_Event_fp.h | 85 + .../ibmtpm20tss/utils/ibmtss/PCR_Extend_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/PCR_Read_fp.h | 85 + .../ibmtpm20tss/utils/ibmtss/PCR_Reset12_fp.h | 51 + .../ibmtpm20tss/utils/ibmtss/PCR_Reset_fp.h | 78 + .../utils/ibmtss/PCR_SetAuthPolicy_fp.h | 85 + .../utils/ibmtss/PCR_SetAuthValue_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/PP_Commands_fp.h | 80 + .../ibmtpm20tss/utils/ibmtss/Parameters.h | 386 + .../ibmtpm20tss/utils/ibmtss/Parameters12.h | 68 + .../ibmtpm20tss/utils/ibmtss/PcrRead12_fp.h | 56 + .../utils/ibmtss/PolicyAuthValue_fp.h | 79 + .../utils/ibmtss/PolicyAuthorizeNV_fp.h | 81 + .../utils/ibmtss/PolicyAuthorize_fp.h | 86 + .../utils/ibmtss/PolicyCommandCode_fp.h | 80 + .../utils/ibmtss/PolicyCounterTimer_fp.h | 85 + .../utils/ibmtss/PolicyCpHash_fp.h | 81 + .../utils/ibmtss/PolicyDuplicationSelect_fp.h | 85 + .../utils/ibmtss/PolicyGetDigest_fp.h | 84 + .../utils/ibmtss/PolicyLocality_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/PolicyNV_fp.h | 88 + .../utils/ibmtss/PolicyNameHash_fp.h | 81 + .../utils/ibmtss/PolicyNvWritten_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/PolicyOR_fp.h | 81 + .../ibmtpm20tss/utils/ibmtss/PolicyPCR_fp.h | 82 + .../utils/ibmtss/PolicyPassword_fp.h | 79 + .../utils/ibmtss/PolicyPhysicalPresence_fp.h | 78 + .../utils/ibmtss/PolicyRestart_fp.h | 79 + .../utils/ibmtss/PolicySecret_fp.h | 95 + .../utils/ibmtss/PolicySigned_fp.h | 96 + .../utils/ibmtss/PolicyTemplate_fp.h | 81 + .../utils/ibmtss/PolicyTicket_fp.h | 89 + .../tss2/ibmtpm20tss/utils/ibmtss/Quote2_fp.h | 69 + .../tss2/ibmtpm20tss/utils/ibmtss/Quote_fp.h | 91 + .../ibmtpm20tss/utils/ibmtss/RSA_Decrypt_fp.h | 90 + .../ibmtpm20tss/utils/ibmtss/RSA_Encrypt_fp.h | 89 + .../ibmtpm20tss/utils/ibmtss/ReadClock_fp.h | 77 + .../ibmtpm20tss/utils/ibmtss/ReadPubek_fp.h | 63 + .../ibmtpm20tss/utils/ibmtss/ReadPublic_fp.h | 84 + .../tss2/ibmtpm20tss/utils/ibmtss/Rewrap_fp.h | 92 + .../ibmtpm20tss/utils/ibmtss/SelfTest_fp.h | 78 + .../utils/ibmtss/SequenceComplete_fp.h | 92 + .../utils/ibmtss/SequenceUpdate_fp.h | 82 + .../utils/ibmtss/SetAlgorithmSet_fp.h | 81 + .../ibmtss/SetCommandCodeAuditStatus_fp.h | 84 + .../utils/ibmtss/SetPrimaryPolicy_fp.h | 79 + .../ibmtpm20tss/utils/ibmtss/Shutdown_fp.h | 79 + .../tss2/ibmtpm20tss/utils/ibmtss/Sign12_fp.h | 65 + .../tss2/ibmtpm20tss/utils/ibmtss/Sign_fp.h | 89 + .../utils/ibmtss/StartAuthSession_fp.h | 97 + .../ibmtpm20tss/utils/ibmtss/Startup12_fp.h | 50 + .../ibmtpm20tss/utils/ibmtss/Startup_fp.h | 84 + .../ibmtpm20tss/utils/ibmtss/StirRandom_fp.h | 78 + libstb/tss2/ibmtpm20tss/utils/ibmtss/TPMB.h | 104 + .../tss2/ibmtpm20tss/utils/ibmtss/TPM_Types.h | 2825 ++++++ .../utils/ibmtss/TakeOwnership_fp.h | 67 + .../ibmtpm20tss/utils/ibmtss/TestParms_fp.h | 79 + .../utils/ibmtss/TpmBuildSwitches.h | 87 + .../ibmtpm20tss/utils/ibmtss/Unmarshal12_fp.h | 94 + .../ibmtpm20tss/utils/ibmtss/Unmarshal_fp.h | 696 ++ .../tss2/ibmtpm20tss/utils/ibmtss/Unseal_fp.h | 83 + .../utils/ibmtss/VerifySignature_fp.h | 88 + .../ibmtpm20tss/utils/ibmtss/ZGen_2Phase_fp.h | 93 + .../ibmtpm20tss/utils/ibmtss/tpmconstants12.h | 1721 ++++ .../utils/ibmtss/tpmstructures12.h | 2482 ++++++ .../ibmtpm20tss/utils/ibmtss/tpmtypes12.h | 148 + libstb/tss2/ibmtpm20tss/utils/ibmtss/tss.h | 112 + .../tss2/ibmtpm20tss/utils/ibmtss/tsscrypto.h | 164 + .../ibmtpm20tss/utils/ibmtss/tsscryptoh.h | 100 + .../tss2/ibmtpm20tss/utils/ibmtss/tsserror.h | 115 + .../ibmtpm20tss/utils/ibmtss/tsserror12.h | 248 + .../tss2/ibmtpm20tss/utils/ibmtss/tssfile.h | 95 + .../ibmtpm20tss/utils/ibmtss/tssmarshal.h | 1628 ++++ .../ibmtpm20tss/utils/ibmtss/tssmarshal12.h | 192 + .../tss2/ibmtpm20tss/utils/ibmtss/tssprint.h | 290 + .../ibmtpm20tss/utils/ibmtss/tssprintcmd.h | 172 + .../utils/ibmtss/tssresponsecode.h | 62 + .../ibmtpm20tss/utils/ibmtss/tsstransmit.h | 80 + .../tss2/ibmtpm20tss/utils/ibmtss/tssutils.h | 101 + libstb/tss2/ibmtpm20tss/utils/imaextend.c | 437 + libstb/tss2/ibmtpm20tss/utils/imalib.c | 1832 ++++ libstb/tss2/ibmtpm20tss/utils/imalib.h | 222 + libstb/tss2/ibmtpm20tss/utils/import.c | 377 + libstb/tss2/ibmtpm20tss/utils/importpem.c | 482 + libstb/tss2/ibmtpm20tss/utils/load.c | 280 + libstb/tss2/ibmtpm20tss/utils/loadexternal.c | 542 ++ .../tss2/ibmtpm20tss/utils/makecredential.c | 303 + libstb/tss2/ibmtpm20tss/utils/makefile-common | 99 + .../tss2/ibmtpm20tss/utils/makefile-common12 | 70 + .../tss2/ibmtpm20tss/utils/makefile-common20 | 180 + libstb/tss2/ibmtpm20tss/utils/makefile.mac | 454 + libstb/tss2/ibmtpm20tss/utils/makefile.mak | 255 + libstb/tss2/ibmtpm20tss/utils/makefile.min | 178 + libstb/tss2/ibmtpm20tss/utils/makefile.nofile | 243 + libstb/tss2/ibmtpm20tss/utils/makefiletpm12 | 265 + libstb/tss2/ibmtpm20tss/utils/makefiletpm20 | 494 ++ libstb/tss2/ibmtpm20tss/utils/makefiletpmc | 515 ++ .../utils/man/man1/tssactivatecredential.1 | 41 + .../ibmtpm20tss/utils/man/man1/tsscertify.1 | 46 + .../utils/man/man1/tsscertifycreation.1 | 49 + .../utils/man/man1/tsscertifyx509.1 | 68 + .../ibmtpm20tss/utils/man/man1/tsschangeeps.1 | 16 + .../ibmtpm20tss/utils/man/man1/tsschangepps.1 | 16 + .../ibmtpm20tss/utils/man/man1/tssclear.1 | 20 + .../utils/man/man1/tssclearcontrol.1 | 23 + .../utils/man/man1/tssclockrateadjust.1 | 22 + .../ibmtpm20tss/utils/man/man1/tssclockset.1 | 31 + .../ibmtpm20tss/utils/man/man1/tsscommit.1 | 46 + .../utils/man/man1/tsscontextload.1 | 11 + .../utils/man/man1/tsscontextsave.1 | 14 + .../ibmtpm20tss/utils/man/man1/tsscreate.1 | 127 + .../ibmtpm20tss/utils/man/man1/tsscreateek.1 | 33 + .../utils/man/man1/tsscreateekcert.1 | 40 + .../utils/man/man1/tsscreateloaded.1 | 128 + .../utils/man/man1/tsscreateprimary.1 | 131 + .../man/man1/tssdictionaryattacklockreset.1 | 16 + .../man/man1/tssdictionaryattackparameters.1 | 25 + .../ibmtpm20tss/utils/man/man1/tssduplicate.1 | 43 + .../utils/man/man1/tsseccparameters.1 | 16 + .../utils/man/man1/tssecephemeral.1 | 20 + .../utils/man/man1/tssencryptdecrypt.1 | 37 + .../utils/man/man1/tsseventextend.1 | 29 + .../utils/man/man1/tsseventsequencecomplete.1 | 40 + .../utils/man/man1/tssevictcontrol.1 | 29 + .../utils/man/man1/tssflushcontext.1 | 11 + .../utils/man/man1/tssgetcapability.1 | 58 + .../utils/man/man1/tssgetcommandauditdigest.1 | 43 + .../utils/man/man1/tssgetcryptolibrary.1 | 10 + .../ibmtpm20tss/utils/man/man1/tssgetrandom.1 | 29 + .../utils/man/man1/tssgetsessionauditdigest.1 | 46 + .../utils/man/man1/tssgettestresult.1 | 16 + .../ibmtpm20tss/utils/man/man1/tssgettime.1 | 43 + .../tss2/ibmtpm20tss/utils/man/man1/tsshash.1 | 30 + .../utils/man/man1/tsshashsequencestart.1 | 23 + .../utils/man/man1/tsshierarchychangeauth.1 | 32 + .../utils/man/man1/tsshierarchycontrol.1 | 25 + .../tss2/ibmtpm20tss/utils/man/man1/tsshmac.1 | 37 + .../ibmtpm20tss/utils/man/man1/tsshmacstart.1 | 25 + .../ibmtpm20tss/utils/man/man1/tssimaextend.1 | 37 + .../ibmtpm20tss/utils/man/man1/tssimport.1 | 43 + .../ibmtpm20tss/utils/man/man1/tssimportpem.1 | 66 + .../tss2/ibmtpm20tss/utils/man/man1/tssload.1 | 31 + .../utils/man/man1/tssloadexternal.1 | 73 + .../utils/man/man1/tssmakecredential.1 | 34 + .../utils/man/man1/tssntc2getconfig.1 | 19 + .../utils/man/man1/tssntc2lockconfig.1 | 10 + .../utils/man/man1/tssntc2preconfig.1 | 67 + .../ibmtpm20tss/utils/man/man1/tssnvcertify.1 | 52 + .../utils/man/man1/tssnvchangeauth.1 | 25 + .../utils/man/man1/tssnvdefinespace.1 | 101 + .../ibmtpm20tss/utils/man/man1/tssnvextend.1 | 28 + .../utils/man/man1/tssnvglobalwritelock.1 | 19 + .../utils/man/man1/tssnvincrement.1 | 19 + .../ibmtpm20tss/utils/man/man1/tssnvread.1 | 50 + .../utils/man/man1/tssnvreadlock.1 | 22 + .../utils/man/man1/tssnvreadpublic.1 | 36 + .../ibmtpm20tss/utils/man/man1/tssnvsetbits.1 | 22 + .../utils/man/man1/tssnvundefinespace.1 | 23 + .../man/man1/tssnvundefinespacespecial.1 | 22 + .../ibmtpm20tss/utils/man/man1/tssnvwrite.1 | 40 + .../utils/man/man1/tssnvwritelock.1 | 22 + .../utils/man/man1/tssobjectchangeauth.1 | 34 + .../utils/man/man1/tsspcrallocate.1 | 25 + .../ibmtpm20tss/utils/man/man1/tsspcrevent.1 | 29 + .../ibmtpm20tss/utils/man/man1/tsspcrextend.1 | 21 + .../ibmtpm20tss/utils/man/man1/tsspcrread.1 | 36 + .../ibmtpm20tss/utils/man/man1/tsspcrreset.1 | 11 + .../utils/man/man1/tsspolicyauthorize.1 | 31 + .../utils/man/man1/tsspolicyauthorizenv.1 | 26 + .../utils/man/man1/tsspolicyauthvalue.1 | 11 + .../utils/man/man1/tsspolicycommandcode.1 | 14 + .../utils/man/man1/tsspolicycountertimer.1 | 67 + .../utils/man/man1/tsspolicycphash.1 | 22 + .../man/man1/tsspolicyduplicationselect.1 | 28 + .../utils/man/man1/tsspolicygetdigest.1 | 14 + .../utils/man/man1/tsspolicymaker.1 | 25 + .../utils/man/man1/tsspolicymakerpcr.1 | 29 + .../utils/man/man1/tsspolicynamehash.1 | 22 + .../ibmtpm20tss/utils/man/man1/tsspolicynv.1 | 77 + .../utils/man/man1/tsspolicynvwritten.1 | 22 + .../ibmtpm20tss/utils/man/man1/tsspolicyor.1 | 14 + .../utils/man/man1/tsspolicypassword.1 | 11 + .../ibmtpm20tss/utils/man/man1/tsspolicypcr.1 | 18 + .../utils/man/man1/tsspolicyrestart.1 | 11 + .../utils/man/man1/tsspolicysecret.1 | 46 + .../utils/man/man1/tsspolicysigned.1 | 46 + .../utils/man/man1/tsspolicytemplate.1 | 14 + .../utils/man/man1/tsspolicyticket.1 | 30 + .../ibmtpm20tss/utils/man/man1/tsspowerup.1 | 8 + .../ibmtpm20tss/utils/man/man1/tssprintattr.1 | 16 + .../utils/man/man1/tsspublicname.1 | 63 + .../ibmtpm20tss/utils/man/man1/tssquote.1 | 46 + .../ibmtpm20tss/utils/man/man1/tssreadclock.1 | 14 + .../utils/man/man1/tssreadpublic.1 | 32 + .../utils/man/man1/tssreturncode.1 | 9 + .../ibmtpm20tss/utils/man/man1/tssrewrap.1 | 43 + .../utils/man/man1/tssrsadecrypt.1 | 33 + .../utils/man/man1/tssrsaencrypt.1 | 17 + .../utils/man/man1/tsssequencecomplete.1 | 34 + .../utils/man/man1/tsssequenceupdate.1 | 22 + .../man/man1/tsssetcommandcodeauditstatus.1 | 31 + .../utils/man/man1/tsssetprimarypolicy.1 | 28 + .../ibmtpm20tss/utils/man/man1/tssshutdown.1 | 14 + .../tss2/ibmtpm20tss/utils/man/man1/tsssign.1 | 48 + .../ibmtpm20tss/utils/man/man1/tsssignapp.1 | 15 + .../utils/man/man1/tssstartauthsession.1 | 37 + .../ibmtpm20tss/utils/man/man1/tssstartup.1 | 20 + .../utils/man/man1/tssstirrandom.1 | 11 + .../utils/man/man1/tsstimepacket.1 | 14 + .../ibmtpm20tss/utils/man/man1/tsstpm2pem.1 | 14 + .../ibmtpm20tss/utils/man/man1/tsstpmcmd.1 | 11 + .../utils/man/man1/tsstpmpublic2eccpoint.1 | 17 + .../ibmtpm20tss/utils/man/man1/tssunseal.1 | 25 + .../utils/man/man1/tssverifysignature.1 | 59 + .../ibmtpm20tss/utils/man/man1/tsswriteapp.1 | 15 + .../utils/man/man1/tsszgen2phase.1 | 47 + libstb/tss2/ibmtpm20tss/utils/ntc2getconfig.c | 199 + libstb/tss2/ibmtpm20tss/utils/ntc2lib.c | 210 + libstb/tss2/ibmtpm20tss/utils/ntc2lib.h | 116 + .../tss2/ibmtpm20tss/utils/ntc2lockconfig.c | 135 + libstb/tss2/ibmtpm20tss/utils/ntc2preconfig.c | 579 ++ libstb/tss2/ibmtpm20tss/utils/nvcertify.c | 449 + libstb/tss2/ibmtpm20tss/utils/nvchangeauth.c | 255 + libstb/tss2/ibmtpm20tss/utils/nvdefinespace.c | 591 ++ libstb/tss2/ibmtpm20tss/utils/nvextend.c | 274 + .../ibmtpm20tss/utils/nvglobalwritelock.c | 237 + libstb/tss2/ibmtpm20tss/utils/nvincrement.c | 233 + libstb/tss2/ibmtpm20tss/utils/nvread.c | 483 + libstb/tss2/ibmtpm20tss/utils/nvreadlock.c | 260 + libstb/tss2/ibmtpm20tss/utils/nvreadpublic.c | 351 + libstb/tss2/ibmtpm20tss/utils/nvsetbits.c | 254 + .../tss2/ibmtpm20tss/utils/nvundefinespace.c | 258 + .../utils/nvundefinespacespecial.c | 244 + libstb/tss2/ibmtpm20tss/utils/nvwrite.c | 415 + libstb/tss2/ibmtpm20tss/utils/nvwritelock.c | 259 + .../tss2/ibmtpm20tss/utils/objectchangeauth.c | 328 + .../tss2/ibmtpm20tss/utils/objecttemplates.c | 582 ++ .../tss2/ibmtpm20tss/utils/objecttemplates.h | 108 + libstb/tss2/ibmtpm20tss/utils/pcrallocate.c | 342 + libstb/tss2/ibmtpm20tss/utils/pcrevent.c | 317 + libstb/tss2/ibmtpm20tss/utils/pcrextend.c | 269 + libstb/tss2/ibmtpm20tss/utils/pcrread.c | 437 + libstb/tss2/ibmtpm20tss/utils/pcrreset.c | 144 + .../ibmtpm20tss/utils/policies/Policies.txt | 138 + libstb/tss2/ibmtpm20tss/utils/policies/aaa | 1 + .../utils/policies/bits48321601.bin | Bin 0 -> 8 bytes .../ibmtpm20tss/utils/policies/msgtpmgen.bin | 1 + .../utils/policies/nvwriteahasha.bin | Bin 0 -> 36 bytes .../utils/policies/nvwriteahasha.txt | 1 + .../utils/policies/nvwriteahashb.bin | Bin 0 -> 36 bytes .../utils/policies/nvwriteahashb.txt | 1 + .../utils/policies/nvwritecphasha.bin | 1 + .../utils/policies/nvwritecphasha.txt | 1 + .../utils/policies/nvwritecphashb.bin | 1 + .../utils/policies/nvwritecphashb.txt | 1 + .../utils/policies/p256privkey.pem | 5 + .../ibmtpm20tss/utils/policies/p256pubkey.pem | 4 + .../utils/policies/pnhnamehash.bin | 1 + .../utils/policies/pnhnamehash.txt | 1 + .../policies/policyauthorizenv-unseal.bin | 1 + .../policies/policyauthorizenv-unseal.txt | 2 + .../utils/policies/policyauthorizenv.bin | 1 + .../utils/policies/policyauthorizenv.txt | 1 + .../utils/policies/policyauthorizesha1.bin | 2 + .../utils/policies/policyauthorizesha1.txt | 2 + .../utils/policies/policyauthorizesha256.bin | 1 + .../utils/policies/policyauthorizesha256.txt | 2 + .../utils/policies/policyauthorizesha384.bin | 2 + .../utils/policies/policyauthorizesha384.txt | 2 + .../utils/policies/policyauthorizesha512.bin | 1 + .../utils/policies/policyauthorizesha512.txt | 2 + .../utils/policies/policyccactivate.bin | 1 + .../utils/policies/policyccactivate.txt | 1 + .../utils/policies/policycccertify.bin | 1 + .../utils/policies/policycccertify.txt | 1 + .../utils/policies/policycccreate-auth.bin | 1 + .../utils/policies/policycccreate-auth.txt | 2 + .../utils/policies/policyccduplicate.bin | 1 + .../utils/policies/policyccduplicate.txt | 1 + .../policies/policyccnvchangeauth-auth.bin | 1 + .../policies/policyccnvchangeauth-auth.txt | 2 + .../utils/policies/policyccquote.bin | 1 + .../utils/policies/policyccquote.txt | 1 + .../utils/policies/policyccsign-auth.bin | 1 + .../utils/policies/policyccsign-auth.txt | 2 + .../utils/policies/policyccsign.bin | 2 + .../utils/policies/policyccsign.txt | 1 + .../policyccundefinespacespecial-auth.bin | 1 + .../policyccundefinespacespecial-auth.txt | 2 + .../utils/policies/policycountertimer.bin | 1 + .../utils/policies/policycountertimer.txt | 1 + .../utils/policies/policycphash.bin | 1 + .../utils/policies/policycphash.txt | 1 + .../utils/policies/policycphashhash.bin | 1 + .../utils/policies/policycphashhash.txt | Bin 0 -> 9 bytes .../utils/policies/policydupsel-no.bin | 1 + .../utils/policies/policydupsel-no.txt | 1 + .../utils/policies/policydupsel-yes.bin | 1 + .../utils/policies/policydupsel-yes.txt | 1 + .../utils/policies/policyiwgek.txt | 2 + .../utils/policies/policyiwgekbsha256.bin | 2 + .../utils/policies/policyiwgekbsha256.txt | 1 + .../utils/policies/policyiwgekbsha384.bin | Bin 0 -> 48 bytes .../utils/policies/policyiwgekbsha384.txt | 1 + .../utils/policies/policyiwgekbsha512.bin | 1 + .../utils/policies/policyiwgekbsha512.txt | 1 + .../utils/policies/policyiwgekcsha256.bin | 1 + .../utils/policies/policyiwgekcsha256.txt | 1 + .../utils/policies/policyiwgekcsha384.bin | 1 + .../utils/policies/policyiwgekcsha384.txt | 1 + .../utils/policies/policyiwgekcsha512.bin | 1 + .../utils/policies/policyiwgekcsha512.txt | 1 + .../utils/policies/policyiwgeksha256.bin | 1 + .../utils/policies/policyiwgeksha384.bin | 1 + .../utils/policies/policyiwgeksha512.bin | 1 + .../utils/policies/policynamehash.bin | Bin 0 -> 32 bytes .../utils/policies/policynamehash.txt | 1 + .../utils/policies/policynvargs.txt | Bin 0 -> 13 bytes .../ibmtpm20tss/utils/policies/policynvnv.bin | Bin 0 -> 20 bytes .../ibmtpm20tss/utils/policies/policynvnv.txt | 1 + .../ibmtpm20tss/utils/policies/policyor.bin | 1 + .../ibmtpm20tss/utils/policies/policyor.txt | 1 + .../utils/policies/policyorwrittensigned.bin | Bin 0 -> 32 bytes .../utils/policies/policyorwrittensigned.txt | 1 + .../ibmtpm20tss/utils/policies/policypcr.bin | 1 + .../ibmtpm20tss/utils/policies/policypcr0.bin | Bin 0 -> 20 bytes .../ibmtpm20tss/utils/policies/policypcr0.txt | 1 + .../utils/policies/policypcr1623aaasha1.bin | 1 + .../utils/policies/policypcr1623aaasha256.bin | 1 + .../utils/policies/policypcr1623aaasha384.bin | 1 + .../utils/policies/policypcr1623aaasha512.bin | 1 + .../utils/policies/policypcr16aaasha1.bin | 1 + .../utils/policies/policypcr16aaasha1.txt | 1 + .../utils/policies/policypcr16aaasha256.bin | 1 + .../utils/policies/policypcr16aaasha256.txt | 1 + .../utils/policies/policypcr16aaasha384.bin | Bin 0 -> 48 bytes .../utils/policies/policypcr16aaasha384.txt | 1 + .../utils/policies/policypcr16aaasha512.bin | 1 + .../utils/policies/policypcr16aaasha512.txt | 1 + .../utils/policies/policypcrbm0.bin | 1 + .../utils/policies/policysecretnv.bin | Bin 0 -> 32 bytes .../utils/policies/policysecretnv.txt | 2 + .../utils/policies/policysecretnvpf.bin | 1 + .../utils/policies/policysecretnvpf.txt | 2 + .../utils/policies/policysecretnvpp.bin | 1 + .../utils/policies/policysecretnvpp.txt | 2 + .../utils/policies/policysecretp.bin | 1 + .../utils/policies/policysecretp.txt | 2 + .../utils/policies/policysecretpsha256.bin | 1 + .../utils/policies/policysecretpsha256ha.bin | Bin 0 -> 34 bytes .../utils/policies/policysecretpsha384.bin | Bin 0 -> 48 bytes .../utils/policies/policysecretpsha384ha.bin | Bin 0 -> 50 bytes .../utils/policies/policysecretpsha512.bin | 1 + .../utils/policies/policysecretpsha512ha.bin | Bin 0 -> 66 bytes .../utils/policies/policysecretsha256.bin | 1 + .../utils/policies/policysecretsha256.txt | 2 + .../utils/policies/policysignedsha1.bin | 1 + .../utils/policies/policysignedsha1.txt | 2 + .../utils/policies/policysignedsha256.bin | 1 + .../utils/policies/policysignedsha256.txt | 2 + .../utils/policies/policysignedsha384.bin | 1 + .../utils/policies/policysignedsha384.txt | 2 + .../utils/policies/policysignedsha512.bin | 1 + .../utils/policies/policysignedsha512.txt | 2 + .../utils/policies/policytemplate.bin | 1 + .../utils/policies/policytemplate.txt | 1 + .../utils/policies/policytemplatehash.bin | 1 + .../utils/policies/policytemplatehash.txt | 1 + .../utils/policies/policywrittenclrsigned.bin | 1 + .../utils/policies/policywrittenclrsigned.txt | 3 + .../utils/policies/policywrittenset.bin | 1 + .../utils/policies/policywrittenset.txt | 1 + .../utils/policies/policywrittensetsigned.bin | 3 + .../utils/policies/policywrittensetsigned.txt | 3 + .../ibmtpm20tss/utils/policies/rsaprivkey.der | Bin 0 -> 1191 bytes .../ibmtpm20tss/utils/policies/rsaprivkey.pem | 30 + .../ibmtpm20tss/utils/policies/rsapubkey.pem | 9 + .../tss2/ibmtpm20tss/utils/policies/sha1.bin | Bin 0 -> 2 bytes .../ibmtpm20tss/utils/policies/sha1aaa.bin | 1 + .../ibmtpm20tss/utils/policies/sha1extaaa.bin | 1 + .../utils/policies/sha1extaaa0.bin | 1 + .../utils/policies/sha1exthaaa.bin | 1 + .../ibmtpm20tss/utils/policies/sha256.bin | Bin 0 -> 2 bytes .../ibmtpm20tss/utils/policies/sha256aaa.bin | 1 + .../utils/policies/sha256extaaa.bin | 1 + .../utils/policies/sha256extaaa0.bin | 1 + .../utils/policies/sha256exthaaa.bin | 1 + .../ibmtpm20tss/utils/policies/sha384.bin | Bin 0 -> 2 bytes .../ibmtpm20tss/utils/policies/sha384aaa.bin | 2 + .../utils/policies/sha384extaaa.bin | 1 + .../utils/policies/sha384extaaa0.bin | Bin 0 -> 48 bytes .../utils/policies/sha384exthaaa.bin | 1 + .../ibmtpm20tss/utils/policies/sha512.bin | Bin 0 -> 2 bytes .../ibmtpm20tss/utils/policies/sha512aaa.bin | 1 + .../utils/policies/sha512extaaa.bin | 1 + .../utils/policies/sha512extaaa0.bin | Bin 0 -> 64 bytes .../utils/policies/sha512exthaaa.bin | 1 + .../tss2/ibmtpm20tss/utils/policies/zero4.bin | Bin 0 -> 4 bytes .../tss2/ibmtpm20tss/utils/policies/zero8.bin | Bin 0 -> 8 bytes .../ibmtpm20tss/utils/policies/zerosha1.bin | Bin 0 -> 20 bytes .../ibmtpm20tss/utils/policies/zerosha256.bin | Bin 0 -> 32 bytes .../ibmtpm20tss/utils/policies/zerosha384.bin | Bin 0 -> 48 bytes .../ibmtpm20tss/utils/policies/zerosha512.bin | Bin 0 -> 64 bytes .../tss2/ibmtpm20tss/utils/policyauthorize.c | 307 + .../ibmtpm20tss/utils/policyauthorizenv.c | 279 + .../tss2/ibmtpm20tss/utils/policyauthvalue.c | 142 + .../ibmtpm20tss/utils/policycommandcode.c | 161 + .../ibmtpm20tss/utils/policycountertimer.c | 302 + libstb/tss2/ibmtpm20tss/utils/policycphash.c | 245 + .../utils/policyduplicationselect.c | 272 + .../tss2/ibmtpm20tss/utils/policygetdigest.c | 162 + libstb/tss2/ibmtpm20tss/utils/policymaker.c | 354 + .../tss2/ibmtpm20tss/utils/policymakerpcr.c | 439 + .../tss2/ibmtpm20tss/utils/policynamehash.c | 256 + libstb/tss2/ibmtpm20tss/utils/policynv.c | 360 + .../tss2/ibmtpm20tss/utils/policynvwritten.c | 247 + libstb/tss2/ibmtpm20tss/utils/policyor.c | 251 + .../tss2/ibmtpm20tss/utils/policypassword.c | 142 + libstb/tss2/ibmtpm20tss/utils/policypcr.c | 276 + libstb/tss2/ibmtpm20tss/utils/policyrestart.c | 218 + libstb/tss2/ibmtpm20tss/utils/policysecret.c | 358 + libstb/tss2/ibmtpm20tss/utils/policysigned.c | 456 + .../tss2/ibmtpm20tss/utils/policytemplate.c | 166 + libstb/tss2/ibmtpm20tss/utils/policyticket.c | 354 + libstb/tss2/ibmtpm20tss/utils/powerup.c | 128 + libstb/tss2/ibmtpm20tss/utils/printattr.c | 139 + libstb/tss2/ibmtpm20tss/utils/publicname.c | 452 + libstb/tss2/ibmtpm20tss/utils/quote.c | 439 + libstb/tss2/ibmtpm20tss/utils/readclock.c | 161 + libstb/tss2/ibmtpm20tss/utils/readpublic.c | 284 + libstb/tss2/ibmtpm20tss/utils/reg.bat | 383 + libstb/tss2/ibmtpm20tss/utils/reg.sh | 599 ++ .../ibmtpm20tss/utils/regtests/.cvsignore | 1 + .../ibmtpm20tss/utils/regtests/initkeys.bat | 147 + .../ibmtpm20tss/utils/regtests/initkeys.sh | 130 + .../ibmtpm20tss/utils/regtests/inittpm.bat | 79 + .../ibmtpm20tss/utils/regtests/inittpm.sh | 71 + .../ibmtpm20tss/utils/regtests/testaes.bat | 143 + .../ibmtpm20tss/utils/regtests/testaes.sh | 114 + .../ibmtpm20tss/utils/regtests/testaes138.bat | 142 + .../ibmtpm20tss/utils/regtests/testaes138.sh | 114 + .../ibmtpm20tss/utils/regtests/testattest.bat | 580 ++ .../ibmtpm20tss/utils/regtests/testattest.sh | 442 + .../utils/regtests/testattest155.bat | 162 + .../utils/regtests/testattest155.sh | 132 + .../ibmtpm20tss/utils/regtests/testbind.bat | 658 ++ .../ibmtpm20tss/utils/regtests/testbind.sh | 427 + .../utils/regtests/testchangeauth.bat | 179 + .../utils/regtests/testchangeauth.sh | 144 + .../utils/regtests/testchangeseed.bat | 208 + .../utils/regtests/testchangeseed.sh | 157 + .../ibmtpm20tss/utils/regtests/testclocks.bat | 104 + .../ibmtpm20tss/utils/regtests/testclocks.sh | 91 + .../utils/regtests/testcontext.bat | 237 + .../ibmtpm20tss/utils/regtests/testcontext.sh | 182 + .../utils/regtests/testcreateloaded.bat | 299 + .../utils/regtests/testcreateloaded.sh | 231 + .../utils/regtests/testcredential.bat | 504 ++ .../utils/regtests/testcredential.sh | 404 + .../ibmtpm20tss/utils/regtests/testda.bat | 203 + .../tss2/ibmtpm20tss/utils/regtests/testda.sh | 152 + .../ibmtpm20tss/utils/regtests/testdup.bat | 786 ++ .../ibmtpm20tss/utils/regtests/testdup.sh | 626 ++ .../ibmtpm20tss/utils/regtests/testecc.bat | 324 + .../ibmtpm20tss/utils/regtests/testecc.sh | 279 + .../utils/regtests/testencsession.bat | 483 + .../utils/regtests/testencsession.sh | 340 + .../ibmtpm20tss/utils/regtests/testevict.bat | 125 + .../ibmtpm20tss/utils/regtests/testevict.sh | 99 + .../ibmtpm20tss/utils/regtests/testgetcap.bat | 158 + .../ibmtpm20tss/utils/regtests/testgetcap.sh | 125 + .../utils/regtests/testhierarchy.bat | 369 + .../utils/regtests/testhierarchy.sh | 244 + .../ibmtpm20tss/utils/regtests/testhmac.bat | 331 + .../ibmtpm20tss/utils/regtests/testhmac.sh | 254 + .../utils/regtests/testhmacsession.bat | 111 + .../utils/regtests/testhmacsession.sh | 90 + .../ibmtpm20tss/utils/regtests/testnv.bat | 963 ++ .../tss2/ibmtpm20tss/utils/regtests/testnv.sh | 707 ++ .../ibmtpm20tss/utils/regtests/testnvpin.bat | 1029 +++ .../ibmtpm20tss/utils/regtests/testnvpin.sh | 739 ++ .../ibmtpm20tss/utils/regtests/testpcr.bat | 348 + .../ibmtpm20tss/utils/regtests/testpcr.sh | 300 + .../ibmtpm20tss/utils/regtests/testpolicy.bat | 2715 ++++++ .../ibmtpm20tss/utils/regtests/testpolicy.sh | 2031 +++++ .../utils/regtests/testpolicy138.bat | 600 ++ .../utils/regtests/testpolicy138.sh | 477 + .../utils/regtests/testprimary.bat | 224 + .../ibmtpm20tss/utils/regtests/testprimary.sh | 175 + .../ibmtpm20tss/utils/regtests/testrng.bat | 59 + .../ibmtpm20tss/utils/regtests/testrng.sh | 54 + .../ibmtpm20tss/utils/regtests/testrsa.bat | 432 + .../ibmtpm20tss/utils/regtests/testrsa.sh | 350 + .../ibmtpm20tss/utils/regtests/testsalt.bat | 433 + .../ibmtpm20tss/utils/regtests/testsalt.sh | 347 + .../utils/regtests/testshutdown.bat | 541 ++ .../utils/regtests/testshutdown.sh | 396 + .../ibmtpm20tss/utils/regtests/testsign.bat | 504 ++ .../ibmtpm20tss/utils/regtests/testsign.sh | 402 + .../utils/regtests/teststorage.bat | 205 + .../ibmtpm20tss/utils/regtests/teststorage.sh | 164 + .../ibmtpm20tss/utils/regtests/testunseal.bat | 765 ++ .../ibmtpm20tss/utils/regtests/testunseal.sh | 619 ++ .../ibmtpm20tss/utils/regtests/testx509.bat | 426 + .../ibmtpm20tss/utils/regtests/testx509.sh | 342 + libstb/tss2/ibmtpm20tss/utils/returncode.c | 78 + libstb/tss2/ibmtpm20tss/utils/rewrap.c | 349 + libstb/tss2/ibmtpm20tss/utils/rsadecrypt.c | 512 ++ libstb/tss2/ibmtpm20tss/utils/rsaencrypt.c | 262 + .../tss2/ibmtpm20tss/utils/sequencecomplete.c | 336 + .../tss2/ibmtpm20tss/utils/sequenceupdate.c | 268 + .../utils/setcommandcodeauditstatus.c | 298 + .../tss2/ibmtpm20tss/utils/setprimarypolicy.c | 300 + libstb/tss2/ibmtpm20tss/utils/shutdown.c | 129 + libstb/tss2/ibmtpm20tss/utils/sign.c | 489 ++ libstb/tss2/ibmtpm20tss/utils/signapp.c | 836 ++ .../tss2/ibmtpm20tss/utils/startauthsession.c | 301 + libstb/tss2/ibmtpm20tss/utils/startup.c | 191 + libstb/tss2/ibmtpm20tss/utils/stirrandom.c | 161 + libstb/tss2/ibmtpm20tss/utils/timepacket.c | 210 + libstb/tss2/ibmtpm20tss/utils/tpm2pem.c | 150 + libstb/tss2/ibmtpm20tss/utils/tpmcmd.c | 131 + libstb/tss2/ibmtpm20tss/utils/tpmproxy.c | 972 +++ .../ibmtpm20tss/utils/tpmpublic2eccpoint.c | 155 + libstb/tss2/ibmtpm20tss/utils/tss.c | 282 + libstb/tss2/ibmtpm20tss/utils/tss12.c | 1423 +++ libstb/tss2/ibmtpm20tss/utils/tss12.h | 58 + libstb/tss2/ibmtpm20tss/utils/tss20.c | 4900 +++++++++++ libstb/tss2/ibmtpm20tss/utils/tss20.h | 58 + libstb/tss2/ibmtpm20tss/utils/tssauth.c | 161 + libstb/tss2/ibmtpm20tss/utils/tssauth.h | 104 + libstb/tss2/ibmtpm20tss/utils/tssauth12.c | 746 ++ libstb/tss2/ibmtpm20tss/utils/tssauth12.h | 94 + libstb/tss2/ibmtpm20tss/utils/tssauth20.c | 1546 ++++ libstb/tss2/ibmtpm20tss/utils/tssauth20.h | 86 + .../tss2/ibmtpm20tss/utils/tssccattributes.c | 150 + .../tss2/ibmtpm20tss/utils/tssccattributes.h | 90 + .../ibmtpm20tss/utils/tssccattributes12.c | 74 + .../ibmtpm20tss/utils/tssccattributes12.h | 55 + libstb/tss2/ibmtpm20tss/utils/tsscrypto.c | 1457 ++++ libstb/tss2/ibmtpm20tss/utils/tsscryptoh.c | 590 ++ libstb/tss2/ibmtpm20tss/utils/tssdev.c | 213 + libstb/tss2/ibmtpm20tss/utils/tssdev.h | 64 + libstb/tss2/ibmtpm20tss/utils/tssdevskiboot.c | 195 + libstb/tss2/ibmtpm20tss/utils/tssfile.c | 321 + libstb/tss2/ibmtpm20tss/utils/tssmarshal.c | 7768 +++++++++++++++++ libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c | 1136 +++ libstb/tss2/ibmtpm20tss/utils/tssntc.c | 128 + libstb/tss2/ibmtpm20tss/utils/tssntc.h | 81 + libstb/tss2/ibmtpm20tss/utils/tssprint.c | 2350 +++++ libstb/tss2/ibmtpm20tss/utils/tssprintcmd.c | 920 ++ libstb/tss2/ibmtpm20tss/utils/tssproperties.c | 535 ++ libstb/tss2/ibmtpm20tss/utils/tssproperties.h | 185 + .../tss2/ibmtpm20tss/utils/tssresponsecode.c | 587 ++ libstb/tss2/ibmtpm20tss/utils/tsssocket.c | 706 ++ libstb/tss2/ibmtpm20tss/utils/tsssocket.h | 67 + libstb/tss2/ibmtpm20tss/utils/tsstbsi.c | 295 + libstb/tss2/ibmtpm20tss/utils/tsstransmit.c | 184 + libstb/tss2/ibmtpm20tss/utils/tssutils.c | 364 + .../tss2/ibmtpm20tss/utils/tssutilsverbose.c | 43 + libstb/tss2/ibmtpm20tss/utils/unseal.c | 253 + .../tss2/ibmtpm20tss/utils/verifysignature.c | 488 ++ libstb/tss2/ibmtpm20tss/utils/writeapp.c | 416 + libstb/tss2/ibmtpm20tss/utils/zgen2phase.c | 366 + 758 files changed, 149568 insertions(+) create mode 100644 libstb/tss2/ibmtpm20tss/utils/CommandAttributeData.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/CommandAttributeData12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/CommandAttributes.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/Commands.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/Commands12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/Commands12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/Commands_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/Makefile.am create mode 100644 libstb/tss2/ibmtpm20tss/utils/Platform.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/Unmarshal.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/activatecredential.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/applink.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/cakey.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/cakeyecc.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/.cvsignore create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Root_CA.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/InfineonECCChain010.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/InfineonRSAChain010.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKIntermediate.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKRootCA.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA001.crt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA002.crt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA003.crt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkRootCA.crt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA0100.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA1110.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA2110.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/cacert.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/cacertecc.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/gstpmroot.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.windows.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccint01.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccroot01.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint01.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint02.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint03.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint04.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint05.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekroot.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certificates/tpmeccroot.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/certify.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/certifycreation.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/certifyx509.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/changeeps.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/changepps.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/clear.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/clearcontrol.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/clockrateadjust.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/clockset.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/commit.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/contextload.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/contextsave.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/create.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/createek.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/createekcert.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/createloaded.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/createprimary.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/cryptoutils.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/cryptoutils.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/dictionaryattacklockreset.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/dictionaryattackparameters.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/duplicate.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/eccparameters.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ecephemeral.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ekutils.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ekutils.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/encryptdecrypt.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/eventextend.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/eventlib.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/eventlib.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/eventsequencecomplete.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/evictcontrol.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/flushcontext.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/getcapability.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/getcommandauditdigest.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/getcryptolibrary.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/getrandom.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/getsessionauditdigest.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/gettestresult.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/gettime.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hash.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hashsequencestart.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hierarchychangeauth.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hierarchycontrol.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hmac.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/hmacstart.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateCredential_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateIdentity_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/BaseTypes.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyCreation_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyX509_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Certify_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangeEPS_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangePPS_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ClearControl_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Clear_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockRateAdjust_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockSet_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Commit_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextLoad_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextSave_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateEndorsementKeyPair_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateLoaded_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CreatePrimary_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateWrapKey_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Create_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackLockReset_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackParameters_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Duplicate_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ECC_Parameters_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_KeyGen_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_ZGen_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/EC_Ephemeral_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt2_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/EventSequenceComplete_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/EvictControl_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Extend_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushContext_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushSpecific_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCommandAuditDigest_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetRandom_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetSessionAuditDigest_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTestResult_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTime_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_Start_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/HashSequenceStart_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Hash_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyChangeAuth_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyControl_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Implementation.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Import_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/IncrementalSelfTest_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadExternal_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadKey2_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Load_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeCredential_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeIdentity_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NTC_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Certify_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ChangeAuth_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Extend_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_GlobalWriteLock_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Increment_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadLock_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadPublic_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValueAuth_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValue_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Read_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_SetBits_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpace_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteLock_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValueAuth_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValue_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Write_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/OIAP_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/OSAP_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ObjectChangeAuth_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerReadInternalPub_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerSetDisable_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Allocate_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Event_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Extend_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Read_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthPolicy_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthValue_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PP_Commands_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PcrRead12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthValue_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorizeNV_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorize_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCommandCode_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCounterTimer_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCpHash_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyDuplicationSelect_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyGetDigest_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyLocality_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNV_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNameHash_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNvWritten_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyOR_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPCR_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPassword_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPhysicalPresence_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyRestart_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySecret_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySigned_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTemplate_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTicket_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote2_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Decrypt_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Encrypt_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadClock_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPubek_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPublic_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Rewrap_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SelfTest_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceComplete_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceUpdate_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SetAlgorithmSet_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SetCommandCodeAuditStatus_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/SetPrimaryPolicy_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Shutdown_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/StartAuthSession_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/StirRandom_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/TPMB.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/TPM_Types.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/TakeOwnership_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/TestParms_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/TpmBuildSwitches.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal12_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/Unseal_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/VerifySignature_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/ZGen_2Phase_fp.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmconstants12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmstructures12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmtypes12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tss.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscrypto.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscryptoh.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssfile.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprint.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprintcmd.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssresponsecode.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tsstransmit.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ibmtss/tssutils.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/imaextend.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/imalib.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/imalib.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/import.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/importpem.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/load.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/loadexternal.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/makecredential.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile-common create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile-common12 create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile-common20 create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile.mac create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile.mak create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile.min create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefile.nofile create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefiletpm12 create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefiletpm20 create mode 100644 libstb/tss2/ibmtpm20tss/utils/makefiletpmc create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssactivatecredential.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertify.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifycreation.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifyx509.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangeeps.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangepps.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssclear.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssclearcontrol.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockrateadjust.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockset.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscommit.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextload.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextsave.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreate.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateek.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateekcert.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateloaded.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateprimary.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattacklockreset.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattackparameters.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssduplicate.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsseccparameters.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssecephemeral.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssencryptdecrypt.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventextend.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventsequencecomplete.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssevictcontrol.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssflushcontext.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcapability.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcommandauditdigest.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcryptolibrary.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetrandom.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetsessionauditdigest.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettestresult.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettime.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshash.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshashsequencestart.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchychangeauth.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchycontrol.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmac.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmacstart.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssimaextend.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssimport.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssimportpem.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssload.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssloadexternal.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssmakecredential.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2getconfig.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2lockconfig.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2preconfig.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvcertify.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvchangeauth.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvdefinespace.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvextend.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvglobalwritelock.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvincrement.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvread.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadlock.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadpublic.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvsetbits.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespace.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespacespecial.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwrite.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwritelock.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssobjectchangeauth.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrallocate.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrevent.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrextend.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrread.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrreset.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorize.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorizenv.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthvalue.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycommandcode.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycountertimer.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycphash.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyduplicationselect.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicygetdigest.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymaker.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymakerpcr.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynamehash.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynv.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynvwritten.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyor.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypassword.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypcr.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyrestart.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysecret.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysigned.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicytemplate.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyticket.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspowerup.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssprintattr.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsspublicname.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssquote.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadclock.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadpublic.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssreturncode.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssrewrap.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsadecrypt.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsaencrypt.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequencecomplete.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequenceupdate.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetcommandcodeauditstatus.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetprimarypolicy.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssshutdown.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssign.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsssignapp.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartauthsession.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartup.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssstirrandom.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsstimepacket.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpm2pem.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmcmd.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmpublic2eccpoint.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssunseal.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tssverifysignature.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsswriteapp.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/man/man1/tsszgen2phase.1 create mode 100644 libstb/tss2/ibmtpm20tss/utils/ntc2getconfig.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ntc2lib.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ntc2lib.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/ntc2lockconfig.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/ntc2preconfig.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvcertify.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvchangeauth.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvdefinespace.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvextend.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvglobalwritelock.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvincrement.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvread.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvreadlock.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvreadpublic.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvsetbits.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvundefinespace.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvundefinespacespecial.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvwrite.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/nvwritelock.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/objectchangeauth.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/objecttemplates.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/objecttemplates.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/pcrallocate.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/pcrevent.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/pcrextend.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/pcrread.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/pcrreset.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/Policies.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/aaa create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/bits48321601.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/msgtpmgen.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahashb.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahashb.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwritecphasha.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwritecphasha.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwritecphashb.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/nvwritecphashb.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/p256privkey.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/p256pubkey.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/pnhnamehash.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/pnhnamehash.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizenv-unseal.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizenv-unseal.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizenv.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizenv.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha1.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha384.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha512.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccsign-auth.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccsign-auth.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccsign.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccsign.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccundefinespacespecial-auth.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyccundefinespacespecial-auth.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycountertimer.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycountertimer.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycphash.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycphash.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycphashhash.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policycphashhash.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policydupsel-no.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policydupsel-no.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policydupsel-yes.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policydupsel-yes.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgek.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha384.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekbsha512.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha384.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha512.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policynvargs.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyor.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyor.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyorwrittensigned.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policyorwrittensigned.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr0.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr1623aaasha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr1623aaasha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr1623aaasha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr1623aaasha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policypcrbm0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256ha.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384ha.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512ha.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.txt create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/rsaprivkey.der create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/rsaprivkey.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/rsapubkey.pem create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha1aaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha1extaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha1extaaa0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha1exthaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha256aaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha256exthaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha384aaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha384exthaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha512aaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa0.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/sha512exthaaa.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zero4.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zero8.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zerosha1.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zerosha256.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zerosha384.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policies/zerosha512.bin create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyauthorize.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyauthorizenv.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyauthvalue.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policycommandcode.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policycountertimer.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policycphash.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyduplicationselect.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policygetdigest.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policymaker.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policymakerpcr.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policynamehash.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policynv.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policynvwritten.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyor.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policypassword.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policypcr.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyrestart.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policysecret.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policysigned.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policytemplate.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/policyticket.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/powerup.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/printattr.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/publicname.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/quote.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/readclock.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/readpublic.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/reg.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/reg.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/.cvsignore create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testaes.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testaes.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testattest.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testattest.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testbind.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testbind.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testda.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testda.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testdup.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testdup.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testecc.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testecc.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testevict.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testevict.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testnv.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testnv.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testrng.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testrng.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testsign.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testsign.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/regtests/testx509.bat create mode 100755 libstb/tss2/ibmtpm20tss/utils/regtests/testx509.sh create mode 100644 libstb/tss2/ibmtpm20tss/utils/returncode.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/rewrap.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/rsadecrypt.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/rsaencrypt.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/sequencecomplete.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/sequenceupdate.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/setcommandcodeauditstatus.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/setprimarypolicy.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/shutdown.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/sign.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/signapp.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/startauthsession.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/startup.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/stirrandom.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/timepacket.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tpm2pem.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tpmcmd.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tpmproxy.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tpmpublic2eccpoint.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tss.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tss12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tss12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tss20.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tss20.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth20.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssauth20.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssccattributes.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssccattributes.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssccattributes12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssccattributes12.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsscrypto.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsscryptoh.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssdev.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssdev.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssdevskiboot.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssfile.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssmarshal.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssntc.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssntc.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssprint.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssprintcmd.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssproperties.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssproperties.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssresponsecode.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsssocket.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsssocket.h create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsstbsi.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tsstransmit.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssutils.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/tssutilsverbose.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/unseal.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/verifysignature.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/writeapp.c create mode 100644 libstb/tss2/ibmtpm20tss/utils/zgen2phase.c diff --git a/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData.c b/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData.c new file mode 100644 index 000000000000..48f3b16cfb05 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData.c @@ -0,0 +1,960 @@ +/********************************************************************************/ +/* */ +/* Command Attributes Table */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +// 9.3 CommandAttributeData.c + +#ifdef TPM_TPM12 +#include +#endif + +#include "CommandAttributes.h" +#if defined COMPRESSED_LISTS +# define PAD_LIST 0 +#else +# define PAD_LIST 1 +#endif + +// This is the command code attribute array for GetCapability(). Both this array and +// s_commandAttributes provides command code attributes, but tuned for different purpose + +/* bitfield is: + + command index + reserved + nv + extensive + flushed + cHandles + rHandle + V + reserved, flags TPM 1.2 command +*/ + +#include "tssccattributes.h" + +const TPMA_CC_TSS s_ccAttr [] = { + +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + {{0x011f, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_UndefineSpaceSpecial +#endif +#if (PAD_LIST || CC_EvictControl) + {{0x0120, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_EvictControl +#endif +#if (PAD_LIST || CC_HierarchyControl) + {{0x0121, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_HierarchyControl +#endif +#if (PAD_LIST || CC_NV_UndefineSpace) + {{0x0122, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_UndefineSpace +#endif +#if (PAD_LIST) + {{0x0123, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command +#endif +#if (PAD_LIST || CC_ChangeEPS) + {{0x0124, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_ChangeEPS +#endif +#if (PAD_LIST || CC_ChangePPS) + {{0x0125, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_ChangePPS +#endif +#if (PAD_LIST || CC_Clear) + {{0x0126, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_Clear +#endif +#if (PAD_LIST || CC_ClearControl) + {{0x0127, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClearControl +#endif +#if (PAD_LIST || CC_ClockSet) + {{0x0128, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClockSet +#endif +#if (PAD_LIST || CC_HierarchyChangeAuth) + {{0x0129, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_HierarchyChangeAuth +#endif +#if (PAD_LIST || CC_NV_DefineSpace) + {{0x012a, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_DefineSpace +#endif +#if (PAD_LIST || CC_PCR_Allocate) + {{0x012b, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Allocate +#endif +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + {{0x012c, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_SetAuthPolicy +#endif +#if (PAD_LIST || CC_PP_Commands) + {{0x012d, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PP_Commands +#endif +#if (PAD_LIST || CC_SetPrimaryPolicy) + {{0x012e, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetPrimaryPolicy +#endif +#if (PAD_LIST || CC_FieldUpgradeStart) + {{0x012f, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_FieldUpgradeStart +#endif +#if (PAD_LIST || CC_ClockRateAdjust) + {{0x0130, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClockRateAdjust +#endif +#if (PAD_LIST || CC_CreatePrimary) + {{0x0131, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_CreatePrimary +#endif +#if (PAD_LIST || CC_NV_GlobalWriteLock) + {{0x0132, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_GlobalWriteLock +#endif +#if (PAD_LIST || CC_GetCommandAuditDigest) + {{0x0133, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_GetCommandAuditDigest +#endif +#if (PAD_LIST || CC_NV_Increment) + {{0x0134, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Increment +#endif +#if (PAD_LIST || CC_NV_SetBits) + {{0x0135, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_SetBits +#endif +#if (PAD_LIST || CC_NV_Extend) + {{0x0136, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Extend +#endif +#if (PAD_LIST || CC_NV_Write) + {{0x0137, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Write +#endif +#if (PAD_LIST || CC_NV_WriteLock) + {{0x0138, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_WriteLock +#endif +#if (PAD_LIST || CC_DictionaryAttackLockReset) + {{0x0139, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_DictionaryAttackLockReset +#endif +#if (PAD_LIST || CC_DictionaryAttackParameters) + {{0x013a, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_DictionaryAttackParameters +#endif +#if (PAD_LIST || CC_NV_ChangeAuth) + {{0x013b, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_ChangeAuth +#endif +#if (PAD_LIST || CC_PCR_Event) + {{0x013c, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Event +#endif +#if (PAD_LIST || CC_PCR_Reset) + {{0x013d, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Reset +#endif +#if (PAD_LIST || CC_SequenceComplete) + {{0x013e, 0, 0, 0, 1, 1, 0, 0, 0}}, // TPM_CC_SequenceComplete +#endif +#if (PAD_LIST || CC_SetAlgorithmSet) + {{0x013f, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetAlgorithmSet +#endif +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + {{0x0140, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetCommandCodeAuditStatus +#endif +#if (PAD_LIST || CC_FieldUpgradeData) + {{0x0141, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FieldUpgradeData +#endif +#if (PAD_LIST || CC_IncrementalSelfTest) + {{0x0142, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_IncrementalSelfTest +#endif +#if (PAD_LIST || CC_SelfTest) + {{0x0143, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_SelfTest +#endif +#if (PAD_LIST || CC_Startup) + {{0x0144, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Startup +#endif +#if (PAD_LIST || CC_Shutdown) + {{0x0145, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Shutdown +#endif +#if (PAD_LIST || CC_StirRandom) + {{0x0146, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_StirRandom +#endif +#if (PAD_LIST || CC_ActivateCredential) + {{0x0147, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_ActivateCredential +#endif +#if (PAD_LIST || CC_Certify) + {{0x0148, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Certify +#endif +#if (PAD_LIST || CC_PolicyNV) + {{0x0149, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_PolicyNV +#endif +#if (PAD_LIST || CC_CertifyCreation) + {{0x014a, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_CertifyCreation +#endif +#if (PAD_LIST || CC_CertifyX509) + {{0x0197, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_CertifyX509 +#endif +#if (PAD_LIST || CC_Duplicate) + {{0x014b, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Duplicate +#endif +#if (PAD_LIST || CC_GetTime) + {{0x014c, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_GetTime +#endif +#if (PAD_LIST || CC_GetSessionAuditDigest) + {{0x014d, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_GetSessionAuditDigest +#endif +#if (PAD_LIST || CC_NV_Read) + {{0x014e, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Read +#endif +#if (PAD_LIST || CC_NV_ReadLock) + {{0x014f, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_ReadLock +#endif +#if (PAD_LIST || CC_ObjectChangeAuth) + {{0x0150, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_ObjectChangeAuth +#endif +#if (PAD_LIST || CC_PolicySecret) + {{0x0151, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_PolicySecret +#endif +#if (PAD_LIST || CC_Rewrap) + {{0x0152, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Rewrap +#endif +#if (PAD_LIST || CC_Create) + {{0x0153, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Create +#endif +#if (PAD_LIST || CC_ECDH_ZGen) + {{0x0154, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ECDH_ZGen +#endif +#if (PAD_LIST || CC_HMAC) + {{0x0155, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_HMAC +#endif +#if (PAD_LIST || CC_Import) + {{0x0156, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Import +#endif +#if (PAD_LIST || CC_Load) + {{0x0157, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_Load +#endif +#if (PAD_LIST || CC_Quote) + {{0x0158, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Quote +#endif +#if (PAD_LIST || CC_RSA_Decrypt) + {{0x0159, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_RSA_Decrypt +#endif +#if (PAD_LIST) + {{0x015a, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command +#endif +#if (PAD_LIST || CC_HMAC_Start) + {{0x015b, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_HMAC_Start +#endif +#if (PAD_LIST || CC_SequenceUpdate) + {{0x015c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SequenceUpdate +#endif +#if (PAD_LIST || CC_Sign) + {{0x015d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Sign +#endif +#if (PAD_LIST || CC_Unseal) + {{0x015e, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Unseal +#endif +#if (PAD_LIST) + {{0x015f, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command +#endif +#if (PAD_LIST || CC_PolicySigned) + {{0x0160, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_PolicySigned +#endif +#if (PAD_LIST || CC_ContextLoad) + {{0x0161, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_ContextLoad +#endif +#if (PAD_LIST || CC_ContextSave) + {{0x0162, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ContextSave +#endif +#if (PAD_LIST || CC_ECDH_KeyGen) + {{0x0163, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ECDH_KeyGen +#endif +#if (PAD_LIST || CC_EncryptDecrypt) + {{0x0164, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_EncryptDecrypt +#endif +#if (PAD_LIST || CC_FlushContext) + {{0x0165, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FlushContext +#endif +#if (PAD_LIST) + {{0x0166, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command +#endif +#if (PAD_LIST || CC_LoadExternal) + {{0x0167, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_LoadExternal +#endif +#if (PAD_LIST || CC_MakeCredential) + {{0x0168, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_MakeCredential +#endif +#if (PAD_LIST || CC_NV_ReadPublic) + {{0x0169, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_ReadPublic +#endif +#if (PAD_LIST || CC_PolicyAuthorize) + {{0x016a, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyAuthorize +#endif +#if (PAD_LIST || CC_PolicyAuthValue) + {{0x016b, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyAuthValue +#endif +#if (PAD_LIST || CC_PolicyCommandCode) + {{0x016c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCommandCode +#endif +#if (PAD_LIST || CC_PolicyCounterTimer) + {{0x016d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCounterTimer +#endif +#if (PAD_LIST || CC_PolicyCpHash) + {{0x016e, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCpHash +#endif +#if (PAD_LIST || CC_PolicyLocality) + {{0x016f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyLocality +#endif +#if (PAD_LIST || CC_PolicyNameHash) + {{0x0170, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyNameHash +#endif +#if (PAD_LIST || CC_PolicyOR) + {{0x0171, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyOR +#endif +#if (PAD_LIST || CC_PolicyTicket) + {{0x0172, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyTicket +#endif +#if (PAD_LIST || CC_ReadPublic) + {{0x0173, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ReadPublic +#endif +#if (PAD_LIST || CC_RSA_Encrypt) + {{0x0174, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_RSA_Encrypt +#endif +#if (PAD_LIST) + {{0x0175, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command +#endif +#if (PAD_LIST || CC_StartAuthSession) + {{0x0176, 0, 0, 0, 0, 2, 1, 0, 0}}, // TPM_CC_StartAuthSession +#endif +#if (PAD_LIST || CC_VerifySignature) + {{0x0177, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_VerifySignature +#endif +#if (PAD_LIST || CC_ECC_Parameters) + {{0x0178, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_ECC_Parameters +#endif +#if (PAD_LIST || CC_FirmwareRead) + {{0x0179, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FirmwareRead +#endif +#if (PAD_LIST || CC_GetCapability) + {{0x017a, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetCapability +#endif +#if (PAD_LIST || CC_GetRandom) + {{0x017b, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetRandom +#endif +#if (PAD_LIST || CC_GetTestResult) + {{0x017c, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetTestResult +#endif +#if (PAD_LIST || CC_Hash) + {{0x017d, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Hash +#endif +#if (PAD_LIST || CC_PCR_Read) + {{0x017e, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_PCR_Read +#endif +#if (PAD_LIST || CC_PolicyPCR) + {{0x017f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPCR +#endif +#if (PAD_LIST || CC_PolicyRestart) + {{0x0180, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyRestart +#endif +#if (PAD_LIST || CC_ReadClock) + {{0x0181, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_ReadClock +#endif +#if (PAD_LIST || CC_PCR_Extend) + {{0x0182, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Extend +#endif +#if (PAD_LIST || CC_PCR_SetAuthValue) + {{0x0183, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_SetAuthValue +#endif +#if (PAD_LIST || CC_NV_Certify) + {{0x0184, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_NV_Certify +#endif +#if (PAD_LIST || CC_EventSequenceComplete) + {{0x0185, 0, 1, 0, 1, 2, 0, 0, 0}}, // TPM_CC_EventSequenceComplete +#endif +#if (PAD_LIST || CC_HashSequenceStart) + {{0x0186, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_HashSequenceStart +#endif +#if (PAD_LIST || CC_PolicyPhysicalPresence) + {{0x0187, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPhysicalPresence +#endif +#if (PAD_LIST || CC_PolicyDuplicationSelect) + {{0x0188, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyDuplicationSelect +#endif +#if (PAD_LIST || CC_PolicyGetDigest) + {{0x0189, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyGetDigest +#endif +#if (PAD_LIST || CC_TestParms) + {{0x018a, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_TestParms +#endif +#if (PAD_LIST || CC_Commit) + {{0x018b, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Commit +#endif +#if (PAD_LIST || CC_PolicyPassword) + {{0x018c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPassword +#endif +#if (PAD_LIST || CC_ZGen_2Phase) + {{0x018d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ZGen_2Phase +#endif +#if (PAD_LIST || CC_EC_Ephemeral) + {{0x018e, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_EC_Ephemeral +#endif +#if (PAD_LIST || CC_PolicyNvWritten) + {{0x018f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyNvWritten +#endif +#if (PAD_LIST || CC_PolicyTemplate) + {{0x0190, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyTemplate +#endif +#if (PAD_LIST || CC_CreateLoaded) + {{0x0191, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_CreateLoaded +#endif +#if (PAD_LIST || CC_PolicyAuthorizeNV) + {{0x0192, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_PolicyAuthorizeNV +#endif +#if (PAD_LIST || CC_EncryptDecrypt2) + {{0x0193, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_EncryptDecrypt2 +#endif + +#if (PAD_LIST || CC_Vendor_TCG_Test) + {{0x0000, 0, 0, 0, 0, 0, 0, 1, 0}}, // TPM_CC_Vendor_TCG_Test +#endif + +#if (PAD_LIST || CC_NTC2_PreConfig) + {{0x20000211, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_PreConfig +#endif + +#if (PAD_LIST || CC_NTC2_LockPreConfig) + {{0x20000212, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_LockPreConfig +#endif + +#if (PAD_LIST || CC_NTC2_GetConfig) + {{0x20000213, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_GetConfig +#endif + + {{0x0000, 0, 0, 0, 0, 0, 0, 0, 0}}, // kg - terminator? +}; + +// This is the command code attribute structure. + +const COMMAND_ATTRIBUTES s_commandAttributes [] = { +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011f + (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_EvictControl) + (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_HierarchyControl) + (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_NV_UndefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0123 +#endif +#if (PAD_LIST || CC_ChangeEPS) + (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ChangePPS) + (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_Clear) + (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClearControl) + (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClockSet) + (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_HierarchyChangeAuth) + (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_NV_DefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012a + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PCR_Allocate) + (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012b + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012c + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_PP_Commands) + (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012d + (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), +#endif +#if (PAD_LIST || CC_SetPrimaryPolicy) + (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012e + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_FieldUpgradeStart) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012f + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_ClockRateAdjust) + (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_CreatePrimary) + (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_NV_GlobalWriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_GetCommandAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_Increment) + (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_SetBits) + (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Extend) + (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Write) + (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_WriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_DictionaryAttackLockReset) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_DictionaryAttackParameters) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013a + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_ChangeAuth) + (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013b + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), +#endif +#if (PAD_LIST || CC_PCR_Event) + (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013c + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_PCR_Reset) + (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013d + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_SequenceComplete) + (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013e + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_SetAlgorithmSet) + (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013f + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#endif +#if (PAD_LIST || CC_FieldUpgradeData) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_IncrementalSelfTest) + (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_SelfTest) + (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_Startup) + (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_Shutdown) + (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_StirRandom) + (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_ActivateCredential) + (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Certify) + (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyNV) + (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_CertifyCreation) + (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014a + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_CertifyX509) + (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Duplicate) + (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014b + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetTime) + (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014c + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetSessionAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014d + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_Read) + (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014e + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_ReadLock) + (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014f + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_ObjectChangeAuth) + (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicySecret) + (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Rewrap) + (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Create) + (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_ECDH_ZGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_HMAC) + (COMMAND_ATTRIBUTES)(CC_HMAC * // 0x0155 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Import) + (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Load) + (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_Quote) + (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_RSA_Decrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x015a +#endif +#if (PAD_LIST || CC_HMAC_Start) + (COMMAND_ATTRIBUTES)(CC_HMAC_Start * // 0x015b + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), +#endif +#if (PAD_LIST || CC_SequenceUpdate) + (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015c + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_Sign) + (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015d + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_Unseal) + (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015e + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x015f +#endif +#if (PAD_LIST || CC_PolicySigned) + (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_ContextLoad) + (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 + (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), +#endif +#if (PAD_LIST || CC_ContextSave) + (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_ECDH_KeyGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EncryptDecrypt) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_FlushContext) + (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0166 +#endif +#if (PAD_LIST || CC_LoadExternal) + (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_MakeCredential) + (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_NV_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyAuthorize) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016a + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyAuthValue) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016b + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCommandCode) + (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016c + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCounterTimer) + (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016d + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyCpHash) + (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016e + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyLocality) + (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016f + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyNameHash) + (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyOR) + (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyTicket) + (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_RSA_Encrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0175 +#endif +#if (PAD_LIST || CC_StartAuthSession) + (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_VerifySignature) + (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 + (IS_IMPLEMENTED+DECRYPT_2)), +#endif +#if (PAD_LIST || CC_ECC_Parameters) + (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_FirmwareRead) + (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetCapability) + (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017a + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_GetRandom) + (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017b + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_GetTestResult) + (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017c + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_Hash) + (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017d + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PCR_Read) + (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017e + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_PolicyPCR) + (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017f + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyRestart) + (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ReadClock) + (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_PCR_Extend) + (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 + (IS_IMPLEMENTED+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_PCR_SetAuthValue) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#endif +#if (PAD_LIST || CC_NV_Certify) + (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EventSequenceComplete) + (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), +#endif +#if (PAD_LIST || CC_HashSequenceStart) + (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 + (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_PolicyPhysicalPresence) + (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyDuplicationSelect) + (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyGetDigest) + (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 + (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_TestParms) + (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018a + (IS_IMPLEMENTED)), +#endif +#if (PAD_LIST || CC_Commit) + (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018b + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyPassword) + (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018c + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_ZGen_2Phase) + (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018d + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_EC_Ephemeral) + (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018e + (IS_IMPLEMENTED+ENCRYPT_2)), +#endif +#if (PAD_LIST || CC_PolicyNvWritten) + (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018f + (IS_IMPLEMENTED+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_PolicyTemplate) + (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_CreateLoaded) + (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#endif +#if (PAD_LIST || CC_PolicyAuthorizeNV) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 + (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), +#endif +#if (PAD_LIST || CC_EncryptDecrypt2) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#endif + +#if (PAD_LIST || CC_Vendor_TCG_Test) + (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#endif + +#ifdef TPM_TSS_NUVOTON +#if (PAD_LIST || CC_NTC2_PreConfig) + (COMMAND_ATTRIBUTES)(CC_NTC2_PreConfig * // 0x20000211 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_NTC2_LockPreConfig) + (COMMAND_ATTRIBUTES)(CC_NTC2_LockPreConfig * // 0x20000212 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#if (PAD_LIST || CC_NTC2_GetConfig) + (COMMAND_ATTRIBUTES)(CC_NTC2_GetConfig * // 0x20000213 + (IS_IMPLEMENTED+NO_SESSIONS)), +#endif +#endif /* TPM_TSS_NUVOTON */ + + 0 +}; diff --git a/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData12.c b/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData12.c new file mode 100644 index 000000000000..7bf8b6f964d5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/CommandAttributeData12.c @@ -0,0 +1,121 @@ +/********************************************************************************/ +/* */ +/* Command Attributes Table for TPM 1.2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2018 - 2019 */ +/* */ +/********************************************************************************/ + + +#include + +#include "CommandAttributes.h" +#if defined COMPRESSED_LISTS +# define PAD_LIST 0 +#else +# define PAD_LIST 1 +#endif + +// This is the command code attribute array for GetCapability(). Both this array and +// s_commandAttributes provides command code attributes, but tuned for different purpose + +/* bitfield is: + + command index + reserved + nv + extensive + flushed + cHandles not included in HMAC + rHandle not included in HMAC + V + reserved, flags TPM 1.2 command +*/ + +#include "tssccattributes.h" +const TPMA_CC_TSS s_ccAttr12 [] = { + + /* R N E F C R V R */ + + {{TPM_ORD_ActivateIdentity, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_ContinueSelfTest, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_CreateEndorsementKeyPair, 0, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_CreateWrapKey, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_Extend, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_FlushSpecific, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_GetCapability, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_LoadKey2, 0, 0, 0, 0, 1, 1, 0, 1}}, + {{TPM_ORD_MakeIdentity, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_NV_DefineSpace, 1, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_NV_ReadValueAuth, 1, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_NV_ReadValue, 1, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_NV_WriteValue, 1, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_NV_WriteValueAuth, 1, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_OIAP, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_OSAP, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_OwnerReadInternalPub, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_OwnerSetDisable, 0, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_PcrRead, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_PCR_Reset, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_ReadPubek, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_Quote2, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_Sign, 0, 0, 0, 0, 1, 0, 0, 1}}, + {{TPM_ORD_Startup, 0, 1, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_TakeOwnership, 0, 0, 0, 0, 0, 0, 0, 1}}, + {{TPM_ORD_Init, 0, 0, 0, 0, 0, 0, 0, 1}}, + + {{0x0000, 0, 0, 0, 0, 0, 0, 0, 0}}, // kg - terminator? +}; + diff --git a/libstb/tss2/ibmtpm20tss/utils/CommandAttributes.h b/libstb/tss2/ibmtpm20tss/utils/CommandAttributes.h new file mode 100644 index 000000000000..c19a3fbf4a59 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/CommandAttributes.h @@ -0,0 +1,108 @@ +/********************************************************************************/ +/* */ +/* Command Attributes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CommandAttributes.h 1289 2018-07-30 16:31:47Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2018 */ +/* */ +/********************************************************************************/ + +#ifndef COMMANDATTRIBUTES_H +#define COMMANDATTRIBUTES_H + +#include + +#define IS_IMPLEMENTED 0x0001 +#define HANDLE_1_USER 0x0002 +#define HANDLE_1_ADMIN 0x0004 +#define HANDLE_1_DUP 0x0008 +#define HANDLE_2_USER 0x0010 +#define PP_COMMAND 0x0020 +#define PP_REQUIRED 0x0040 +#define ALLOW_TRIAL 0x0080 +#define NO_SESSIONS 0x0100 +#define DECRYPT_2 0x0200 +#define DECRYPT_4 0x0400 +#define ENCRYPT_2 0x0800 +#define ENCRYPT_4 0x1000 +#define R_HANDLE 0x2000 + +typedef UINT32 COMMAND_ATTRIBUTES; + +typedef union { + struct { + uint32_t commandCode; + uint8_t reserved1; + uint8_t nv; + uint8_t extensive; + uint8_t flushed; + uint8_t cHandles; + uint8_t rHandle; + uint8_t V; + uint8_t tpm12Ordinal; /* kgold - was reserved, flags TPM 1.2 ordinal */ + }; + /* must be a union so the below 'bitfield' structure intiializer works */ + uint8_t dummy; +} TPMA_CC_TSS; + +extern const TPMA_CC_TSS s_ccAttr []; +#ifdef TPM_TPM12 +extern const TPMA_CC_TSS s_ccAttr12 []; +#endif + +extern const COMMAND_ATTRIBUTES s_commandAttributes []; + +#endif + diff --git a/libstb/tss2/ibmtpm20tss/utils/Commands.c b/libstb/tss2/ibmtpm20tss/utils/Commands.c new file mode 100644 index 000000000000..4f2a5768141c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Commands.c @@ -0,0 +1,2294 @@ +/********************************************************************************/ +/* */ +/* Command Parameter Unmarshaling */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +/* The TSS using the command parameter unmarshaling to validate caller input parameters before + sending them to the TPM. + + It is essentially the same as the TPM side code. +*/ + +#include "Commands_fp.h" +#include + +#include + +#ifndef TPM_TSS_NOCMDCHECK + +/* + In_Unmarshal - shared by TPM and TSS +*/ + +TPM_RC +Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_SU_Unmarshalu(&target->startupType, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Startup_startupType; + } + } + return rc; +} +TPM_RC +Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_SU_Unmarshalu(&target->shutdownType, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Shutdown_shutdownType; + } + } + return rc; +} +TPM_RC +SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->fullTest, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SelfTest_fullTest; + } + } + return rc; +} +TPM_RC +IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_ALG_Unmarshalu(&target->toTest, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_IncrementalSelfTest_toTest; + } + } + return rc; +} +TPM_RC +StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->tpmKey = handles[0]; + target->bind = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceCaller, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StartAuthSession_nonceCaller; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->encryptedSalt, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StartAuthSession_encryptedSalt; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_SE_Unmarshalu(&target->sessionType, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StartAuthSession_sessionType; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_Unmarshalu(&target->symmetric, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StartAuthSession_symmetric; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->authHash, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StartAuthSession_authHash; + } + } + return rc; +} +TPM_RC +PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->sessionHandle = handles[0]; + } + return rc; +} +TPM_RC +Create_In_Unmarshal(Create_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->parentHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Create_inSensitive; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Create_inPublic; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Create_outsideInfo; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->creationPCR, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Create_creationPCR; + } + } + return rc; +} +TPM_RC +Load_In_Unmarshal(Load_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->parentHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->inPrivate, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Load_inPrivate; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Load_inPublic; + } + } + return rc; +} +TPM_RC +LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_Unmarshalu(&target->inPrivate, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_LoadExternal_inPrivate; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_LoadExternal_inPublic; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_LoadExternal_hierarchy; + } + } + return rc; +} + +TPM_RC +ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->objectHandle = handles[0]; + } + return rc; +} +TPM_RC +ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->activateHandle = handles[0]; + target->keyHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ID_OBJECT_Unmarshalu(&target->credentialBlob, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ActivateCredential_credentialBlob; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->secret, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ActivateCredential_secret; + } + } + return rc; +} +TPM_RC +MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->handle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->credential, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_MakeCredential_credential; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_MakeCredential_objectName; + } + } + return rc; +} +TPM_RC +Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->itemHandle = handles[0]; + } + return rc; +} +TPM_RC +ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->objectHandle = handles[0]; + target->parentHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size); + } + return rc; +} +TPM_RC +CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->parentHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Create_inSensitive; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_TEMPLATE_Unmarshalu(&target->inPublic, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CreateLoaded_inPublic; + } + } + return rc; +} +TPM_RC +Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->objectHandle = handles[0]; + target->newParentHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKeyIn, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Duplicate_encryptionKeyIn; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetricAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Duplicate_symmetricAlg; + } + } + return rc; +} +TPM_RC +Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->oldParent = handles[0]; + target->newParent = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->inDuplicate, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Rewrap_inDuplicate; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Rewrap_name; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->inSymSeed, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Rewrap_inSymSeed; + } + } + return rc; +} +TPM_RC +Import_In_Unmarshal(Import_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->parentHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKey, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->objectPublic, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Import_objectPublic; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->duplicate, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Import_duplicate; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->inSymSeed, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Import_inSymSeed; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetricAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Import_symmetricAlg; + } + } + return rc; +} +TPM_RC +RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->message, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Encrypt_message; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_RSA_DECRYPT_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Encrypt_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->label, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Encrypt_label; + } + } + return rc; +} +TPM_RC +RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->cipherText, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Decrypt_cipherText; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_RSA_DECRYPT_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Decrypt_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->label, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_RSA_Decrypt_label; + } + } + return rc; +} +TPM_RC +ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + return rc; +} +TPM_RC +ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inPoint, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ECDH_ZGen_inPoint; + } + } + return rc; +} +TPM_RC +ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ECC_Parameters_curveID; + } + } + return rc; +} +TPM_RC +ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyA = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inQsB, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ZGen_2Phase_inQsB; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inQeB, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ZGen_2Phase_inQeB; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(&target->inScheme, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ZGen_2Phase_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ZGen_2Phase_counter; + } + } + return rc; +} +TPM_RC +EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->decrypt, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt_decrypt; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->mode, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt_mode; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_IV_Unmarshalu(&target->ivIn, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt_ivIn; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->inData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt_inData; + } + } + return rc; +} +TPM_RC +EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->inData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt2_inData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->decrypt, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt2_decrypt; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->mode, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt2_mode; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_IV_Unmarshalu(&target->ivIn, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EncryptDecrypt2_ivIn; + } + } + return rc; +} +TPM_RC +Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->data, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Hash_data; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Hash_hashAlg; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Hash_hierarchy; + } + } + return rc; +} +TPM_RC +HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->handle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HMAC_buffer; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HMAC_hashAlg; + } + } + return rc; +} +TPM_RC +GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->bytesRequested, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetRandom_bytesRequested; + } + } + return rc; +} +TPM_RC +StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->inData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_StirRandom_inData; + } + } + return rc; +} +TPM_RC +HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->handle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HMAC_Start_auth; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HMAC_Start_hashAlg; + } + } + return rc; +} +TPM_RC +HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HashSequenceStart_auth; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HashSequenceStart_hashAlg; + } + } + return rc; +} +TPM_RC +SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->sequenceHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SequenceUpdate_buffer; + } + } + return rc; +} +TPM_RC +SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->sequenceHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SequenceComplete_buffer; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SequenceComplete_hierarchy; + } + } + return rc; +} +TPM_RC +EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->pcrHandle = handles[0]; + target->sequenceHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EventSequenceComplete_buffer; + } + } + return rc; +} +TPM_RC +Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->objectHandle = handles[0]; + target->signHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Certify_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Certify_inScheme; + } + } + return rc; +} +TPM_RC +CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->objectHandle = handles[0]; + target->signHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->reserved, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyX509_reserved; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyX509_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->partialCertificate, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyX509_partialCertificate; + } + } + return rc; +} +TPM_RC +CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->signHandle = handles[0]; + target->objectHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyCreation_creationHash; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyCreation_creationHash; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyCreation_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CertifyCreation_creationTicket; + } + } + return rc; +} +TPM_RC +Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->signHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Quote_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Quote_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->PCRselect, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Quote_PCRselect; + } + } + return rc; +} +TPM_RC +GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->privacyAdminHandle = handles[0]; + target->signHandle = handles[1]; + target->sessionHandle = handles[2]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetSessionAuditDigest_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetSessionAuditDigest_inScheme; + } + } + return rc; +} +TPM_RC +GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->privacyHandle = handles[0]; + target->signHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetCommandAuditDigest_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetCommandAuditDigest_inScheme; + } + } + return rc; +} +TPM_RC +GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->privacyAdminHandle = handles[0]; + target->signHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetTime_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetTime_inScheme; + } + } + return rc; +} +TPM_RC +Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->signHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->P1, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Commit_P1; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->s2, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Commit_s2; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->y2, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Commit_y2; + } + } + return rc; +} +TPM_RC +EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EC_Ephemeral_curveID; + } + } + return rc; +} +TPM_RC +VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_VerifySignature_digest; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_VerifySignature_signature; + } + } + return rc; +} +TPM_RC +Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->keyHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Sign_digest; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Sign_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_Sign_validation; + } + } + return rc; +} +TPM_RC +SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->auditAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetCommandCodeAuditStatus_auditAlg; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_CC_Unmarshalu(&target->setList, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetCommandCodeAuditStatus_setList; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_CC_Unmarshalu(&target->clearList, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetCommandCodeAuditStatus_clearList; + } + } + return rc; +} +TPM_RC +PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->pcrHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_Extend_digests; + } + } + return rc; +} +TPM_RC +PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->pcrHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_EVENT_Unmarshalu(&target->eventData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_Event_eventData; + } + } + return rc; +} +TPM_RC +PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelectionIn, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_Read_pcrSelectionIn; + } + } + return rc; +} +TPM_RC +PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrAllocation, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_Allocate_pcrAllocation; + } + } + return rc; +} +TPM_RC +PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_SetAuthPolicy_authPolicy; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_SetAuthPolicy_hashAlg; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_PCR_Unmarshalu(&target->pcrNum, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_SetAuthPolicy_pcrNum; + } + } + return rc; +} +TPM_RC +PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->pcrHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->auth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PCR_SetAuthValue_auth; + } + } + return rc; +} +TPM_RC +PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->pcrHandle = handles[0]; + } + return rc; +} +TPM_RC +PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authObject = handles[0]; + target->policySession = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySigned_nonceTPM; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySigned_cpHashA; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySigned_policyRef; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_INT32_Unmarshalu(&target->expiration, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySigned_expiration; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->auth, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySigned_auth; + } + } + return rc; +} +TPM_RC +PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->policySession = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySecret_nonceTPM; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySecret_cpHashA; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySecret_policyRef; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_INT32_Unmarshalu(&target->expiration, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicySecret_expiration; + } + } + return rc; +} +TPM_RC +PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTicket_timeout; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTicket_cpHashA; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTicket_policyRef; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->authName, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTicket_authName; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->ticket, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTicket_ticket; + } + } + return rc; +} +TPM_RC +PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + /* Policy OR requires at least two OR terms */ + rc = TSS_TPML_DIGEST_Unmarshalu(&target->pHashList, buffer, size, 2); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyOR_pHashList; + } + } + return rc; +} +TPM_RC +PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyPCR_pcrDigest; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrs, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyPCR_pcrs; + } + } + return rc; +} +TPM_RC +PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_LOCALITY_Unmarshalu(&target->locality, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyLocality_locality; + } + } + return rc; +} +TPM_RC +PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + target->policySession = handles[2]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_OPERAND_Unmarshalu(&target->operandB, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyNV_operandB; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyNV_offset; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_EO_Unmarshalu(&target->operation, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyNV_operation; + } + } + return rc; +} +TPM_RC +PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + target->policySession = handles[2]; + } + return rc; +} +TPM_RC +PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_OPERAND_Unmarshalu(&target->operandB, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyCounterTimer_operandB; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyCounterTimer_offset; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_EO_Unmarshalu(&target->operation, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyCounterTimer_operation; + } + } + return rc; +} +TPM_RC +PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_CC_Unmarshalu(&target->code, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyCommandCode_code; + } + } + return rc; +} +TPM_RC +PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + return rc; +} +TPM_RC +PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyCpHash_cpHashA; + } + } + return rc; +} +TPM_RC +PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->nameHash, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyNameHash_nameHash; + } + } + return rc; +} +TPM_RC +PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyDuplicationSelect_objectName; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->newParentName, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyDuplicationSelect_newParentName; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->includeObject, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyDuplicationSelect_includeObject; + } + } + return rc; +} +TPM_RC +PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->approvedPolicy, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyAuthorize_approvedPolicy; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyAuthorize_policyRef; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->keySign, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyAuthorize_keySign; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_VERIFIED_Unmarshalu(&target->checkTicket, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyAuthorize_checkTicket; + } + } + return rc; +} +TPM_RC +PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + return rc; +} +TPM_RC +PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + return rc; +} +TPM_RC +PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + return rc; +} +TPM_RC +PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->writtenSet, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyNvWritten_writtenSet; + } + } + return rc; +} +TPM_RC +PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->policySession = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->templateHash, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PolicyTemplate_templateHash; + } + } + return rc; +} +TPM_RC +CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->primaryHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CreatePrimary_inSensitive; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CreatePrimary_inPublic; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CreatePrimary_outsideInfo; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->creationPCR, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_CreatePrimary_creationPCR; + } + } + return rc; +} +TPM_RC +HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_ENABLES_Unmarshalu(&target->enable, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HierarchyControl_enable; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->state, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HierarchyControl_state; + } + } + return rc; +} +TPM_RC +SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetPrimaryPolicy_authPolicy; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetPrimaryPolicy_hashAlg; + } + } + return rc; +} +TPM_RC +ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + return rc; +} +TPM_RC +ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + return rc; +} +TPM_RC +Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + return rc; +} +TPM_RC +ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->disable, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ClearControl_disable; + } + } + return rc; +} +TPM_RC +HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_HierarchyChangeAuth_newAuth; + } + } + return rc; +} +TPM_RC +DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->lockHandle = handles[0]; + } + return rc; +} +TPM_RC +DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->lockHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->newMaxTries, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_DictionaryAttackParameters_newMaxTries; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->newRecoveryTime, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_DictionaryAttackParameters_newRecoveryTime; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->lockoutRecovery, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_DictionaryAttackParameters_lockoutRecovery; + } + } + return rc; +} +TPM_RC +PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_CC_Unmarshalu(&target->setList, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PP_Commands_setList; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_CC_Unmarshalu(&target->clearList, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_PP_Commands_clearList; + } + } + return rc; +} +TPM_RC +SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->algorithmSet, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_SetAlgorithmSet_algorithmSet; + } + } + return rc; +} +TPM_RC +ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->saveHandle = handles[0]; + } + return rc; +} +TPM_RC +ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CONTEXT_Unmarshalu(&target->context, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ContextLoad_context; + } + } + return rc; +} +TPM_RC +FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_CONTEXT_Unmarshalu(&target->flushHandle, buffer, size, NO); + if (rc != TPM_RC_SUCCESS) { + rc += RC_FlushContext_flushHandle; + } + } + return rc; +} +TPM_RC +EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + target->objectHandle = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_PERSISTENT_Unmarshalu(&target->persistentHandle, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_EvictControl_persistentHandle; + } + } + return rc; +} +TPM_RC +ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->newTime, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ClockSet_newTime; + } + } + return rc; +} +TPM_RC +ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->auth = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_CLOCK_ADJUST_Unmarshalu(&target->rateAdjust, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_ClockRateAdjust_rateAdjust; + } + } + return rc; +} +TPM_RC +GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_CAP_Unmarshalu(&target->capability, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetCapability_capability; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->property, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetCapability_property; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->propertyCount, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_GetCapability_propertyCount; + } + } + return rc; +} +TPM_RC +TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_TestParms_parameters; + } + } + return rc; +} +TPM_RC +NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_DefineSpace_auth; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NV_PUBLIC_Unmarshalu(&target->publicInfo, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_DefineSpace_publicInfo; + } + } + return rc; +} +TPM_RC +NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + return rc; +} +TPM_RC +NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->nvIndex = handles[0]; + target->platform = handles[1]; + } + return rc; +} +TPM_RC +NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->nvIndex = handles[0]; + } + return rc; +} +TPM_RC +NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Write_data; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Write_offset; + } + } + return rc; +} +TPM_RC +NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + return rc; +} +TPM_RC +NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Extend_data; + } + } + return rc; +} +TPM_RC +NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->bits, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_SetBits_bits; + } + } + return rc; +} +TPM_RC +NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + return rc; +} +TPM_RC +NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + } + return rc; +} +TPM_RC +NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Read_size; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Read_offset; + } + } + return rc; +} +TPM_RC +NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + buffer = buffer; + size = size; + + if (rc == TPM_RC_SUCCESS) { + target->authHandle = handles[0]; + target->nvIndex = handles[1]; + } + return rc; +} +TPM_RC +NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->nvIndex = handles[0]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_ChangeAuth_newAuth; + } + } + return rc; +} +TPM_RC +NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + target->signHandle = handles[0]; + target->authHandle = handles[1]; + target->nvIndex = handles[2]; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Certify_qualifyingData; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Certify_inScheme; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Certify_size; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NV_Certify_offset; + } + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ diff --git a/libstb/tss2/ibmtpm20tss/utils/Commands12.c b/libstb/tss2/ibmtpm20tss/utils/Commands12.c new file mode 100644 index 000000000000..44e3d0ae8bc1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Commands12.c @@ -0,0 +1,599 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Commands12.c 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include "Commands12_fp.h" +#include + +#include +#include + +COMMAND_PARAMETERS in; +RESPONSE_PARAMETERS out; + +/* + In_Unmarshal +*/ + +TPM_RC +ActivateIdentity_In_Unmarshal(ActivateIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + target->idKeyHandle = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->blobSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + if (target->blobSize > sizeof(target->blob)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->blob, target->blobSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +CreateEndorsementKeyPair_In_Unmarshal(CreateEndorsementKeyPair_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->antiReplay, TPM_NONCE_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->keyInfo, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +CreateWrapKey_In_Unmarshal(CreateWrapKey_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->parentHandle = handles[0]; + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->dataUsageAuth, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->dataMigrationAuth, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->keyInfo, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +Extend_In_Unmarshal(Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + if (rc == 0) { + target->pcrNum = handles[0]; + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->inDigest, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +FlushSpecific_In_Unmarshal(FlushSpecific_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + if (rc == 0) { + target->handle = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->resourceType, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +GetCapability12_In_Unmarshal(GetCapability12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->capArea, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->subCapSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + if (target->subCapSize > sizeof(target->subCap)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->subCap, target->subCapSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +LoadKey2_In_Unmarshal(LoadKey2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->parentHandle = handles[0]; + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->inKey, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +MakeIdentity_In_Unmarshal(MakeIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->identityAuth, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->labelPrivCADigest, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->idKeyParams, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +NV_DefineSpace12_In_Unmarshal(NV_DefineSpace12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(&target->pubInfo, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->encAuth, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +NV_ReadValueAuth_In_Unmarshal(NV_ReadValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->nvIndex = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +NV_ReadValue_In_Unmarshal(NV_ReadValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->nvIndex = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +NV_WriteValue_In_Unmarshal(NV_WriteValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->nvIndex = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + if (target->dataSize > sizeof(target->data)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +NV_WriteValueAuth_In_Unmarshal(NV_WriteValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->nvIndex = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + if (target->dataSize > sizeof(target->data)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +OSAP_In_Unmarshal(OSAP_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->entityType, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->entityValue, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceOddOSAP, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +OwnerSetDisable_In_Unmarshal(OwnerSetDisable_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->disableState, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +OwnerReadInternalPub_In_Unmarshal(OwnerReadInternalPub_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->keyHandle , buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +PcrRead12_In_Unmarshal(PcrRead12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + buffer = buffer; + size = size; + + if (rc == 0) { + target->pcrIndex = handles[0]; + } + return rc; +} + +TPM_RC +PCR_Reset12_In_Unmarshal(PCR_Reset12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->pcrSelection, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +Quote2_In_Unmarshal(Quote2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->keyHandle = handles[0]; + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->externalData, SHA1_DIGEST_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->targetPCR, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->addVersion, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + return rc; +} + +TPM_RC +ReadPubek_In_Unmarshal(ReadPubek_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->antiReplay, TPM_NONCE_SIZE, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +Sign12_In_Unmarshal(Sign12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + + if (rc == 0) { + target->keyHandle = handles[0]; + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->areaToSignSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + if (target->areaToSignSize > sizeof(target->areaToSign)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->areaToSign, target->areaToSignSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + return rc; +} + +TPM_RC +Startup12_In_Unmarshal(Startup12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_TPM_STARTUP_TYPE_Unmarshalu(&target->startupType, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + return rc; +} + +TPM_RC +TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = 0; + handles = handles; + + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->protocolID, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->encOwnerAuthSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_1); + } + } + if (rc == 0) { + if (target->encOwnerAuthSize > sizeof(target->encOwnerAuth)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->encOwnerAuth, target->encOwnerAuthSize , buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_2); + } + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->encSrkAuthSize, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_3); + } + } + if (rc == 0) { + if (target->encSrkAuthSize > sizeof(target->encSrkAuth)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->encSrkAuth, target->encSrkAuthSize , buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_4); + } + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->srkParams, buffer, size); + if (rc != 0) { + rc += (TPM_RC_P + TPM_RC_5); + } + } + return rc; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/Commands12_fp.h b/libstb/tss2/ibmtpm20tss/utils/Commands12_fp.h new file mode 100644 index 000000000000..29a4bf1e2d38 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Commands12_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Commands12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef COMMANDS12_FP_H +#define COMMANDS12_FP_H + +#include +#include + +TPM_RC +ActivateIdentity_In_Unmarshal(ActivateIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +CreateEndorsementKeyPair_In_Unmarshal(CreateEndorsementKeyPair_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +CreateWrapKey_In_Unmarshal(CreateWrapKey_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Extend_In_Unmarshal(Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +FlushSpecific_In_Unmarshal(FlushSpecific_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +GetCapability12_In_Unmarshal(GetCapability12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +LoadKey2_In_Unmarshal(LoadKey2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +MakeIdentity_In_Unmarshal(MakeIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_DefineSpace12_In_Unmarshal(NV_DefineSpace12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_ReadValueAuth_In_Unmarshal(NV_ReadValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_ReadValue_In_Unmarshal(NV_ReadValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_WriteValue_In_Unmarshal(NV_WriteValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_WriteValueAuth_In_Unmarshal(NV_WriteValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +OSAP_In_Unmarshal(OSAP_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +OwnerSetDisable_In_Unmarshal(OwnerSetDisable_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +OwnerReadInternalPub_In_Unmarshal(OwnerReadInternalPub_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PcrRead12_In_Unmarshal(PcrRead12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PCR_Reset12_In_Unmarshal(PCR_Reset12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ReadPubek_In_Unmarshal(ReadPubek_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Quote2_In_Unmarshal(Quote2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Sign12_In_Unmarshal(Sign12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Startup12_In_Unmarshal(Startup12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/Commands_fp.h b/libstb/tss2/ibmtpm20tss/utils/Commands_fp.h new file mode 100644 index 000000000000..8041d94aeee3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Commands_fp.h @@ -0,0 +1,505 @@ +/********************************************************************************/ +/* */ +/* Command and Response Marshal and Unmarshal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef COMMANDS_FP_H +#define COMMANDS_FP_H + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +TPM_RC +Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +IncrementalSelfTest_Out_Marshal(IncrementalSelfTest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +UINT16 +GetTestResult_Out_Marshal(GetTestResult_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +StartAuthSession_Out_Marshal(StartAuthSession_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Create_In_Unmarshal(Create_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Create_Out_Marshal(Create_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Load_In_Unmarshal(Load_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Load_Out_Marshal(Load_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +LoadExternal_Out_Marshal(LoadExternal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ReadPublic_Out_Marshal(ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ActivateCredential_Out_Marshal(ActivateCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +MakeCredential_Out_Marshal(MakeCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Unseal_Out_Marshal(Unseal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ObjectChangeAuth_Out_Marshal(ObjectChangeAuth_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Duplicate_Out_Marshal(Duplicate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Rewrap_Out_Marshal(Rewrap_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Import_In_Unmarshal(Import_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Import_Out_Marshal(Import_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +RSA_Encrypt_Out_Marshal(RSA_Encrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +RSA_Decrypt_Out_Marshal(RSA_Decrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ECDH_KeyGen_Out_Marshal(ECDH_KeyGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ECDH_ZGen_Out_Marshal(ECDH_ZGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ECC_Parameters_Out_Marshal(ECC_Parameters_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ZGen_2Phase_Out_Marshal(ZGen_2Phase_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +EncryptDecrypt_Out_Marshal(EncryptDecrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Hash_Out_Marshal(Hash_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +HMAC_Out_Marshal(HMAC_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +GetRandom_Out_Marshal(GetRandom_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +HMAC_Start_Out_Marshal(HMAC_Start_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +HashSequenceStart_Out_Marshal(HashSequenceStart_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +SequenceComplete_Out_Marshal(SequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +EventSequenceComplete_Out_Marshal(EventSequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Certify_Out_Marshal(Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +CertifyCreation_Out_Marshal(CertifyCreation_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +CertifyX509_Out_Marshal(CertifyX509_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Quote_Out_Marshal(Quote_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +GetSessionAuditDigest_Out_Marshal(GetSessionAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +GetCommandAuditDigest_Out_Marshal(GetCommandAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +GetTime_Out_Marshal(GetTime_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Commit_Out_Marshal(Commit_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +EC_Ephemeral_Out_Marshal(EC_Ephemeral_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +VerifySignature_Out_Marshal(VerifySignature_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +Sign_Out_Marshal(Sign_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PCR_Event_Out_Marshal(PCR_Event_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PCR_Read_Out_Marshal(PCR_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PCR_Allocate_Out_Marshal(PCR_Allocate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PolicySigned_Out_Marshal(PolicySigned_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PolicySecret_Out_Marshal(PolicySecret_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +PolicyGetDigest_Out_Marshal(PolicyGetDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +CreatePrimary_Out_Marshal(CreatePrimary_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ContextSave_Out_Marshal(ContextSave_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ContextLoad_Out_Marshal(ContextLoad_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +ReadClock_Out_Marshal(ReadClock_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +GetCapability_Out_Marshal(GetCapability_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +NV_ReadPublic_Out_Marshal(NV_ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +NV_Read_Out_Marshal(NV_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); +TPM_RC +NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +TPM_RC +NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); +UINT16 +NV_Certify_Out_Marshal(NV_Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/Makefile.am b/libstb/tss2/ibmtpm20tss/utils/Makefile.am new file mode 100644 index 000000000000..1e51fe3817fa --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Makefile.am @@ -0,0 +1,594 @@ +transform=s&^&tss& + +lib_LTLIBRARIES = libibmtss.la +#if CONFIG_TPM20 +lib_LTLIBRARIES += libibmtssutils.la +#endif + +# default TSS Library +libibmtss_la_SOURCES = tssfile.c tsscryptoh.c tsscrypto.c +libibmtss_la_LIBADD = $(LIBCRYPTO_LIBS) + +# TSS shared library object files (utils/makefile-common) +libibmtss_la_SOURCES += tss.c tssproperties.c tssmarshal.c tssauth.c tssutils.c tsssocket.c tssdev.c tsstransmit.c tssresponsecode.c tssccattributes.c tssprint.c Unmarshal.c CommandAttributeData.c + +# TPM 2.0 +# TSS share libarary object files +if CONFIG_TPM20 +libibmtss_la_SOURCES += tss20.c tssauth20.c Commands.c tssprintcmd.c +libibmtss_la_SOURCES += ntc2lib.c tssntc.c +endif + +# (from utils/makefile-common12) +if CONFIG_TPM12 +libibmtss_la_SOURCES += tss12.c tssauth12.c tssmarshal12.c Unmarshal12.c Commands12.c tssccattributes12.c CommandAttributeData12.c +endif + +libibmtss_la_CFLAGS = -fPIC +if CONFIG_HWTPM +libibmtss_la_CFLAGS += -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" +endif + +if CONFIG_RMTPM +libibmtss_la_CFLAGS += -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\"" +endif + +if CONFIG_TPM20 +libibmtss_la_CFLAGS += -DTPM_TPM20 +endif + +if CONFIG_TPM12 +libibmtss_la_CFLAGS += -DTPM_TPM12 +endif + +if CONFIG_TSS_NOPRINT +libibmtss_la_CFLAGS += -DTPM_TSS_NO_PRINT +endif + +if CONFIG_TSS_NOFILE +libibmtss_la_CFLAGS += -DTPM_TSS_NOFILE +if CONFIG_TSS_NOCRYPTO +libibmtss_la_CFLAGS += -DTPM_TSS_NOCRYPTO +endif +endif + +if CONFIG_TSS_NOECC +libibmtss_la_CFLAGS += -DTPM_TSS_NOECC +endif + +libibmtss_la_CCFLAGS = -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 -Wold-style-definition -Wno-self-assign -ggdb +libibmtss_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ + +libibmtssutils_la_SOURCES = cryptoutils.c ekutils.c imalib.c eventlib.c +libibmtssutils_la_CFLAGS = -fPIC + +if CONFIG_TPM20 +libibmtssutils_la_CFLAGS += -DTPM_TPM20 +endif + +if CONFIG_TPM12 +libibmtssutils_la_CFLAGS += -DTPM_TPM12 +endif + +if CONFIG_TSS_NOECC +libibmtssutils_la_CFLAGS += -DTPM_TSS_NOECC +endif + +#current[:revision[:age]] +#result: [current-age].age.revision +libibmtssutils_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ +libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS) + +noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h +# install every header in ibmtss +nobase_include_HEADERS = ibmtss/*.h + +notrans_man_MANS = man/man1/*.1 + +if CONFIG_TPM20 +noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h +endif + +if CONFIG_TPM12 +noinst_HEADERS += tss12.h Commands12_fp.h tssauth12.h tssccattributes12.h ibmtss/Unmarshal12_fp.h ibmtss/Parameters12.h ibmtss/tpmstructures12.h ibmtss/tpmconstants12.h ibmtss/tpmtypes12.h +endif + +if CONFIG_TPM20 +bin_PROGRAMS = activatecredential eventextend imaextend certify certifycreation certifyx509 changeeps changepps clear \ + clearcontrol clockrateadjust clockset commit contextload contextsave create createloaded createprimary \ + dictionaryattacklockreset dictionaryattackparameters duplicate eccparameters ecephemeral encryptdecrypt \ + eventsequencecomplete evictcontrol flushcontext getcommandauditdigest getcapability getcryptolibrary \ + getrandom gettestresult getsessionauditdigest gettime hashsequencestart hash hierarchycontrol \ + hierarchychangeauth hmac hmacstart import importpem load loadexternal makecredential nvcertify nvchangeauth \ + nvdefinespace nvextend nvglobalwritelock nvincrement nvread nvreadlock nvreadpublic nvsetbits \ + nvundefinespace nvundefinespacespecial nvwrite nvwritelock objectchangeauth pcrallocate pcrevent pcrextend \ + pcrread pcrreset policyauthorize policyauthvalue policycommandcode policycphash policynamehash \ + policycountertimer policyduplicationselect policygetdigest policymaker policymakerpcr policyauthorizenv \ + policynv policynvwritten policyor policypassword policypcr policyrestart policysigned policysecret \ + policytemplate policyticket quote powerup readclock readpublic returncode rewrap rsadecrypt rsaencrypt \ + sequenceupdate sequencecomplete setcommandcodeauditstatus setprimarypolicy shutdown sign startauthsession \ + startup stirrandom unseal \ + verifysignature zgen2phase signapp writeapp timepacket createek createekcert tpm2pem tpmpublic2eccpoint \ + ntc2getconfig ntc2preconfig ntc2lockconfig publicname tpmcmd printattr + +if CONFIG_TSS_NOECC +UTILS_CFLAGS = -DTPM_TSS_NOECC +endif + +activatecredential_SOURCES = activatecredential.c +activatecredential_CFLAGS = $(UTILS_CFLAGS) +activatecredential_LDADD = libibmtssutils.la libibmtss.la + +eventextend_SOURCES = eventextend.c +eventextend_CFLAGS = $(UTILS_CFLAGS) +eventextend_LDADD = libibmtssutils.la libibmtss.la + +imaextend_SOURCES = imaextend.c +imaextend_CFLAGS = $(UTILS_CFLAGS) +imaextend_LDADD = libibmtssutils.la libibmtss.la + +certify_SOURCES = certify.c +certify_CFLAGS = $(UTILS_CFLAGS) +certify_LDADD = libibmtssutils.la libibmtss.la + +certifycreation_SOURCES = certifycreation.c +certifycreation_CFLAGS = $(UTILS_CFLAGS) +certifycreation_LDADD = libibmtssutils.la libibmtss.la + +certifyx509_SOURCES = certifyx509.c +certifyx509_CFLAGS = $(UTILS_CFLAGS) +certifyx509_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +changeeps_SOURCES = changeeps.c +changeeps_CFLAGS = $(UTILS_CFLAGS) +changeeps_LDADD = libibmtssutils.la libibmtss.la + +changepps_SOURCES = changepps.c +changepps_CFLAGS = $(UTILS_CFLAGS) -DTPM_POSIX +changepps_LDADD = libibmtssutils.la libibmtss.la + +clear_SOURCES = clear.c +clear_CFLAGS = $(UTILS_CFLAGS) +clear_LDADD = libibmtssutils.la libibmtss.la + +clearcontrol_SOURCES = clearcontrol.c +clearcontrol_CFLAGS = $(UTILS_CFLAGS) +clearcontrol_LDADD = libibmtssutils.la libibmtss.la + +clockrateadjust_SOURCES = clockrateadjust.c +clockrateadjust_CFLAGS = $(UTILS_CFLAGS) +clockrateadjust_LDADD = libibmtssutils.la libibmtss.la + +clockset_SOURCES = clockset.c +clockset_CFLAGS = $(UTILS_CFLAGS) +clockset_LDADD = libibmtssutils.la libibmtss.la + +commit_SOURCES = commit.c +commit_CFLAGS = $(UTILS_CFLAGS) +commit_LDADD = libibmtssutils.la libibmtss.la + +contextload_SOURCES = contextload.c +contextload_CFLAGS = $(UTILS_CFLAGS) +contextload_LDADD = libibmtssutils.la libibmtss.la + +contextsave_SOURCES = contextsave.c +contextsave_CFLAGS = $(UTILS_CFLAGS) +contextsave_LDADD = libibmtssutils.la libibmtss.la + +create_SOURCES = create.c objecttemplates.c +create_CFLAGS = $(UTILS_CFLAGS) +create_LDADD = libibmtssutils.la libibmtss.la + +createloaded_SOURCES = createloaded.c objecttemplates.c +createloaded_CFLAGS = $(UTILS_CFLAGS) +createloaded_LDADD = libibmtssutils.la libibmtss.la + +createprimary_SOURCES = createprimary.c objecttemplates.c +createprimary_CFLAGS = $(UTILS_CFLAGS) +createprimary_LDADD = libibmtssutils.la libibmtss.la + +dictionaryattacklockreset_SOURCES = dictionaryattacklockreset.c +dictionaryattacklockreset_CFLAGS = $(UTILS_CFLAGS) +dictionaryattacklockreset_LDADD = libibmtssutils.la libibmtss.la + +dictionaryattackparameters_SOURCES = dictionaryattackparameters.c +dictionaryattackparameters_CFLAGS = $(UTILS_CFLAGS) +dictionaryattackparameters_LDADD = libibmtssutils.la libibmtss.la + +duplicate_SOURCES = duplicate.c +duplicate_CFLAGS = $(UTILS_CFLAGS) +duplicate_LDADD = libibmtssutils.la libibmtss.la + +eccparameters_SOURCES = eccparameters.c +eccparameters_CFLAGS = $(UTILS_CFLAGS) +eccparameters_LDADD = libibmtssutils.la libibmtss.la + +ecephemeral_SOURCES = ecephemeral.c +ecephemeral_CFLAGS = $(UTILS_CFLAGS) +ecephemeral_LDADD = libibmtssutils.la libibmtss.la + +encryptdecrypt_SOURCES = encryptdecrypt.c +encryptdecrypt_CFLAGS = $(UTILS_CFLAGS) +encryptdecrypt_LDADD = libibmtssutils.la libibmtss.la + +eventsequencecomplete_SOURCES = eventsequencecomplete.c +eventsequencecomplete_CFLAGS = $(UTILS_CFLAGS) +eventsequencecomplete_LDADD = libibmtssutils.la libibmtss.la + +evictcontrol_SOURCES = evictcontrol.c +evictcontrol_CFLAGS = $(UTILS_CFLAGS) +evictcontrol_LDADD = libibmtssutils.la libibmtss.la + +flushcontext_SOURCES = flushcontext.c +flushcontext_CFLAGS = $(UTILS_CFLAGS) +flushcontext_LDADD = libibmtssutils.la libibmtss.la + +getcommandauditdigest_SOURCES = getcommandauditdigest.c +getcommandauditdigest_CFLAGS = $(UTILS_CFLAGS) +getcommandauditdigest_LDADD = libibmtssutils.la libibmtss.la + +getcapability_SOURCES = getcapability.c +getcapability_CFLAGS = $(UTILS_CFLAGS) +getcapability_LDADD = libibmtssutils.la libibmtss.la + +getcryptolibrary_SOURCES = getcryptolibrary.c +getcryptolibrary_CFLAGS = $(UTILS_CFLAGS) +getcryptolibrary_LDADD = libibmtssutils.la libibmtss.la + +getrandom_SOURCES = getrandom.c +getrandom_CFLAGS = $(UTILS_CFLAGS) +getrandom_LDADD = libibmtssutils.la libibmtss.la + +gettestresult_SOURCES = gettestresult.c +gettestresult_CFLAGS = $(UTILS_CFLAGS) +gettestresult_LDADD = libibmtssutils.la libibmtss.la + +getsessionauditdigest_SOURCES = getsessionauditdigest.c +getsessionauditdigest_CFLAGS = $(UTILS_CFLAGS) +getsessionauditdigest_LDADD = libibmtssutils.la libibmtss.la + +gettime_SOURCES = gettime.c +gettime_CFLAGS = $(UTILS_CFLAGS) +gettime_LDADD = libibmtssutils.la libibmtss.la + +hashsequencestart_SOURCES = hashsequencestart.c +hashsequencestart_CFLAGS = $(UTILS_CFLAGS) +hashsequencestart_LDADD = libibmtssutils.la libibmtss.la + +hash_SOURCES = hash.c +hash_CFLAGS = $(UTILS_CFLAGS) +hash_LDADD = libibmtssutils.la libibmtss.la + +hierarchycontrol_SOURCES = hierarchycontrol.c +hierarchycontrol_CFLAGS = $(UTILS_CFLAGS) +hierarchycontrol_LDADD = libibmtssutils.la libibmtss.la + +hierarchychangeauth_SOURCES = hierarchychangeauth.c +hierarchychangeauth_CFLAGS = $(UTILS_CFLAGS) +hierarchychangeauth_LDADD = libibmtssutils.la libibmtss.la + +hmac_SOURCES = hmac.c +hmac_CFLAGS = $(UTILS_CFLAGS) +hmac_LDADD = libibmtssutils.la libibmtss.la + +hmacstart_SOURCES = hmacstart.c +hmacstart_CFLAGS = $(UTILS_CFLAGS) +hmacstart_LDADD = libibmtssutils.la libibmtss.la + +import_SOURCES = import.c +import_CFLAGS = $(UTILS_CFLAGS) +import_LDADD = libibmtssutils.la libibmtss.la + +importpem_SOURCES = importpem.c objecttemplates.c +importpem_CFLAGS = $(UTILS_CFLAGS) +importpem_LDADD = libibmtssutils.la libibmtss.la + +load_SOURCES = load.c +load_CFLAGS = $(UTILS_CFLAGS) +load_LDADD = libibmtssutils.la libibmtss.la + +loadexternal_SOURCES = loadexternal.c +loadexternal_CFLAGS = $(UTILS_CFLAGS) +loadexternal_LDADD = libibmtssutils.la libibmtss.la + +makecredential_SOURCES = makecredential.c +makecredential_CFLAGS = $(UTILS_CFLAGS) +makecredential_LDADD = libibmtssutils.la libibmtss.la + +nvcertify_SOURCES = nvcertify.c +nvcertify_CFLAGS = $(UTILS_CFLAGS) +nvcertify_LDADD = libibmtssutils.la libibmtss.la + +nvchangeauth_SOURCES = nvchangeauth.c +nvchangeauth_CFLAGS = $(UTILS_CFLAGS) +nvchangeauth_LDADD = libibmtssutils.la libibmtss.la + +nvdefinespace_SOURCES = nvdefinespace.c +nvdefinespace_CFLAGS = $(UTILS_CFLAGS) +nvdefinespace_LDADD = libibmtssutils.la libibmtss.la + +nvextend_SOURCES = nvextend.c +nvextend_CFLAGS = $(UTILS_CFLAGS) +nvextend_LDADD = libibmtssutils.la libibmtss.la + +nvglobalwritelock_SOURCES = nvglobalwritelock.c +nvglobalwritelock_CFLAGS = $(UTILS_CFLAGS) +nvglobalwritelock_LDADD = libibmtssutils.la libibmtss.la + +nvincrement_SOURCES = nvincrement.c +nvincrement_CFLAGS = $(UTILS_CFLAGS) +nvincrement_LDADD = libibmtssutils.la libibmtss.la + +nvread_SOURCES = nvread.c +nvread_CFLAGS = $(UTILS_CFLAGS) +nvread_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +nvreadlock_SOURCES = nvreadlock.c +nvreadlock_CFLAGS = $(UTILS_CFLAGS) +nvreadlock_LDADD = libibmtssutils.la libibmtss.la + +nvreadpublic_SOURCES = nvreadpublic.c +nvreadpublic_CFLAGS = $(UTILS_CFLAGS) +nvreadpublic_LDADD = libibmtssutils.la libibmtss.la + +nvsetbits_SOURCES = nvsetbits.c +nvsetbits_CFLAGS = $(UTILS_CFLAGS) +nvsetbits_LDADD = libibmtssutils.la libibmtss.la + +nvundefinespace_SOURCES = nvundefinespace.c +nvundefinespace_CFLAGS = $(UTILS_CFLAGS) +nvundefinespace_LDADD = libibmtssutils.la libibmtss.la + +nvundefinespacespecial_SOURCES = nvundefinespacespecial.c +nvundefinespacespecial_CFLAGS = $(UTILS_CFLAGS) +nvundefinespacespecial_LDADD = libibmtssutils.la libibmtss.la + +nvwrite_SOURCES = nvwrite.c +nvwrite_CFLAGS = $(UTILS_CFLAGS) +nvwrite_LDADD = libibmtssutils.la libibmtss.la + +nvwritelock_SOURCES = nvwritelock.c +nvwritelock_CFLAGS = $(UTILS_CFLAGS) +nvwritelock_LDADD = libibmtssutils.la libibmtss.la + +objectchangeauth_SOURCES = objectchangeauth.c +objectchangeauth_CFLAGS = $(UTILS_CFLAGS) +objectchangeauth_LDADD = libibmtssutils.la libibmtss.la + +pcrallocate_SOURCES = pcrallocate.c +pcrallocate_CFLAGS = $(UTILS_CFLAGS) +pcrallocate_LDADD = libibmtssutils.la libibmtss.la + +pcrevent_SOURCES = pcrevent.c +pcrevent_CFLAGS = $(UTILS_CFLAGS) +pcrevent_LDADD = libibmtssutils.la libibmtss.la + +pcrextend_SOURCES = pcrextend.c +pcrextend_CFLAGS = $(UTILS_CFLAGS) +pcrextend_LDADD = libibmtssutils.la libibmtss.la + +pcrread_SOURCES = pcrread.c +pcrread_CFLAGS = $(UTILS_CFLAGS) +pcrread_LDADD = libibmtssutils.la libibmtss.la + +pcrreset_SOURCES = pcrreset.c +pcrreset_CFLAGS = $(UTILS_CFLAGS) +pcrreset_LDADD = libibmtssutils.la libibmtss.la + +policyauthorize_SOURCES = policyauthorize.c +policyauthorize_CFLAGS = $(UTILS_CFLAGS) +policyauthorize_LDADD = libibmtssutils.la libibmtss.la + +policyauthvalue_SOURCES = policyauthvalue.c +policyauthvalue_CFLAGS = $(UTILS_CFLAGS) +policyauthvalue_LDADD = libibmtssutils.la libibmtss.la + +policycommandcode_SOURCES = policycommandcode.c +policycommandcode_CFLAGS = $(UTILS_CFLAGS) +policycommandcode_LDADD = libibmtssutils.la libibmtss.la + +policycphash_SOURCES = policycphash.c +policycphash_CFLAGS = $(UTILS_CFLAGS) +policycphash_LDADD = libibmtssutils.la libibmtss.la + +policynamehash_SOURCES = policynamehash.c +policynamehash_CFLAGS = $(UTILS_CFLAGS) +policynamehash_LDADD = libibmtssutils.la libibmtss.la + +policycountertimer_SOURCES = policycountertimer.c +policycountertimer_CFLAGS = $(UTILS_CFLAGS) +policycountertimer_LDADD = libibmtssutils.la libibmtss.la + +policyduplicationselect_SOURCES = policyduplicationselect.c +policyduplicationselect_CFLAGS = $(UTILS_CFLAGS) +policyduplicationselect_LDADD = libibmtssutils.la libibmtss.la + +policygetdigest_SOURCES = policygetdigest.c +policygetdigest_CFLAGS = $(UTILS_CFLAGS) +policygetdigest_LDADD = libibmtssutils.la libibmtss.la + +policymaker_SOURCES = policymaker.c +policymaker_CFLAGS = $(UTILS_CFLAGS) +policymaker_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +policymakerpcr_SOURCES = policymakerpcr.c +policymakerpcr_CFLAGS = $(UTILS_CFLAGS) +policymakerpcr_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +policyauthorizenv_SOURCES = policyauthorizenv.c +policyauthorizenv_CFLAGS = $(UTILS_CFLAGS) +policyauthorizenv_LDADD = libibmtssutils.la libibmtss.la + +policynv_SOURCES = policynv.c +policynv_CFLAGS = $(UTILS_CFLAGS) +policynv_LDADD = libibmtssutils.la libibmtss.la + +policynvwritten_SOURCES = policynvwritten.c +policynvwritten_CFLAGS = $(UTILS_CFLAGS) +policynvwritten_LDADD = libibmtssutils.la libibmtss.la + +policyor_SOURCES = policyor.c +policyor_CFLAGS = $(UTILS_CFLAGS) +policyor_LDADD = libibmtssutils.la libibmtss.la + +policypassword_SOURCES = policypassword.c +policypassword_CFLAGS = $(UTILS_CFLAGS) +policypassword_LDADD = libibmtssutils.la libibmtss.la + +policypcr_SOURCES = policypcr.c +policypcr_CFLAGS = $(UTILS_CFLAGS) +policypcr_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +policyrestart_SOURCES = policyrestart.c +policyrestart_CFLAGS = $(UTILS_CFLAGS) +policyrestart_LDADD = libibmtssutils.la libibmtss.la + +policysigned_SOURCES = policysigned.c +policysigned_CFLAGS = $(UTILS_CFLAGS) +policysigned_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +policysecret_SOURCES = policysecret.c +policysecret_CFLAGS = $(UTILS_CFLAGS) +policysecret_LDADD = libibmtssutils.la libibmtss.la + +policytemplate_SOURCES = policytemplate.c +policytemplate_CFLAGS = $(UTILS_CFLAGS) +policytemplate_LDADD = libibmtssutils.la libibmtss.la + +policyticket_SOURCES = policyticket.c +policyticket_CFLAGS = $(UTILS_CFLAGS) +policyticket_LDADD = libibmtssutils.la libibmtss.la + +quote_SOURCES = quote.c +quote_CFLAGS = $(UTILS_CFLAGS) +quote_LDADD = libibmtssutils.la libibmtss.la + +powerup_SOURCES = powerup.c +powerup_CFLAGS = $(UTILS_CFLAGS) +powerup_LDADD = libibmtssutils.la libibmtss.la + +readclock_SOURCES = readclock.c +readclock_CFLAGS = $(UTILS_CFLAGS) +readclock_LDADD = libibmtssutils.la libibmtss.la + +readpublic_SOURCES = readpublic.c +readpublic_CFLAGS = $(UTILS_CFLAGS) +readpublic_LDADD = libibmtssutils.la libibmtss.la + +returncode_SOURCES = returncode.c +returncode_CFLAGS = $(UTILS_CFLAGS) +returncode_LDADD = libibmtssutils.la libibmtss.la + +rewrap_SOURCES = rewrap.c +rewrap_CFLAGS = $(UTILS_CFLAGS) +rewrap_LDADD = libibmtssutils.la libibmtss.la + +rsadecrypt_SOURCES = rsadecrypt.c +rsadecrypt_CFLAGS = $(UTILS_CFLAGS) +rsadecrypt_LDADD = libibmtssutils.la libibmtss.la + +rsaencrypt_SOURCES = rsaencrypt.c +rsaencrypt_CFLAGS = $(UTILS_CFLAGS) +rsaencrypt_LDADD = libibmtssutils.la libibmtss.la + +sequenceupdate_SOURCES = sequenceupdate.c +sequenceupdate_CFLAGS = $(UTILS_CFLAGS) +sequenceupdate_LDADD = libibmtssutils.la libibmtss.la + +sequencecomplete_SOURCES = sequencecomplete.c +sequencecomplete_CFLAGS = $(UTILS_CFLAGS) +sequencecomplete_LDADD = libibmtssutils.la libibmtss.la + +setcommandcodeauditstatus_SOURCES = setcommandcodeauditstatus.c +setcommandcodeauditstatus_CFLAGS = $(UTILS_CFLAGS) +setcommandcodeauditstatus_LDADD = libibmtssutils.la libibmtss.la + +setprimarypolicy_SOURCES = setprimarypolicy.c +setprimarypolicy_CFLAGS = $(UTILS_CFLAGS) +setprimarypolicy_LDADD = libibmtssutils.la libibmtss.la + +shutdown_SOURCES = shutdown.c +shutdown_CFLAGS = $(UTILS_CFLAGS) +shutdown_LDADD = libibmtssutils.la libibmtss.la + +sign_SOURCES = sign.c +sign_CFLAGS = $(UTILS_CFLAGS) +sign_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +startauthsession_SOURCES = startauthsession.c +startauthsession_CFLAGS = $(UTILS_CFLAGS) +startauthsession_LDADD = libibmtssutils.la libibmtss.la + +startup_SOURCES = startup.c +startup_CFLAGS = $(UTILS_CFLAGS) +startup_LDADD = libibmtssutils.la libibmtss.la + +stirrandom_SOURCES = stirrandom.c +stirrandom_CFLAGS = $(UTILS_CFLAGS) +stirrandom_LDADD = libibmtssutils.la libibmtss.la + +unseal_SOURCES = unseal.c +unseal_CFLAGS = $(UTILS_CFLAGS) +unseal_LDADD = libibmtssutils.la libibmtss.la + +verifysignature_SOURCES = verifysignature.c +verifysignature_CFLAGS = $(UTILS_CFLAGS) +verifysignature_LDADD = libibmtssutils.la libibmtss.la + +zgen2phase_SOURCES = zgen2phase.c +zgen2phase_CFLAGS = $(UTILS_CFLAGS) +zgen2phase_LDADD = libibmtssutils.la libibmtss.la + +signapp_SOURCES = signapp.c +signapp_CFLAGS = $(UTILS_CFLAGS) +signapp_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +writeapp_SOURCES = writeapp.c +writeapp_CFLAGS = $(UTILS_CFLAGS) +writeapp_LDADD = libibmtssutils.la libibmtss.la + +timepacket_SOURCES = timepacket.c +timepacket_CFLAGS = $(UTILS_CFLAGS) +timepacket_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +createek_SOURCES = createek.c +createek_CFLAGS = $(UTILS_CFLAGS) +createek_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS) + +createekcert_SOURCES = createekcert.c +createekcert_CFLAGS = $(UTILS_CFLAGS) +createekcert_LDADD = libibmtssutils.la libibmtss.la + +tpm2pem_SOURCES = tpm2pem.c +tpm2pem_CFLAGS = $(UTILS_CFLAGS) +tpm2pem_LDADD = libibmtssutils.la libibmtss.la + +tpmpublic2eccpoint_SOURCES = tpmpublic2eccpoint.c +tpmpublic2eccpoint_CFLAGS = $(UTILS_CFLAGS) +tpmpublic2eccpoint_LDADD = libibmtssutils.la libibmtss.la + +ntc2getconfig_SOURCES = ntc2getconfig.c +ntc2getconfig_CFLAGS = $(UTILS_CFLAGS) +ntc2getconfig_LDADD = libibmtssutils.la libibmtss.la + +ntc2preconfig_SOURCES = ntc2preconfig.c +ntc2preconfig_CFLAGS = $(UTILS_CFLAGS) +ntc2preconfig_LDADD = libibmtssutils.la libibmtss.la + +ntc2lockconfig_SOURCES = ntc2lockconfig.c +ntc2lockconfig_CFLAGS = $(UTILS_CFLAGS) +ntc2lockconfig_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la + +publicname_SOURCES = publicname.c +publicname_CFLAGS = $(OPENSSL_CFLAGS) +publicname_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la + +tpmcmd_SOURCES = tpmcmd.c +tpmcmd_CFLAGS = $(OPENSSL_CFLAGS) +tpmcmd_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la + +printattr_SOURCES = printattr.c +printattr_CFLAGS = $(OPENSSL_CFLAGS) +printattr_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la + +endif diff --git a/libstb/tss2/ibmtpm20tss/utils/Platform.h b/libstb/tss2/ibmtpm20tss/utils/Platform.h new file mode 100644 index 000000000000..9c5a594d36f4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Platform.h @@ -0,0 +1,361 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Platform.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 122 */ + +// C.8 Platform.h + +#ifndef PLATFORM_H +#define PLATFORM_H + +// C.8.1. Includes and Defines + +#include +#include "stdint.h" +#include "TpmError.h" +#include + +// C.8.2. Power Functions +// C.8.2.1. _plat__Signal_PowerOn +// Signal power on This signal is simulate by a RPC call + +LIB_EXPORT int +_plat__Signal_PowerOn(void); + +// C.8.2.2. _plat__Signal_Reset +// Signal reset This signal is simulate by a RPC call + +LIB_EXPORT int +_plat__Signal_Reset(void); + +// C.8.2.3. _plat__WasPowerLost() +// Indicates if the power was lost before a _TPM__Init(). + +LIB_EXPORT BOOL +_plat__WasPowerLost(BOOL clear); + +// C.8.2.4. _plat__Signal_PowerOff() +// Signal power off This signal is simulate by a RPC call + +LIB_EXPORT void +_plat__Signal_PowerOff(void); + +// C.8.3. Physical Presence Functions +// C.8.3.1. _plat__PhysicalPresenceAsserted() +// Check if physical presence is signaled +// Return Value Meaning +// TRUE if physical presence is signaled +// FALSE if physical presence is not signaled + +LIB_EXPORT BOOL +_plat__PhysicalPresenceAsserted(void); + +// C.8.3.2. _plat__Signal_PhysicalPresenceOn +// Signal physical presence on This signal is simulate by a RPC call + +LIB_EXPORT void +_plat__Signal_PhysicalPresenceOn(void); + +// C.8.3.3. _plat__Signal_PhysicalPresenceOff() +// Signal physical presence off This signal is simulate by a RPC call + +LIB_EXPORT void +_plat__Signal_PhysicalPresenceOff(void); + +// C.8.4. Command Canceling Functions +// C.8.4.1. _plat__IsCanceled() +// Check if the cancel flag is set +// Return Value Meaning +// TRUE if cancel flag is set +// FALSE if cancel flag is not set + +LIB_EXPORT BOOL +_plat__IsCanceled(void); + +// C.8.4.2. _plat__SetCancel() +// Set cancel flag. + +LIB_EXPORT void +_plat__SetCancel(void); + +// C.8.4.3. _plat__ClearCancel() +// Clear cancel flag + +LIB_EXPORT void +_plat__ClearCancel( void); + +// C.8.5. NV memory functions +// C.8.5.1. _plat__NvErrors() + +// This function is used by the simulator to set the error flags in the NV subsystem to simulate an +// error in the NV loading process + +LIB_EXPORT void +_plat__NvErrors( + BOOL recoverable, + BOOL unrecoverable + ); + +// C.8.5.2. _plat__NVEnable() + +// Enable platform NV memory NV memory is automatically enabled at power on event. This function is +// mostly for TPM_Manufacture() to access NV memory without a power on event + +// Return Value Meaning +// 0 if success +// non-0 if fail + +LIB_EXPORT int +_plat__NVEnable( + void *platParameter // IN: platform specific parameters + ); + +// C.8.5.3. _plat__NVDisable() + +// Disable platform NV memory NV memory is automatically disabled at power off event. This function +// is mostly for TPM_Manufacture() to disable NV memory without a power off event + +LIB_EXPORT void +_plat__NVDisable(void); + +// C.8.5.4. _plat__IsNvAvailable() +// Check if NV is available +// Return Value Meaning +// 0 NV is available +// 1 NV is not available due to write failure +// 2 NV is not available due to rate limit + +LIB_EXPORT int +_plat__IsNvAvailable(void); + +// C.8.5.5. _plat__NvCommit() +// Update NV chip +// Return Value Meaning +// 0 NV write success +// non-0 NV write fail + +LIB_EXPORT int +_plat__NvCommit(void); + +// C.8.5.6. _plat__NvMemoryRead() +// Read a chunk of NV memory + +LIB_EXPORT void +_plat__NvMemoryRead( + unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void *data // OUT: data buffer + ); + +// C.8.5.7. _plat__NvIsDifferent() + +// This function checks to see if the NV is different from the test value. This is so that NV will +// not be written if it has not changed. + +// Return Value Meaning +// TRUE the NV location is different from the test value +// FALSE the NV location is the same as the test value + +LIB_EXPORT BOOL +_plat__NvIsDifferent( + unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to compare + void *data // IN: data buffer + ); + +// C.8.5.8. _plat__NvMemoryWrite() + +// Write a chunk of NV memory + +LIB_EXPORT void +_plat__NvMemoryWrite( + unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void *data // OUT: data buffer + ); + +// C.8.5.9. _plat__NvMemoryClear() + +// Function is used to set a range of NV memory bytes to an implementation-dependent value. The +// value represents the errase state of the memory. + +LIB_EXPORT void +_plat__NvMemoryClear( + unsigned int start, // IN: clear start + unsigned int size // IN: number of bytes to be clear + ); + +// C.8.5.10. _plat__NvMemoryMove() + +// Move a chunk of NV memory from source to destination This function should ensure that if there +// overlap, the original data is copied before it is written + +LIB_EXPORT void +_plat__NvMemoryMove( + unsigned int sourceOffset, // IN: source offset + unsigned int destOffset, // IN: destination offset + unsigned int size // IN: size of data being moved + ); + +// C.8.5.11. _plat__SetNvAvail() + +// Set the current NV state to available. This function is for testing purposes only. It is not +// part of the platform NV logic + +LIB_EXPORT void +_plat__SetNvAvail(void); + +// C.8.5.12. _plat__ClearNvAvail() + +// Set the current NV state to unavailable. This function is for testing purposes only. It is not +// part of the platform NV logic + +LIB_EXPORT void +_plat__ClearNvAvail(void); + +// C.8.6. Locality Functions +// C.8.6.1. _plat__LocalityGet() +// Get the most recent command locality in locality value form + +LIB_EXPORT unsigned char +_plat__LocalityGet(void); + +// C.8.6.2. _plat__LocalitySet() +// Set the most recent command locality in locality value form + +LIB_EXPORT void +_plat__LocalitySet( + unsigned char locality + ); + +// C.8.7. Clock Constants and Functions +// Assume that the nominal divisor is 30000 + +#define CLOCK_NOMINAL 30000 + +// A 1% change in rate is 300 counts + +#define CLOCK_ADJUST_COARSE 300 + +// A .1 change in rate is 30 counts + +#define CLOCK_ADJUST_MEDIUM 30 + +// A minimum change in rate is 1 count + +#define CLOCK_ADJUST_FINE 1 + +// The clock tolerance is +/-15% (4500 counts) Allow some guard band (16.7%) + +#define CLOCK_ADJUST_LIMIT 5000 + +// C.8.7.1. _plat__ClockReset() + +// This function sets the current clock time as initial time. This function is called at a power on +// event to reset the clock + +LIB_EXPORT void +_plat__ClockReset(void); + +// C.8.7.2. _plat__ClockTimeFromStart() + +// Function returns the compensated time from the start of the command when +// _plat__ClockTimeFromStart() was called. + +LIB_EXPORT unsigned long long +_plat__ClockTimeFromStart(void); + +// C.8.7.3. _plat__ClockTimeElapsed() + +// Get the time elapsed from current to the last time the _plat__ClockTimeElapsed() is called. For +// the first _plat__ClockTimeElapsed() call after a power on event, this call report the elapsed +// time from power on to the current call + +LIB_EXPORT unsigned long long +_plat__ClockTimeElapsed(void); + +// C.8.7.4. _plat__ClockAdjustRate() +// Adjust the clock rate + +LIB_EXPORT void +_plat__ClockAdjustRate( + int adjust // IN: the adjust number. It could be + // positive or negative + ); + +// C.8.8. Single Function Files +// C.8.8.1. _plat__GetEntropy() + +// This function is used to get available hardware entropy. In a hardware implementation of this +// function, there would be no call to the system to get entropy. If the caller does not ask for any +// entropy, then this is a startup indication and firstValue should be reset. + +// Return Value Meaning +// < 0 hardware failure of the entropy generator, this is sticky +// >= 0 the returned amount of entropy (bytes) + +LIB_EXPORT int32_t +_plat__GetEntropy( + unsigned char *entropy, // output buffer + uint32_t amount // amount requested + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c b/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c new file mode 100644 index 000000000000..70dacda3e302 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Unmarshal.c @@ -0,0 +1,4961 @@ +/********************************************************************************/ +/* */ +/* Parameter Unmarshaling */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include + +#include + +/* The functions with the TSS_ prefix are preferred. They use an unsigned size. The functions + without the prefix are deprecated. */ + +/* TPM_TSS_NOCMDCHECK defined strips the unmarshal functions used for command parameter checking + TPM_TSS_NODEPRECATED defines strips the deprecated functions that used a signed size +*/ + +/* The int and array functions are common to TPM 1.2 and TPM 2.0 */ + +TPM_RC +TSS_UINT8_Unmarshalu(UINT8 *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(UINT8)) { + return TPM_RC_INSUFFICIENT; + } + *target = (*buffer)[0]; + *buffer += sizeof(UINT8); + *size -= sizeof(UINT8); + return TPM_RC_SUCCESS; +} + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_INT8_Unmarshalu(INT8 *target, BYTE **buffer, uint32_t *size) +{ + return TSS_UINT8_Unmarshalu((UINT8 *)target, buffer, size); +} +#endif /* TPM_TSS_NOCMDCHECK */ + +TPM_RC +TSS_UINT16_Unmarshalu(uint16_t *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(uint16_t)) { + return TPM_RC_INSUFFICIENT; + } + *target = ((uint16_t)((*buffer)[0]) << 8) | + ((uint16_t)((*buffer)[1]) << 0); + *buffer += sizeof(uint16_t); + *size -= sizeof(uint16_t); + return TPM_RC_SUCCESS; +} + +TPM_RC +TSS_UINT32_Unmarshalu(UINT32 *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(uint32_t)) { + return TPM_RC_INSUFFICIENT; + } + *target = ((uint32_t)((*buffer)[0]) << 24) | + ((uint32_t)((*buffer)[1]) << 16) | + ((uint32_t)((*buffer)[2]) << 8) | + ((uint32_t)((*buffer)[3]) << 0); + *buffer += sizeof(uint32_t); + *size -= sizeof(uint32_t); + return TPM_RC_SUCCESS; +} + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_INT32_Unmarshalu(INT32 *target, BYTE **buffer, uint32_t *size) +{ + return TSS_UINT32_Unmarshalu((UINT32 *)target, buffer, size); +} +#endif /* TPM_TSS_NOCMDCHECK */ + +TPM_RC +TSS_UINT64_Unmarshalu(UINT64 *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(UINT64)) { + return TPM_RC_INSUFFICIENT; + } + *target = ((UINT64)((*buffer)[0]) << 56) | + ((UINT64)((*buffer)[1]) << 48) | + ((UINT64)((*buffer)[2]) << 40) | + ((UINT64)((*buffer)[3]) << 32) | + ((UINT64)((*buffer)[4]) << 24) | + ((UINT64)((*buffer)[5]) << 16) | + ((UINT64)((*buffer)[6]) << 8) | + ((UINT64)((*buffer)[7]) << 0); + *buffer += sizeof(UINT64); + *size -= sizeof(UINT64); + return TPM_RC_SUCCESS; +} + +TPM_RC +TSS_Array_Unmarshalu(BYTE *targetBuffer, uint16_t targetSize, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (*size < targetSize) { + rc = TPM_RC_INSUFFICIENT; + } + else { + memcpy(targetBuffer, *buffer, targetSize); + *buffer += targetSize; + *size -= targetSize; + } + return rc; +} + +#ifndef TPM_TSS_NODEPRECATED +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) +{ + return TSS_UINT8_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) +{ + return TSS_INT8_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) +{ + return TSS_UINT16_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) +{ + return TSS_UINT32_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) +{ + return TSS_INT32_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) +{ + return TSS_UINT64_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size) +{ + return TSS_Array_Unmarshalu(targetBuffer, targetSize, buffer, (uint32_t *)size); +} + +#endif /* TPM_TSS_NOCMDCHECK */ +#endif /* TPM_TSS_NODEPRECATED */ +#ifdef TPM_TPM20 + +TPM_RC +TSS_TPM2B_Unmarshalu(TPM2B *target, uint16_t targetSize, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size > targetSize) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_Array_Unmarshalu(target->buffer, target->size, buffer, size); + } + return rc; +} + +/* Table 5 - Definition of Types for Documentation Clarity */ + +TPM_RC +TSS_TPM_KEY_BITS_Unmarshalu(TPM_KEY_BITS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_TPM_GENERATED_Unmarshalu(TPM_GENERATED *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (*target != TPM_GENERATED_VALUE) { + rc = TPM_RC_VALUE; + } + } + return rc; +} +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ + +TPM_RC +TSS_TPM_ALG_ID_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ + +#ifdef TPM_ALG_ECC +TPM_RC +TSS_TPM_ECC_CURVE_Unmarshalu(TPM_ECC_CURVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + return rc; +} +#endif /* TPM_ALG_ECC */ + +/* Table 13 - Definition of (UINT32) TPM_CC Constants (Numeric Order) */ + +TPM_RC +TSS_TPM_CC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) */ + +TPM_RC +TSS_TPM_RC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ + +TPM_RC +TSS_TPM_CLOCK_ADJUST_Unmarshalu(TPM_CLOCK_ADJUST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_INT8_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_CLOCK_COARSE_SLOWER: + case TPM_CLOCK_MEDIUM_SLOWER: + case TPM_CLOCK_FINE_SLOWER: + case TPM_CLOCK_NO_CHANGE: + case TPM_CLOCK_FINE_FASTER: + case TPM_CLOCK_MEDIUM_FASTER: + case TPM_CLOCK_COARSE_FASTER: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 19 - Definition of (UINT16) TPM_EO Constants */ + +TPM_RC +TSS_TPM_EO_Unmarshalu(TPM_EO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_EO_EQ: + case TPM_EO_NEQ: + case TPM_EO_SIGNED_GT: + case TPM_EO_UNSIGNED_GT: + case TPM_EO_SIGNED_LT: + case TPM_EO_UNSIGNED_LT: + case TPM_EO_SIGNED_GE: + case TPM_EO_UNSIGNED_GE: + case TPM_EO_SIGNED_LE: + case TPM_EO_UNSIGNED_LE: + case TPM_EO_BITSET: + case TPM_EO_BITCLEAR: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 20 - Definition of (UINT16) TPM_ST Constants */ + +TPM_RC +TSS_TPM_ST_Unmarshalu(TPM_ST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK +/* Table 21 - Definition of (UINT16) TPM_SU Constants */ + +TPM_RC +TSS_TPM_SU_Unmarshalu(TPM_SU *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_SU_CLEAR: + case TPM_SU_STATE: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 22 - Definition of (UINT8) TPM_SE Constants */ + +TPM_RC +TSS_TPM_SE_Unmarshalu(TPM_SE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_SE_HMAC: + case TPM_SE_POLICY: + case TPM_SE_TRIAL: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 23 - Definition of (UINT32) TPM_CAP Constants */ + +TPM_RC +TSS_TPM_CAP_Unmarshalu(TPM_CAP *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 24 - Definition of (UINT32) TPM_PT Constants */ + +TPM_RC +TSS_TPM_PT_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants */ + +TPM_RC +TSS_TPM_PT_PCR_Unmarshalu(TPM_PT_PCR *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 27 - Definition of Types for Handles */ + +TPM_RC +TSS_TPM_HANDLE_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */ + +TPM_RC +TSS_TPMA_ALGORITHM_Unmarshalu(TPMA_ALGORITHM *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->val & TPMA_ALGORITHM_RESERVED) { + rc = TPM_RC_RESERVED_BITS; + } + } + return rc; +} + +/* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */ + +TPM_RC +TSS_TPMA_OBJECT_Unmarshalu(TPMA_OBJECT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->val & TPMA_OBJECT_RESERVED) { + rc = TPM_RC_RESERVED_BITS; + } + } + return rc; +} + +/* Table 33 - Definition of (UINT8) TPMA_SESSION Bits */ + +TPM_RC +TSS_TPMA_SESSION_Unmarshalu(TPMA_SESSION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(&target->val, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->val & TPMA_SESSION_RESERVED) { + rc = TPM_RC_RESERVED_BITS; + } + } + return rc; +} + +/* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits */ + +TPM_RC +TSS_TPMA_LOCALITY_Unmarshalu(TPMA_LOCALITY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(&target->val, buffer, size); + } + return rc; +} + +/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ + +TPM_RC +TSS_TPMA_CC_Unmarshalu(TPMA_CC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->val & TPMA_CC_RESERVED) { + rc = TPM_RC_RESERVED_BITS; + } + } + return rc; +} + +/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */ + +TPM_RC +TSS_TPMI_YES_NO_Unmarshalu(TPMI_YES_NO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ + +TPM_RC +TSS_TPMI_DH_OBJECT_Unmarshalu(TPMI_DH_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); + BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); + BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; + if (isNotTransient && + isNotPersistent && + isNotLegalNull) { + rc = TPM_RC_VALUE; + } + } + return rc; +} +/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_TPMI_DH_PERSISTENT_Unmarshalu(TPMI_DH_PERSISTENT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); + if (isNotPersistent) { + rc = TPM_RC_VALUE; + } + } + return rc; +} +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ + +TPM_RC +TSS_TPMI_DH_ENTITY_Unmarshalu(TPMI_DH_ENTITY *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotOwner = *target != TPM_RH_OWNER; + BOOL isNotEndorsement = *target != TPM_RH_ENDORSEMENT; + BOOL isNotPlatform = *target != TPM_RH_PLATFORM; + BOOL isNotLockout = *target != TPM_RH_LOCKOUT; + BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); + BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); + BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); + BOOL isNotPcr = (*target > PCR_LAST); + BOOL isNotAuth = (*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF); + BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; + if (isNotOwner && + isNotEndorsement && + isNotPlatform && + isNotLockout && + isNotTransient && + isNotPersistent && + isNotNv && + isNotPcr && + isNotAuth && + isNotLegalNull) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_TPMI_DH_PCR_Unmarshalu(TPMI_DH_PCR *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotPcr = (*target > PCR_LAST); + BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; + if (isNotPcr && + isNotLegalNull) { + rc = TPM_RC_VALUE; + } + } + return rc; +} +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ + +TPM_RC +TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, uint32_t *size, BOOL allowPwd) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); + BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); + BOOL isNotLegalPwd = (*target != TPM_RS_PW) || !allowPwd; + if (isNotHmacSession && + isNotPolicySession && + isNotLegalPwd) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_TPMI_SH_HMAC_Unmarshalu(TPMI_SH_HMAC *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); + if (isNotHmacSession) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ + +TPM_RC +TSS_TPMI_SH_POLICY_Unmarshalu(TPMI_SH_POLICY *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); + if (isNotPolicySession) { + rc = TPM_RC_VALUE; + } + } + return rc; +} +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ + +TPM_RC +TSS_TPMI_DH_CONTEXT_Unmarshalu(TPMI_DH_CONTEXT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); + BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); + BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); + if (isNotHmacSession && + isNotPolicySession && + isNotTransient) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type */ + +TPM_RC +TSS_TPMI_DH_SAVED_Unmarshalu(TPMI_DH_SAVED *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); + BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); + BOOL isNotTransient = (*target != 0x80000000); + BOOL isNotSequence = (*target != 0x80000001); + BOOL isNotTransientStClear = (*target != 0x80000002); + + if (isNotHmacSession && + isNotPolicySession && + isNotTransient && + isNotSequence && + isNotTransientStClear) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ + +TPM_RC +TSS_TPMI_RH_HIERARCHY_Unmarshalu(TPMI_RH_HIERARCHY *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + break; + case TPM_RH_NULL: + if (!allowNull) { + rc = TPM_RC_VALUE; + } + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} +/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ + +#ifndef TPM_TSS_NOCMDCHECK +TPM_RC +TSS_TPMI_RH_ENABLES_Unmarshalu(TPMI_RH_ENABLES *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM_NV: + break; + case TPM_RH_NULL: + if (!allowNull) { + rc = TPM_RC_VALUE; + } + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ + +TPM_RC +TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_LOCKOUT: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ + +TPM_RC +TSS_TPMI_RH_PLATFORM_Unmarshalu(TPMI_RH_PLATFORM *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_PLATFORM: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ + +TPM_RC +TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_ENDORSEMENT: + break; + case TPM_RH_NULL: + if (!allowNull) { + rc = TPM_RC_VALUE; + } + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ + +TPM_RC +TSS_TPMI_RH_PROVISION_Unmarshalu(TPMI_RH_PROVISION *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ + +TPM_RC +TSS_TPMI_RH_CLEAR_Unmarshalu(TPMI_RH_CLEAR *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_LOCKOUT: + case TPM_RH_PLATFORM: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ + +TPM_RC +TSS_TPMI_RH_NV_AUTH_Unmarshalu(TPMI_RH_NV_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_OWNER: + case TPM_RH_PLATFORM: + break; + default: + { + BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); + if (isNotNv) { + rc = TPM_RC_VALUE; + } + } + } + } + return rc; +} + +/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ + +TPM_RC +TSS_TPMI_RH_LOCKOUT_Unmarshalu(TPMI_RH_LOCKOUT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_RH_LOCKOUT: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ + +TPM_RC +TSS_TPMI_RH_NV_INDEX_Unmarshalu(TPMI_RH_NV_INDEX *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); + if (isNotNv) { + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + +TPM_RC +TSS_TPMI_ALG_HASH_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_Unmarshalu(TPMI_ALG_SYM *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_MODE_Unmarshalu(TPMI_ALG_SYM_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + +TPM_RC +TSS_TPMI_ALG_KDF_Unmarshalu(TPMI_ALG_KDF *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ + +TPM_RC +TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ + +TPM_RC +TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_ST_NO_SESSIONS: + case TPM_ST_SESSIONS: + break; + default: + rc = TPM_RC_BAD_TAG; + } + } + return rc; +} + +/* Table 70 TPMI_ALG_MAC_SCHEME */ + +TPM_RC +TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 70 TPMI_ALG_CIPHER_MODE */ + +TPM_RC +TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 68 - Definition of TPMS_EMPTY Structure */ + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_EMPTY_Unmarshalu(TPMS_EMPTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + target = target; + buffer = buffer; + size = size; + return rc; +} + +/* Table 70 - Definition of TPMU_HA Union */ + +TPM_RC +TSS_TPMU_HA_Unmarshalu(TPMU_HA *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + rc = TSS_Array_Unmarshalu(target->sha1, SHA1_DIGEST_SIZE, buffer, size); + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + rc = TSS_Array_Unmarshalu(target->sha256, SHA256_DIGEST_SIZE, buffer, size); + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + rc =TSS_Array_Unmarshalu(target->sha384, SHA384_DIGEST_SIZE, buffer, size); + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + rc = TSS_Array_Unmarshalu(target->sha512, SHA512_DIGEST_SIZE, buffer, size); + break; +#endif +#ifdef TPM_ALG_SM3_256 + case TPM_ALG_SM3_256: + rc = TSS_Array_Unmarshalu(target->sm3_256, SM3_256_DIGEST_SIZE, buffer, size); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 71 - Definition of TPMT_HA Structure */ + +TPM_RC +TSS_TPMT_HA_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_HA_Unmarshalu(&target->digest, buffer, size, target->hashAlg); + } + return rc; +} + +/* Table 72 - Definition of TPM2B_DIGEST Structure */ + +TPM_RC +TSS_TPM2B_DIGEST_Unmarshalu(TPM2B_DIGEST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 73 - Definition of TPM2B_DATA Structure */ + +TPM_RC +TSS_TPM2B_DATA_Unmarshalu(TPM2B_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 74 - Definition of Types for TPM2B_NONCE */ + +TPM_RC +TSS_TPM2B_NONCE_Unmarshalu(TPM2B_NONCE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 75 - Definition of Types for TPM2B_AUTH */ + +TPM_RC +TSS_TPM2B_AUTH_Unmarshalu(TPM2B_AUTH *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 76 - Definition of Types for TPM2B_OPERAND */ + +TPM_RC +TSS_TPM2B_OPERAND_Unmarshalu(TPM2B_OPERAND *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 77 - Definition of TPM2B_EVENT Structure */ + +TPM_RC +TSS_TPM2B_EVENT_Unmarshalu(TPM2B_EVENT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */ + +TPM_RC +TSS_TPM2B_MAX_BUFFER_Unmarshalu(TPM2B_MAX_BUFFER *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */ + +TPM_RC +TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 80 - Definition of TPM2B_TIMEOUT Structure */ + +TPM_RC +TSS_TPM2B_TIMEOUT_Unmarshalu(TPM2B_TIMEOUT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 81 - Definition of TPM2B_IV Structure */ + +TPM_RC +TSS_TPM2B_IV_Unmarshalu(TPM2B_IV *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 83 - Definition of TPM2B_NAME Structure */ + +TPM_RC +TSS_TPM2B_NAME_Unmarshalu(TPM2B_NAME *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.name), buffer, size); + } + return rc; +} + +/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ + +TPM_RC +TSS_TPMS_PCR_SELECTION_Unmarshalu(TPMS_PCR_SELECTION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(&target->sizeofSelect, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->sizeofSelect > PCR_SELECT_MAX) { + rc = TPM_RC_VALUE; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeofSelect, buffer, size); + } + return rc; +} + +/* Table 88 - Definition of TPMT_TK_CREATION Structure */ + +TPM_RC +TSS_TPMT_TK_CREATION_Unmarshalu(TPMT_TK_CREATION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_CREATION) { + rc = TPM_RC_TAG; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + } + return rc; +} + +/* Table 89 - Definition of TPMT_TK_VERIFIED Structure */ + +TPM_RC +TSS_TPMT_TK_VERIFIED_Unmarshalu(TPMT_TK_VERIFIED *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_VERIFIED) { + rc = TPM_RC_TAG; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + } + return rc; +} + +/* Table 90 - Definition of TPMT_TK_AUTH Structure */ + +TPM_RC +TSS_TPMT_TK_AUTH_Unmarshalu(TPMT_TK_AUTH *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if ((target->tag != TPM_ST_AUTH_SIGNED) && + (target->tag != TPM_ST_AUTH_SECRET)) { + rc = TPM_RC_TAG; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + } + return rc; +} + +/* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ + +TPM_RC +TSS_TPMT_TK_HASHCHECK_Unmarshalu(TPMT_TK_HASHCHECK *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_HASHCHECK) { + rc = TPM_RC_TAG; + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size); + } + return rc; +} + +/* Table 92 - Definition of TPMS_ALG_PROPERTY Structure */ + +TPM_RC +TSS_TPMS_ALG_PROPERTY_Unmarshalu(TPMS_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(&target->alg, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_ALGORITHM_Unmarshalu(&target->algProperties, buffer, size); + } + return rc; +} + +/* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure */ + +TPM_RC +TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_PT_Unmarshalu(&target->property, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->value, buffer, size); + } + return rc; +} + +/* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ + +TPM_RC +TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_PT_PCR_Unmarshalu(&target->tag, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT8_Unmarshalu(&target->sizeofSelect, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeofSelect, buffer, size); + } + return rc; +} + +/* Table 100 - Definition of TPMS_TAGGED_POLICY Structure */ + +TPM_RC +TSS_TPMS_TAGGED_POLICY_Unmarshalu(TPMS_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->handle, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_HA_Unmarshalu(&target->policyHash, buffer, size, YES); + } + return rc; +} + +/* Table 95 - Definition of TPML_CC Structure */ + +TPM_RC +TSS_TPML_CC_Unmarshalu(TPML_CC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_CC) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPM_CC_Unmarshalu(&target->commandCodes[i], buffer, size); + } + return rc; +} + +/* Table 96 - Definition of TPML_CCA Structure */ + +TPM_RC +TSS_TPML_CCA_Unmarshalu(TPML_CCA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_CC) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMA_CC_Unmarshalu(&target->commandAttributes[i], buffer, size); + } + return rc; +} + +/* Table 97 - Definition of TPML_ALG Structure */ + +TPM_RC +TSS_TPML_ALG_Unmarshalu(TPML_ALG *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_ALG_LIST_SIZE) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPM_ALG_ID_Unmarshalu(&target->algorithms[i], buffer, size); + } + return rc; +} + +/* Table 98 - Definition of TPML_HANDLE Structure */ + +TPM_RC +TSS_TPML_HANDLE_Unmarshalu(TPML_HANDLE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_HANDLES) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->handle[i], buffer, size); + } + return rc; +} + +/* Table 99 - Definition of TPML_DIGEST Structure */ + +/* PolicyOr has a restriction of at least a count of two. This function is also used to unmarshal + PCR_Read, where a count of one is permitted. +*/ + +TPM_RC +TSS_TPML_DIGEST_Unmarshalu(TPML_DIGEST *target, BYTE **buffer, uint32_t *size, uint32_t minCount) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count < minCount) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > 8) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digests[i], buffer, size); + } + return rc; +} + +/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ + +TPM_RC +TSS_TPML_DIGEST_VALUES_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > HASH_COUNT) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMT_HA_Unmarshalu(&target->digests[i], buffer, size, NO); + } + return rc; +} + +/* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + +TPM_RC +TSS_TPML_PCR_SELECTION_Unmarshalu(TPML_PCR_SELECTION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > HASH_COUNT) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMS_PCR_SELECTION_Unmarshalu(&target->pcrSelections[i], buffer, size); + } + return rc; +} + +/* Table 103 - Definition of TPML_ALG_PROPERTY Structure */ + +TPM_RC +TSS_TPML_ALG_PROPERTY_Unmarshalu(TPML_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_ALGS) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMS_ALG_PROPERTY_Unmarshalu(&target->algProperties[i], buffer, size); + } + return rc; +} + +/* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ + +TPM_RC +TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_TPM_PROPERTIES) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(&target->tpmProperty[i], buffer, size); + } + return rc; +} + +/* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ + +TPM_RC +TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_PCR_PROPERTIES) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(&target->pcrProperty[i], buffer, size); + } + return rc; +} + +/* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure */ + +TPM_RC +TSS_TPML_ECC_CURVE_Unmarshalu(TPML_ECC_CURVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_ECC_CURVES) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPM_ECC_CURVE_Unmarshalu(&target->eccCurves[i], buffer, size); + } + return rc; +} + +/* Table 112 - Definition of TPML_TAGGED_POLICY Structure */ + +TPM_RC +TSS_TPML_TAGGED_POLICY_Unmarshalu(TPML_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_TAGGED_POLICIES) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMS_TAGGED_POLICY_Unmarshalu(&target->policies[i], buffer, size); + } + return rc; +} + +/* Table 107 - Definition of TPMU_CAPABILITIES Union */ + +TPM_RC +TSS_TPMU_CAPABILITIES_Unmarshalu(TPMU_CAPABILITIES *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { + case TPM_CAP_ALGS: + rc = TSS_TPML_ALG_PROPERTY_Unmarshalu(&target->algorithms, buffer, size); + break; + case TPM_CAP_HANDLES: + rc = TSS_TPML_HANDLE_Unmarshalu(&target->handles, buffer, size); + break; + case TPM_CAP_COMMANDS: + rc = TSS_TPML_CCA_Unmarshalu(&target->command, buffer, size); + break; + case TPM_CAP_PP_COMMANDS: + rc = TSS_TPML_CC_Unmarshalu(&target->ppCommands, buffer, size); + break; + case TPM_CAP_AUDIT_COMMANDS: + rc = TSS_TPML_CC_Unmarshalu(&target->auditCommands, buffer, size); + break; + case TPM_CAP_PCRS: + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->assignedPCR, buffer, size); + break; + case TPM_CAP_TPM_PROPERTIES: + rc = TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(&target->tpmProperties, buffer, size); + break; + case TPM_CAP_PCR_PROPERTIES: + rc = TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(&target->pcrProperties, buffer, size); + break; + case TPM_CAP_ECC_CURVES: + rc = TSS_TPML_ECC_CURVE_Unmarshalu(&target->eccCurves, buffer, size); + break; + case TPM_CAP_AUTH_POLICIES: + rc = TSS_TPML_TAGGED_POLICY_Unmarshalu(&target->authPolicies, buffer, size); + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure */ + +TPM_RC +TSS_TPMS_CAPABILITY_DATA_Unmarshalu(TPMS_CAPABILITY_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_CAP_Unmarshalu(&target->capability, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_CAPABILITIES_Unmarshalu(&target->data, buffer, size, target->capability); + } + return rc; +} + +/* Table 109 - Definition of TPMS_CLOCK_INFO Structure */ + +TPM_RC +TSS_TPMS_CLOCK_INFO_Unmarshalu(TPMS_CLOCK_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->clock, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->resetCount, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->restartCount, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->safe, buffer, size); + } + return rc; +} + +/* Table 110 - Definition of TPMS_TIME_INFO Structure */ + +TPM_RC +TSS_TPMS_TIME_INFO_Unmarshalu(TPMS_TIME_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->time, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CLOCK_INFO_Unmarshalu(&target->clockInfo, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure */ + +TPM_RC +TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_TIME_INFO_Unmarshalu(&target->time, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->firmwareVersion, buffer, size); + } + return rc; +} + +/* Table 112 - Definition of TPMS_CERTIFY_INFO Structure */ + +TPM_RC +TSS_TPMS_CERTIFY_INFO_Unmarshalu(TPMS_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedName, buffer, size); + } + return rc; +} + +/* Table 113 - Definition of TPMS_QUOTE_INFO Structure */ + +TPM_RC +TSS_TPMS_QUOTE_INFO_Unmarshalu(TPMS_QUOTE_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelect, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size); + } + return rc; +} + +/* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ + +TPM_RC +TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->auditCounter, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(&target->digestAlg, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->auditDigest, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->commandDigest, buffer, size); + } + return rc; +} + +/* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ + +TPM_RC +TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->exclusiveSession, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sessionDigest, buffer, size); + } + return rc; +} + +/* Table 116 - Definition of TPMS_CREATION_INFO Structure */ + +TPM_RC +TSS_TPMS_CREATION_INFO_Unmarshalu(TPMS_CREATION_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size); + } + return rc; +} + +/* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure */ + +TPM_RC +TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->indexName, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->nvContents, buffer, size); + } + return rc; +} + +/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure */ +TPM_RC +TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(TPMS_NV_DIGEST_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->indexName, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->nvDigest, buffer, size); + } + return rc; +} + +/* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ + +TPM_RC +TSS_TPMI_ST_ATTEST_Unmarshalu(TPMI_ST_ATTEST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ST_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 119 - Definition of TPMU_ATTEST Union */ + +TPM_RC +TSS_TPMU_ATTEST_Unmarshalu(TPMU_ATTEST *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { + case TPM_ST_ATTEST_CERTIFY: + rc = TSS_TPMS_CERTIFY_INFO_Unmarshalu(&target->certify, buffer, size); + break; + case TPM_ST_ATTEST_CREATION: + rc = TSS_TPMS_CREATION_INFO_Unmarshalu(&target->creation, buffer, size); + break; + case TPM_ST_ATTEST_QUOTE: + rc = TSS_TPMS_QUOTE_INFO_Unmarshalu(&target->quote, buffer, size); + break; + case TPM_ST_ATTEST_COMMAND_AUDIT: + rc = TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(&target->commandAudit, buffer, size); + break; + case TPM_ST_ATTEST_SESSION_AUDIT: + rc = TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(&target->sessionAudit, buffer, size); + break; + case TPM_ST_ATTEST_TIME: + rc = TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(&target->time, buffer, size); + break; + case TPM_ST_ATTEST_NV: + rc = TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(&target->nv, buffer, size); + break; + case TPM_ST_ATTEST_NV_DIGEST: + rc = TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(&target->nvDigest, buffer, size); + break; + default: + rc = TPM_RC_SELECTOR; + + } + return rc; +} + +/* Table 120 - Definition of TPMS_ATTEST Structure */ + +TPM_RC +TSS_TPMS_ATTEST_Unmarshalu(TPMS_ATTEST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_GENERATED_Unmarshalu(&target->magic, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ST_ATTEST_Unmarshalu(&target->type, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedSigner, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->extraData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CLOCK_INFO_Unmarshalu(&target->clockInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->firmwareVersion, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_ATTEST_Unmarshalu(&target->attested, buffer, size, target->type); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 121 - Definition of TPM2B_ATTEST Structure */ + +TPM_RC +TSS_TPM2B_ATTEST_Unmarshalu(TPM2B_ATTEST *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.attestationData), buffer, size); + } + return rc; +} + +/* Table 123 - Definition of TPMS_AUTH_RESPONSE Structure */ + +TPM_RC +TSS_TPMS_AUTH_RESPONSE_Unmarshalu(TPMS_AUTH_RESPONSE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonce, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_SESSION_Unmarshalu(&target->sessionAttributes, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->hmac, buffer, size); + } + return rc; +} + +/* Table 124 - Definition of {!ALG.S} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ + +#ifdef TPM_ALG_AES + +TPM_RC +TSS_TPMI_AES_KEY_BITS_Unmarshalu(TPMI_AES_KEY_BITS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size); + } + return rc; +} +#endif /* TPM_ALG_AES */ + +#ifndef TPM_TSS_NOCMDCHECK + +#ifdef TPM_ALG_CAMELLIA +TPM_RC +TSS_TPMI_CAMELLIA_KEY_BITS_Unmarshalu(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size); + } + return rc; +} +#endif /* TPM_ALG_CAMELLIA */ + +#ifdef TPM_ALG_SM4 +TPM_RC +TSS_TPMI_SM4_KEY_BITS_Unmarshalu(TPMI_SM4_KEY_BITS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size); + } + return rc; +} +#endif /* TPM_ALG_SM4 */ +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ + +TPM_RC +TSS_TPMU_SYM_KEY_BITS_Unmarshalu(TPMU_SYM_KEY_BITS *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: + rc = TSS_TPMI_AES_KEY_BITS_Unmarshalu(&target->aes, buffer, size); + break; +#endif +#ifdef TPM_ALG_SM4 + case TPM_ALG_SM4: + rc = TSS_TPMI_SM4_KEY_BITS_Unmarshalu(&target->sm4, buffer, size); + break; +#endif +#ifdef TPM_ALG_CAMELLIA + case TPM_ALG_CAMELLIA: + rc = TSS_TPMI_CAMELLIA_KEY_BITS_Unmarshalu(&target->camellia, buffer, size); + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->xorr, buffer, size, NO); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 126 - Definition of TPMU_SYM_MODE Union */ + +TPM_RC +TSS_TPMU_SYM_MODE_Unmarshalu(TPMU_SYM_MODE *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: + rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->aes, buffer, size, YES); + break; +#endif +#ifdef TPM_ALG_SM4 + case TPM_ALG_SM4: + rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->sm4, buffer, size, YES); + break; +#endif +#ifdef TPM_ALG_CAMELLIA + case TPM_ALG_CAMELLIA: + rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->camellia, buffer, size, YES); + break; +#endif + case TPM_ALG_XOR: + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 128 - Definition of TPMT_SYM_DEF Structure */ + +TPM_RC +TSS_TPMT_SYM_DEF_Unmarshalu(TPMT_SYM_DEF *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SYM_Unmarshalu(&target->algorithm, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SYM_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size, target->algorithm); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SYM_MODE_Unmarshalu(&target->mode, buffer, size, target->algorithm); + } + return rc; +} + +/* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + +TPM_RC +TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(&target->algorithm, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SYM_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size, target->algorithm); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SYM_MODE_Unmarshalu(&target->mode, buffer, size, target->algorithm); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 130 - Definition of TPM2B_SYM_KEY Structure */ + +TPM_RC +TSS_TPM2B_SYM_KEY_Unmarshalu(TPM2B_SYM_KEY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */ + +TPM_RC +TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->sym, buffer, size, NO); + } + return rc; +} + +/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure */ + +TPM_RC +TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->userAuth, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->data, buffer, size); + } + return rc; +} + +/* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(&target->sensitive, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + +TPM_RC +TSS_TPMS_SCHEME_HASH_Unmarshalu(TPMS_SCHEME_HASH *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO); + } + return rc; +} + +/* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ + +TPM_RC +TSS_TPMS_SCHEME_ECDAA_Unmarshalu(TPMS_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->count, buffer, size); + } + return rc; +} + +/* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + +TPM_RC +TSS_TPMS_SCHEME_HMAC_Unmarshalu(TPMS_SCHEME_HMAC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 139 - Definition of TPMS_SCHEME_XOR Structure */ + +TPM_RC +TSS_TPMS_SCHEME_XOR_Unmarshalu(TPMS_SCHEME_XOR *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO); /* as of rev 147 */ + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_KDF_Unmarshalu(&target->kdf, buffer, size, YES); + } + return rc; +} + +/* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + +TPM_RC +TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + rc = TSS_TPMS_SCHEME_HMAC_Unmarshalu(&target->hmac, buffer, size); + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + rc = TSS_TPMS_SCHEME_XOR_Unmarshalu(&target->xorr, buffer, size); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + +TPM_RC +TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_ECDAA_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + +TPM_RC +TSS_TPMU_SIG_SCHEME_Unmarshalu(TPMU_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + rc = TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(&target->rsassa, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(&target->rsapss, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + rc = TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(&target->ecdsa, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + rc = TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(&target->ecdaa, buffer, size); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + rc = TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(&target->sm2, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(&target->ecSchnorr, buffer, size); + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + rc = TSS_TPMS_SCHEME_HMAC_Unmarshalu(&target->hmac, buffer, size); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + +TPM_RC +TSS_TPMT_SIG_SCHEME_Unmarshalu(TPMT_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SIG_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 146 - Definition of Types for {RSA} Encryption Schemes */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 146 - Definition of Types for {RSA} Encryption Schemes */ + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_EMPTY_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ + +TPM_RC +TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ + +TPM_RC +TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +TPM_RC +TSS_TPMS_SCHEME_KDF2_Unmarshalu(TPMS_SCHEME_KDF2 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +TPM_RC +TSS_TPMS_SCHEME_MGF1_Unmarshalu(TPMS_SCHEME_MGF1 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 149 - Definition of TPMU_KDF_SCHEME Union */ + +TPM_RC +TSS_TPMU_KDF_SCHEME_Unmarshalu(TPMU_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_MGF1 + case TPM_ALG_MGF1: + rc = TSS_TPMS_SCHEME_MGF1_Unmarshalu(&target->mgf1, buffer, size); + break; +#endif +#ifdef TPM_ALG_KDF1_SP800_56A + case TPM_ALG_KDF1_SP800_56A: + rc = TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(&target->kdf1_SP800_56a, buffer, size); + break; +#endif +#ifdef TPM_ALG_KDF2 + case TPM_ALG_KDF2: + rc = TSS_TPMS_SCHEME_KDF2_Unmarshalu(&target->kdf2, buffer, size); + break; +#endif +#ifdef TPM_ALG_KDF1_SP800_108 + case TPM_ALG_KDF1_SP800_108: + rc = TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(&target->kdf1_sp800_108, buffer, size); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 150 - Definition of TPMT_KDF_SCHEME Structure */ + +TPM_RC +TSS_TPMT_KDF_SCHEME_Unmarshalu(TPMT_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_KDF_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_KDF_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +/* Table 151 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */ + +#if 0 +TPM_RC +TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} +#endif /* 0 */ + +/* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ + +TPM_RC +TSS_TPMU_ASYM_SCHEME_Unmarshalu(TPMU_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_ECDH + case TPM_ALG_ECDH: + rc = TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(&target->ecdh, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECMQV + case TPM_ALG_ECMQV: + rc = TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(&target->ecmqvh, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + rc = TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(&target->rsassa, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(&target->rsapss, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + rc = TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(&target->ecdsa, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + rc = TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(&target->ecdaa, buffer, size); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + rc = TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(&target->sm2, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(&target->ecSchnorr, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSAES + case TPM_ALG_RSAES: + rc = TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(&target->rsaes, buffer, size); + break; +#endif +#ifdef TPM_ALG_OAEP + case TPM_ALG_OAEP: + rc = TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(&target->oaep, buffer, size); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 153 - Definition of TPMT_ASYM_SCHEME Structure <> */ + +#if 0 +TPM_RC +TSS_TPMT_ASYM_SCHEME_Unmarshalu(TPMT_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} +#endif /* 0 */ + +/* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ + +TPM_RC +TSS_TPMT_RSA_SCHEME_Unmarshalu(TPMT_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ + +TPM_RC +TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + +TPM_RC +TSS_TPMT_RSA_DECRYPT_Unmarshalu(TPMT_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ +TPM_RC +TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ + +TPM_RC +TSS_TPMI_RSA_KEY_BITS_Unmarshalu(TPMI_RSA_KEY_BITS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ + +TPM_RC +TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ + +TPM_RC +TSS_TPM2B_ECC_PARAMETER_Unmarshalu(TPM2B_ECC_PARAMETER *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */ + +TPM_RC +TSS_TPMS_ECC_POINT_Unmarshalu(TPMS_ECC_POINT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->x, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->y, buffer, size); + } + return rc; +} + +/* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */ + +TPM_RC +TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_ECC_POINT_Unmarshalu(&target->point, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} + +/* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + +TPM_RC +TSS_TPMI_ECC_CURVE_Unmarshalu(TPMI_ECC_CURVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ECC_CURVE_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ + +TPM_RC +TSS_TPMT_ECC_SCHEME_Unmarshalu(TPMT_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme); + } + return rc; +} + +/* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ + +TPM_RC +TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->keySize, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_KDF_SCHEME_Unmarshalu(&target->kdf, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_ECC_SCHEME_Unmarshalu(&target->sign, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->p, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->a, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->b, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->gX, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->gY, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->n, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->h, buffer, size); + } + return rc; +} + +/* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ + +TPM_RC +TSS_TPMS_SIGNATURE_RSA_Unmarshalu(TPMS_SIGNATURE_RSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->sig, buffer, size); + } + return rc; +} + +/* Table 169 - Definition of Types for {RSA} Signature */ + +TPM_RC +TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 169 - Definition of Types for {RSA} Signature */ + +TPM_RC +TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ + +TPM_RC +TSS_TPMS_SIGNATURE_ECC_Unmarshalu(TPMS_SIGNATURE_ECC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->signatureR, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->signatureS, buffer, size); + } + return rc; +} + +/* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ + +TPM_RC +TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_SM2_Unmarshalu(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 172 - Definition of TPMU_SIGNATURE Union */ + +TPM_RC +TSS_TPMU_SIGNATURE_Unmarshalu(TPMU_SIGNATURE *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + rc = TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(&target->rsassa, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + rc = TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(&target->rsapss, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + rc = TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(&target->ecdsa, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + rc = TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(&target->ecdaa, buffer, size); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + rc = TSS_TPMS_SIGNATURE_SM2_Unmarshalu(&target->sm2, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + rc = TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(&target->ecschnorr, buffer, size); + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + rc = TSS_TPMT_HA_Unmarshalu(&target->hmac, buffer, size, NO); + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 173 - Definition of TPMT_SIGNATURE Structure */ + +TPM_RC +TSS_TPMT_SIGNATURE_Unmarshalu(TPMT_SIGNATURE *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(&target->sigAlg, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SIGNATURE_Unmarshalu(&target->signature, buffer, size, target->sigAlg); + } + return rc; +} + +/* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ + +TPM_RC +TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.secret), buffer, size); + } + return rc; +} + +/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + +TPM_RC +TSS_TPMI_ALG_PUBLIC_Unmarshalu(TPMI_ALG_PUBLIC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* Table 177 - Definition of TPMU_PUBLIC_ID Union */ + +TPM_RC +TSS_TPMU_PUBLIC_ID_Unmarshalu(TPMU_PUBLIC_ID *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->keyedHash, buffer, size); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sym, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->rsa, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + rc = TSS_TPMS_ECC_POINT_Unmarshalu(&target->ecc, buffer, size); + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + +TPM_RC +TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES); + } + return rc; +} + +/* Table 179 - Definition of TPMS_ASYM_PARMS Structure <> */ + +#if 0 +TPM_RC +TSS_TPMS_ASYM_PARMS_Unmarshalu(TPMS_ASYM_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_ASYM_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES); + } + return rc; +} +#endif + +/* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */ + +TPM_RC +TSS_TPMS_RSA_PARMS_Unmarshalu(TPMS_RSA_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_RSA_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RSA_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->exponent, buffer, size); + } + return rc; +} + +/* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */ + +TPM_RC +TSS_TPMS_ECC_PARMS_Unmarshalu(TPMS_ECC_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_ECC_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_KDF_SCHEME_Unmarshalu(&target->kdf, buffer, size, YES); + } + return rc; +} + +/* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + +TPM_RC +TSS_TPMU_PUBLIC_PARMS_Unmarshalu(TPMU_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + rc = TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(&target->keyedHashDetail, buffer, size); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + rc = TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(&target->symDetail, buffer, size); + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + rc = TSS_TPMS_RSA_PARMS_Unmarshalu(&target->rsaDetail, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + rc = TSS_TPMS_ECC_PARMS_Unmarshalu(&target->eccDetail, buffer, size); + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */ + +TPM_RC +TSS_TPMT_PUBLIC_PARMS_Unmarshalu(TPMT_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->type, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size, target->type); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 184 - Definition of TPMT_PUBLIC Structure */ + +TPM_RC +TSS_TPMT_PUBLIC_Unmarshalu(TPMT_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->type, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->nameAlg, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_OBJECT_Unmarshalu(&target->objectAttributes, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size, target->type); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_PUBLIC_ID_Unmarshalu(&target->unique, buffer, size, target->type); + } + return rc; +} + +/* Table 185 - Definition of TPM2B_PUBLIC Structure */ + +TPM_RC +TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_PUBLIC_Unmarshalu(&target->publicArea, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 192 - Definition of TPM2B_TEMPLATE Structure */ + +TPM_RC +TSS_TPM2B_TEMPLATE_Unmarshalu(TPM2B_TEMPLATE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ + +TPM_RC +TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + switch (selector) { +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + rc = TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(&target->rsa, buffer, size); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->ecc, buffer, size); + break; +#endif +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->bits, buffer, size); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + rc = TSS_TPM2B_SYM_KEY_Unmarshalu(&target->sym, buffer, size); + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 188 - Definition of TPMT_SENSITIVE Structure */ + +TPM_RC +TSS_TPMT_SENSITIVE_Unmarshalu(TPMT_SENSITIVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->sensitiveType, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->authValue, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->seedValue, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(&target->sensitive, buffer, size, target->sensitiveType); + } + return rc; +} + +/* Table 189 - Definition of TPM2B_SENSITIVE Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_Unmarshalu(TPM2B_SENSITIVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->t.size, buffer, size); + } + if (target->t.size != 0) { + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SENSITIVE_Unmarshalu(&target->t.sensitiveArea, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->t.size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 191 - Definition of TPM2B_PRIVATE Structure */ + +TPM_RC +TSS_TPM2B_PRIVATE_Unmarshalu(TPM2B_PRIVATE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 193 - Definition of TPM2B_ID_OBJECT Structure */ + +TPM_RC +TSS_TPM2B_ID_OBJECT_Unmarshalu(TPM2B_ID_OBJECT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.credential), buffer, size); + } + return rc; +} + +/* Table 196 - Definition of (UINT32) TPMA_NV Bits */ + +TPM_RC +TSS_TPMA_NV_Unmarshalu(TPMA_NV *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->val & TPMA_NV_RESERVED) { + rc = TPM_RC_RESERVED_BITS; + } + } + return rc; +} + +/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ + +TPM_RC +TSS_TPMS_NV_PUBLIC_Unmarshalu(TPMS_NV_PUBLIC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_NV_INDEX_Unmarshalu(&target->nvIndex, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->nameAlg, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_NV_Unmarshalu(&target->attributes, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->dataSize, buffer, size); + } + return rc; +} + +/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ + +TPM_RC +TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_NV_PUBLIC_Unmarshalu(&target->nvPublic, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} + +#ifndef TPM_TSS_NOCMDCHECK + +/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ + +TPM_RC +TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 200 - Definition of TPMS_CONTEXT_DATA Structure */ + +TPM_RC +TSS_TPMS_CONTEXT_DATA_Unmarshalu(TPMS_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->integrity, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(&target->encrypted, buffer, size); + } + return rc; +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ + +TPM_RC +TSS_TPM2B_CONTEXT_DATA_Unmarshalu(TPM2B_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size); + } + return rc; +} + +/* Table 202 - Definition of TPMS_CONTEXT Structure */ + +TPM_RC +TSS_TPMS_CONTEXT_Unmarshalu(TPMS_CONTEXT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT64_Unmarshalu(&target->sequence, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_SAVED_Unmarshalu(&target->savedHandle, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_CONTEXT_DATA_Unmarshalu(&target->contextBlob, buffer, size); + } + return rc; +} + +/* Table 204 - Definition of TPMS_CREATION_DATA Structure */ + +TPM_RC +TSS_TPMS_CREATION_DATA_Unmarshalu(TPMS_CREATION_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelect, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMA_LOCALITY_Unmarshalu(&target->locality, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_Unmarshalu(&target->parentNameAlg, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->parentName, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->parentQualifiedName, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size); + } + return rc; +} + +/* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ + +TPM_RC +TSS_TPM2B_CREATION_DATA_Unmarshalu(TPM2B_CREATION_DATA *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t startSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == TPM_RC_SUCCESS) { + startSize = *size; + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} +#ifndef TPM_TSS_NOCMDCHECK + +/* Deprecated functions that use a sized value for the size parameter. The recommended functions + use an unsigned value. + +*/ + +TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_Unmarshalu(target, targetSize, buffer, (uint32_t *)size); +} + +TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_GENERATED_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ALG_ID_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_RC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CLOCK_ADJUST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_EO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_SU_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_SE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CAP_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_PT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_PT_PCR_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_HANDLE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_ALGORITHM_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_SESSION_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_LOCALITY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_CC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_YES_NO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_DH_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +#if 0 +TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_DH_PARENT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} +#endif + +TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_PERSISTENT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_DH_ENTITY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_DH_PCR_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd) +{ + return TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(target, buffer, (uint32_t *)size, allowPwd); +} + +TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_SH_HMAC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_SH_POLICY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_DH_CONTEXT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_HIERARCHY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_ENABLES_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_PLATFORM_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_PROVISION_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_CLEAR_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_NV_AUTH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_LOCKOUT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_RH_NV_INDEX_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_HASH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_SYM_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_SYM_MODE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_KDF_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +/* NOTE: Marked as const function in header */ + +TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_EMPTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_HA_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_HA_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NONCE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_AUTH_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_OPERAND_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_EVENT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_MAX_BUFFER_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_TIMEOUT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_IV_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NAME_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_PCR_SELECTION_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_CREATION_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_VERIFIED_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_AUTH_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_HASHCHECK_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ALG_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_CC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_CCA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ALG_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_HANDLE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size,uint32_t minCount) +{ + return TSS_TPML_DIGEST_Unmarshalu(target, buffer, (uint32_t *)size, minCount); +} + +TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_DIGEST_VALUES_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_PCR_SELECTION_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ALG_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +#if 0 +TPM_RC TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_TAGGED_POLICY_Unmarshalu(target, buffer, (uint32_t *)size); +} +#endif + +TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_CAPABILITIES_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CLOCK_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TIME_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CERTIFY_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_QUOTE_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CREATION_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ST_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CAPABILITY_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_AUTH_RESPONSE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_AES_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SYM_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SYM_MODE_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_SYM_DEF_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SYM_KEY_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +#if 0 +TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_LABEL_Unmarshalu(target, buffer, (uint32_t *)size); +} +#endif + +TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_HMAC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_XOR_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(target, buffer, (uint32_t *)size); +} + +/* NOTE: Marked as const function in header */ + +TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF2_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_MGF1_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_KDF_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_KDF_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +#if 0 +TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} +#endif + +TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +#if 0 +TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} +#endif + +TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_RSA_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_RSA_DECRYPT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RSA_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ECC_PARAMETER_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ECC_POINT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ECC_POINT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_ECC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_SM2_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SIGNATURE_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_SIGNATURE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_PUBLIC_ID_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +#if 0 +TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ASYM_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} +#endif + +TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_RSA_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ECC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_PUBLIC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_PUBLIC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPMT_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull) +{ + return TSS_TPM2B_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull); +} + +TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_TEMPLATE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(target, buffer, (uint32_t *)size, selector); +} + +TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PRIVATE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ID_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_NV_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_NV_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NV_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CONTEXT_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CONTEXT_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CONTEXT_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CREATION_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CREATION_DATA_Unmarshalu(target, buffer, (uint32_t *)size); +} + +#endif /* TPM_TSS_NOCMDCHECK */ + +#endif /* TPM_TPM20 */ diff --git a/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c b/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c new file mode 100644 index 000000000000..34a4bb1c058f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/Unmarshal12.c @@ -0,0 +1,542 @@ +/********************************************************************************/ +/* */ +/* Parameter Unmarshaling */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Unmarshal12.c 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2017 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include + +#include +#include +#include + +TPM_RC +TSS_TPM_STARTUP_TYPE_Unmarshalu(TPM_STARTUP_TYPE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_ST_CLEAR: + case TPM_ST_STATE: + case TPM_ST_DEACTIVATED: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* 5.0 */ + + +TPM_RC +TSS_TPM_VERSION_Unmarshalu(TPM_VERSION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->major, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->minor, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->revMajor, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->revMinor, buffer, size); + } + return rc; +} + +/* 6.0 */ + +TPM_RC +TSS_TPM_TAG_Unmarshalu(TPM_TAG *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(target, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + switch (*target) { + case TPM_TAG_RSP_COMMAND: + case TPM_TAG_RSP_AUTH1_COMMAND: + case TPM_TAG_RSP_AUTH2_COMMAND: + break; + default: + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* 8.0 */ + +TPM_RC +TSS_TPM_PCR_SELECTION_Unmarshalu(TPM_PCR_SELECTION *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->sizeOfSelect, buffer, size); + } + if (rc == 0) { + if (target->sizeOfSelect > sizeof(target->pcrSelect)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeOfSelect, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t sizeRead32; + uint32_t startSize; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&sizeRead32, buffer, size); + } + if (rc == 0) { + if (sizeRead32 == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + startSize = *size; + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_LONG_Unmarshalu(target, buffer, size); + } + if (rc == 0) { + if (sizeRead32 != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} + +TPM_RC +TSS_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->localityAtCreation, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->localityAtRelease, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->creationPCRSelection, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->releasePCRSelection, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->digestAtCreation, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->digestAtRelease, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_PCR_INFO_SHORT_Unmarshalu(TPM_PCR_INFO_SHORT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->pcrSelection, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->localityAtRelease, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->digestAtRelease, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +/* 9.0 */ + +TPM_RC +TSS_TPM_SYMMETRIC_KEY_Unmarshalu(TPM_SYMMETRIC_KEY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->algId, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->encScheme, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size); + } + if (rc == 0) { + if (target->size > sizeof(target->data)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->data, target->size, buffer, size); + } + return rc; +} + +/* 10.0 */ + +TPM_RC +TSS_TPM_RSA_KEY_PARMS_Unmarshalu(TPM_RSA_KEY_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->keyLength, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->numPrimes, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->exponentSize, buffer, size); + } + if (rc == 0) { + if (target->exponentSize > sizeof(target->exponent)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->exponent, target->exponentSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { + case TPM_ALG_RSA: /* A structure of type TPM_RSA_KEY_PARMS */ + rc = TSS_TPM_RSA_KEY_PARMS_Unmarshalu(&target->rsaParms, buffer, size); + break; + case TPM_ALG_AES128: /* A structure of type TPM_SYMMETRIC_KEY_PARMS */ + /* not implemented yet */ + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +TPM_RC +TSS_TPM4B_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + uint32_t sizeRead32; + uint32_t startSize; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&sizeRead32, buffer, size); + } + if (rc == 0) { + if (sizeRead32 == 0) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + startSize = *size; + } + if (rc == 0) { + rc = TSS_TPMU_PARMS_Unmarshalu(target, buffer, size, selector); + } + if (rc == 0) { + if (sizeRead32 != startSize - *size) { + rc = TPM_RC_SIZE; + } + } + return rc; +} + +TPM_RC +TSS_TPM_KEY_PARMS_Unmarshalu(TPM_KEY_PARMS *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->algorithmID, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->encScheme, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->sigScheme, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM4B_TPMU_PARMS_Unmarshalu(&target->parms, buffer, size, target->algorithmID); + } + return rc; +} + +TPM_RC +TSS_TPM_KEY12_Unmarshalu(TPM_KEY12 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->fill, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->keyUsage, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->keyFlags, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->authDataUsage, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->algorithmParms, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(&target->PCRInfo, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->pubKey, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->encData, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_STORE_PUBKEY_Unmarshalu(TPM_STORE_PUBKEY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->keyLength, buffer, size); + } + if (rc == 0) { + if (target->keyLength > sizeof(target->key)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->key, target->keyLength, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_PUBKEY_Unmarshalu(TPM_PUBKEY *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->algorithmParms, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->pubKey, buffer, size); + } + return rc; +} + +/* 19 */ + +TPM_RC +TSS_TPM_NV_ATTRIBUTES_Unmarshalu(TPM_NV_ATTRIBUTES *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->attributes, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(TPM_NV_DATA_PUBLIC *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->nvIndex, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrInfoRead, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrInfoWrite, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_NV_ATTRIBUTES_Unmarshalu(&target->permission, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->bReadSTClear, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->bWriteSTClear, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->bWriteDefine, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + } + return rc; +} + +/* 21 */ + +TPM_RC +TSS_TPM_CAP_VERSION_INFO_Unmarshalu(TPM_CAP_VERSION_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_VERSION_Unmarshalu(&target->version, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->specLevel, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->errataRev, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->tpmVendorID, sizeof(target->tpmVendorID), buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->vendorSpecificSize, buffer, size); + } + if (rc == 0) { + if (target->vendorSpecificSize > sizeof(target->vendorSpecific)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->vendorSpecific, target->vendorSpecificSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_DA_INFO_Unmarshalu(TPM_DA_INFO *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->state, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->currentCount, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->thresholdCount, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_DA_ACTION_TYPE_Unmarshalu(&target->actionAtThreshold, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->actionDependValue, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->vendorDataSize, buffer, size); + } + if (rc == 0) { + if (target->vendorDataSize > sizeof(target->vendorData)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->vendorData, target->vendorDataSize , buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_DA_INFO_LIMITED_Unmarshalu(TPM_DA_INFO_LIMITED *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->state, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_DA_ACTION_TYPE_Unmarshalu(&target->actionAtThreshold, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->vendorDataSize, buffer, size); + } + if (rc == 0) { + if (target->vendorDataSize > sizeof(target->vendorData)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->vendorData, target->vendorDataSize , buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_DA_ACTION_TYPE_Unmarshalu(TPM_DA_ACTION_TYPE *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->actions, buffer, size); + } + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/activatecredential.c b/libstb/tss2/ibmtpm20tss/utils/activatecredential.c new file mode 100644 index 000000000000..07be7154ee26 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/activatecredential.c @@ -0,0 +1,328 @@ +/********************************************************************************/ +/* */ +/* ActivateCredential */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ActivateCredential_In in; + ActivateCredential_Out out; + TPMI_DH_OBJECT activateHandle = 0; + TPMI_DH_OBJECT keyHandle = 0; + const char *inputCredentialFilename = NULL; + const char *secretFilename = NULL; + const char *outputCredentialFilename = NULL; + const char *activatePassword = NULL; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (activateHandle == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (inputCredentialFilename == NULL) { + printf("Missing name parameter -icred\n"); + printUsage(); + } + if (secretFilename == NULL) { + printf("Missing name parameter -is\n"); + printUsage(); + } + if (rc == 0) { + in.activateHandle = activateHandle; + in.keyHandle = keyHandle; + } + /* read the credential */ + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.credentialBlob, + (UnmarshalFunction_t)TSS_TPM2B_ID_OBJECT_Unmarshalu, + inputCredentialFilename); + } + /* read the secret */ + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.secret, + (UnmarshalFunction_t)TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu, + secretFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ActivateCredential, + sessionHandle0, activatePassword, sessionAttributes0, + sessionHandle1, keyPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* optionally save the certInfo */ + if ((rc == 0) && (outputCredentialFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.certInfo.t.buffer, + out.certInfo.t.size, + outputCredentialFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("activatecredential: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("activatecredential: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("activatecredential\n"); + printf("\n"); + printf("Runs TPM2_ActivateCredential\n"); + printf("\n"); + printf("\t-ha\tactivation handle of object associated with the certificate\n"); + printf("\t-hk\thandle of loaded decryption key\n"); + printf("\t-icred\tinput credential file name\n"); + printf("\t-is\tsecret file name\n"); + printf("\n"); + printf("\t[-pwda\tpassword for activation key (default empty)]\n"); + printf("\t[-pwdk\tpassword for decryption key (default empty)]\n"); + printf("\t[-ocred\t output credential file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2]\tsession handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/applink.c b/libstb/tss2/ibmtpm20tss/utils/applink.c new file mode 100644 index 000000000000..92d9c877a5b7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/applink.c @@ -0,0 +1,107 @@ +#define APPLINK_STDIN 1 +#define APPLINK_STDOUT 2 +#define APPLINK_STDERR 3 +#define APPLINK_FPRINTF 4 +#define APPLINK_FGETS 5 +#define APPLINK_FREAD 6 +#define APPLINK_FWRITE 7 +#define APPLINK_FSETMOD 8 +#define APPLINK_FEOF 9 +#define APPLINK_FCLOSE 10 /* should not be used */ + +#define APPLINK_FOPEN 11 /* solely for completeness */ +#define APPLINK_FSEEK 12 +#define APPLINK_FTELL 13 +#define APPLINK_FFLUSH 14 +#define APPLINK_FERROR 15 +#define APPLINK_CLEARERR 16 +#define APPLINK_FILENO 17 /* to be used with below */ + +#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ +#define APPLINK_READ 19 +#define APPLINK_WRITE 20 +#define APPLINK_LSEEK 21 +#define APPLINK_CLOSE 22 +#define APPLINK_MAX 22 /* always same as last macro */ + +#ifndef APPMACROS_ONLY +#include +#include +#include + +static void *app_stdin(void) { return stdin; } +static void *app_stdout(void) { return stdout; } +static void *app_stderr(void) { return stderr; } +static int app_feof(FILE *fp) { return feof(fp); } +static int app_ferror(FILE *fp) { return ferror(fp); } +static void app_clearerr(FILE *fp) { clearerr(fp); } +static int app_fileno(FILE *fp) { return _fileno(fp); } +static int app_fsetmod(FILE *fp,char mod) +{ return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); } + +#ifdef __cplusplus +extern "C" { +#endif + + /* function prototype */ +__declspec(dllexport) +void ** +#if defined(__BORLANDC__) + __stdcall /* __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. */ +#else + __cdecl +#endif + OPENSSL_Applink(void); + + /* function implementation */ + __declspec(dllexport) +void ** +#if defined(__BORLANDC__) +__stdcall /* __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. */ +#else +__cdecl +#endif +OPENSSL_Applink(void) +{ static int once=1; + static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX}; + + if (once) + { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; + OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; + OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; + OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; + OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; + OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; + OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; + OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; + OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; + OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; + + OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; + OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; + OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; + OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; + OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; + OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; + OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; + + OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; + OPENSSL_ApplinkTable[APPLINK_READ] = _read; + OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; + OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; + OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; + + once = 0; + } + + return OPENSSL_ApplinkTable; +} + +#ifdef __cplusplus +} +#endif +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/cakey.pem b/libstb/tss2/ibmtpm20tss/utils/cakey.pem new file mode 100644 index 000000000000..cd244448e9a9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/cakey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,DC8B29E70BAB3352C50FCDD88DCF6D71 + +qAJXoHCJv0ke4jrCnrXcWwpCXYJqyphZ1qQY3TS2UZwpGT4nCQPnFfcKLIQptuZ+ +Q0lu+QYkrMsZ4/+aymY0DIlqNYDfgHhJ6Pfgpt3JDFAw7nePrFVQeo4XRUR+uNTm +OH/fTKcdNx9arkI+rvz7hsxZSo4MR5Nej+kRtJyLuNNQicmte0GzvA98tClbT+5f +iI/lTki5lpf68Mn4kc5XkOkctQXMu31tkdeRnaKRUga1Zcf36eKzd3FLw6Lg6rQC +7Zrl9oLup0wvVfkc4j6KnPGUKxpIH8NudSTQJtQ72e4klHlgEx8pp/EHT/Xo+NQA +rWlpz5hMbx7tje0hDschtfEbyzgWCAz10WVe49xP8oi/+y9v9c4WfZ300mnw1jtm +6Gcm7W0Q+IiyJ64Xk/HseSIELn6EpfUBqJf6CUmj2MS+1DRM0NJB0ck4gt5fJGMl +ASCIxXphwMu0gzAgP5TrMQYaRJuNGGbXbMX2O8lQQjHfP+Gl2YRjuITXkSBwojhA +plhF6r1Y5tHAINlgW3/hp3g5KT85hIKwE9KuHB8ArJiCUgl370cAQz5UBlSKKnbT +PKvkiq3oOH2TYZ9Lz+4ElAdW8xe+r4uRuZMperDZUbU/qi7sK3I7tT2cJLqKBQZM +1t7u5VvB7cMvLGAPs/gyKKtltbiSFarIcW/PssS7rGuHfLbuFc42A45g2Ndt0dMx +PKqSwlanXyvksjRb5egymN4BbFJ49fnY38M7gDvYLujhH27PZCOv70SnRI2LGLJH +dhqPZ+Bb1pUB2CjX+xGw/NWehmBLURYNVgLBbvTqdZ8iCQC3PWPggq+f3KGSyU9r +unuCLm+CUQ0iOaA+egq0rUCSQkA1MXGtjh/Vdv4e5xl9lxOBdsv25xHwjcWrDFWj +pR1xsFSGoL0pDN6ZklyYBEj4BTg1/Jlf7ljQ+mti99mxroclKMrAKivPYQ38Gcgc +virFMjQk5OT0g+mD+rpHRc5CGwWglAvddjCT5IsXks3dt/kGNhAVfQtKA7mJxf6n +z0EXJn9KFvljUratXtT0TyQjcQ0zYs9dKwcq/couEXeVa98tdnrwtfgmKw7wyCWW +PJd8eZY9aaZdWwzff19bBUURcYsiJIYij6PmhY40WB5/4MBmD43vnrbrIJaIQqDU +f7TBiIWq5TzoWo/dYc1nyaPeXuc822YSR9KfCTOyxH27ipJ+b9mL315FgVjILdyO +/Y3IFzWkxmd+15gFA4HGnVN32w3fovjfZbOwAw57y31qzgrSZi07z+rpJJNy9VOB +cXYlZ632UIJ38yRiZe14u0+3I79RKr/gWB4CzUuSpXQLPt8vBfU3oP7tKSh58Rcq +Nyc3/gAlQQW7/mCeoilhbnQvVnq20hjuoLeY0FmYNA+0rc49FNDsDeegLgopv+UN +7z2rVQNykQorJWDLTAHvRrHrb67oTIE8bzcupmcVR7RmzeL8Sp8xmiuYAUNKemih +6KlaONH91/LdYsp/zM46jjulp6VEEJXzBUAAssiKXnyAEhqFAq56rV3xDNwUAHXE +i2jkvf6p8lgBSU+8UvwYXKMDWjl78cmVZkp1p17CPP1JGK4TaEoFwyVZIZWsZl/D +-----END RSA PRIVATE KEY----- diff --git a/libstb/tss2/ibmtpm20tss/utils/cakeyecc.pem b/libstb/tss2/ibmtpm20tss/utils/cakeyecc.pem new file mode 100644 index 000000000000..498ded49519b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/cakeyecc.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiv+ODLOPcsbwICCAAw +HQYJYIZIAWUDBAEqBBC/F0OaeoTz2ROpX89quSvWBIGQl4BxlX1Lvy31myw1vPN0 +w/1Wqozirz53nIsVN/q+jV4zgx4fu/KWqKMFYwtb+BkGWBueCh5jRJ9YvEqMpUl+ +LX4YgKGm7q4LQaf3DdRaWc5/99iIzMsdwGt/nbpZ0eyl1gwnwkU4+06RTE1156Li +AnZcGYkwxCS8DKdy7qeU9n915io+A9hJucwXjvHOOo0S +-----END ENCRYPTED PRIVATE KEY----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/.cvsignore b/libstb/tss2/ibmtpm20tss/utils/certificates/.cvsignore new file mode 100644 index 000000000000..455c618bb4ec --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/.cvsignore @@ -0,0 +1,4 @@ +*.dump +*.der +*.cer +*.crt diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem new file mode 100644 index 000000000000..738637b08a94 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEMV64bDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0wNTEwMjAxMzQ3NDNaFw0yNTEwMjAxMzQ3NDNaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALftPhYN +t4rE+JnU/XOPICbOBLvfo6iA7nuq7zf4DzsAWBdsZEdFJQfaK331ihG3IpQnlQ2i +YtDim289265f0J4OkPFpKeFU27CsfozVaNUm6UR/uzwA8ncxFc3iZLRMRNLru/Al +VG053ULVDQMVx2iwwbBSAYO9pGiGbk1iMmuZaSErMdb9v0KRUyZM7yABiyDlM3cz +UQX5vLWV0uWqxdGoHwNva5u3ynP9UxPTZWHZOHE6+14rMzpobs6Ww2RR8BgF96rh +4rRAZEl8BXhwiQq4STvUXkfvdpWH4lzsGcDDtrB6Nt3KvVNvsKz+b07Dk+Xzt+EH +NTf3Byk2HlvX+scCAwEAAaOCATswggE3MB0GA1UdDgQWBBQ4k8292HPEIzMV4bE7 +qWoNI8wQxzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBABJ1+Ap3rNlxZ0FW0aIgdzktbNHlvXWNxFdYIBbM +OKjmbOos0Y4O60eKPu259XmMItCUmtbzF3oKYXq6ybARUT2Lm+JsseMF5VgikSlU +BJALqpKVjwAds81OtmnIQe2LSu4xcTSavpsL4f52cUAu/maMhtSgN9mq5roYptq9 +DnSSDZrX4uYiMPl//rBaNDBflhJ727j8xo9CCohF3yQUoQm7coUgbRMzyO64yMIO +3fhb+Vuc7sNwrMOz3VJN14C3JMoGgXy0c57IP/kD5zGRvljKEvrRC2I147+fPeLS +DueRMS6lblvRKiZgmGAg7YaKOkOaEmVDMQ+fTo2Po7hI5wc= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem new file mode 100644 index 000000000000..d28784467291 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEaItIgTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0wNjEyMjExMDM0MDBaFw0yNjEyMjExMDM0MDBaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6KnP5R +8ppq9TtPu3mAs3AFxdWhzK5ks+BixGR6mpzyXG64Bjl4xzBXeBIVtlBZXYvIAJ5s +eCTEEsnZc9eKNJeFLdmXQ/siRrTeonyxoS4aL1mVEQebLUz2gN9J6j1ewly+OvGk +jEYouGCzA+fARzLeRIrhuhBI0kUChbH7VM8FngJsbT4xKB3EJ6Wttma25VSimkAr +SPS6dzUDRS1OFCWtAtHJW6YjBnA4wgR8WfpXsnjeNpwEEB+JciWu1VAueLNI+Kis +RiferCfsgWRvHkR6RQf04h+FlhnYHJnf1ktqcEi1oYAjLsbYOAwqyoU1Pev9cS28 +EA6FTJcxjuHhH9ECAwEAAaOCATswggE3MB0GA1UdDgQWBBRDMlr1UAQGVIkwzamm +fceAZ7l4ATAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAIZAaYGzf9AYv6DqoUNx6wdpayhCeX75/IHuFQ/d +gLzat9Vd6qNKdAByskpOjpE0KRauEzD/BhTtkEJDazPSmVP1QxAPjqGaD+JjqhS/ +Q6aY+1PSDi2zRIDA66V2yFJDcUBTtShbdTg144YSkVSY5UCKhQrsdg8yAbs7saAB +LHzVebTXffjmkTk5GZk26d/AZQRjfssta1N/TWhWTfuZtwYvjZmgDPeCfr6AOPLr +pVJz+ntzUKGpQ+5mwDJXMZ0qeiFIgXUlU0D+lfuajc/x9rgix9cM+o7amgDlRi1T +55Uu2vzUQ9jLUaISFaTTMag+quBDhx8BDVu+igLp5hvBtxQ= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem new file mode 100644 index 000000000000..14e070330a78 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEH7fYljANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0wNzA0MTMxNjQ0MjRaFw0yNzA0MTMxNjQ0MjRaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWdPAuH +z/p1tIwB1QXlPD/PjedZ4uBZdwPH5tI3Uve0TzbR/mO5clx/loWn7nZ5cHkH1nhB +R67JEFY0a9GithPfITh0XRxPcisLBE/SoqZ90KHFaS+N6SwOpdCP0GlUg1OesKCF +79Z6fXrkTZsVpPqdawdZK+oUsDO9z9U6xqV7bwsS75Y+QiHsm6UTgAkSNQnuFMP3 +NqQyDi/BaWaYRGQ6K8pM7Y7e1h21z/+5X7LncZXU8hgpYpu2zQPg96IkYboVUKL4 +00snaPcOvfagsBUGlBltNfz7geaSuWTCdwEiwlkCYZqCtbkAj5FiStajrzP72BfT +2fshIv+5eF7Qp5ECAwEAAaOCATswggE3MB0GA1UdDgQWBBTGyypNtylL6RFyT1BB +MQtMQvibsjAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAGN1bkh4J90DGcOPP2BlwE6ejJ0iDKf1zF+7CLu5 +WS5K4dvuzsWUoQ5eplUt1LrIlorLr46mLokZD0RTG8t49Rcw4AvxMgWk7oYk69q2 +0MGwXwgZ5OQypHaPwslmddLcX+RyEvjrdGpQx3E/87ZrQP8OKnmqI3pBlB8QwCGL +SV9AERaGDpzIHoObLlUjgHuD6aFekPfeIu1xbN25oZCWmqFVIhkKxWE1Xu+qqHIA +dnCFhoIWH3ie9OsJh/iDRaANYYGyplIibDx1FJA8fqiBiBBKUlPoJvbqmZs4meMd +OoeOuCvQ7op28UtaoV6H6BSYmN5dOgW7r1lX2Re0nd84NGE= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem new file mode 100644 index 000000000000..9a94f1d11545 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEDhD4wDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0wNzEyMDMxMzA3NTVaFw0yNzEyMDMxMzA3NTVaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3UBmDk +jJzzJ+WCgrq4tILtE9KJPMGHwvCsbJOlo7eHiEb8JQzGK1prkPQ3dowFRXPnqONP +WUa36/J3R32xgvuZHqAdliZCt8IUb9qYhDenuXo1SSqJ8LWp30QIJ0vnkaQ2TCkO +bveZZR3hK2OZKRTkFaV/iy2RH+Qs4JAe3diD8mlIu2gXAXnKJSkrzW6gbMzrlTOi +RCuGcatpy7Hfmodbz/0Trbuwtc3dyJZ3Ko1z9bz2Oirjh93RrmYjbtL0HhkAjMOR +83GLrzwUddSqmxtXXX8j5i+/gmE3AO71swOIESdGugxaKUzJ1jTqWKMZcx0E6BFI +lDIfKk0fJlSxHfECAwEAAaOCATswggE3MB0GA1UdDgQWBBSIs8E/YQXRBCKfWsDr +SZVkrNRzvTAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAFtqClQNBLOzcGZUpsBqlz3frzM45iiBpxosG1Re +IgoAgtIBEtl609TG51tmpm294KqpfKZVO+xNzovm8k/heGb0jmYf+q1ggrk2qT4v +Qy2jgE0jbP/P8WWq8NHC13uMcBUGPaka7yofEDDwz7TcduQyJVfG2pd1vflnzP0+ +iiJpfCk3CAQQnb+B7zsOp7jHNwpvHP+FhNwZaikaa0OdR/ML9da1sOOW3oJSTEjW +SMLuhaZHtcVgitvtOVvCI/aq47rNJku3xQ7c/s8FHnFzQQ+Q4TExbP20SrqQIlL/ +9sFAb7/nKYNauusakiF3pfvMrJOJigNfJyIcWaGfyyQtVVI= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem new file mode 100644 index 000000000000..d7376ac19ea5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEVuRoqzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0wOTEyMTExMDM4NDJaFw0yOTEyMTExMDM4NDJaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL79zMCO +bjkg7gCWEuyGO49CisF/QrGoz9adW1FBuSW8U9IOlvWXNsvoasC1mhrsfkRRojuU +mWifxxxcVfOI9v1SbRfJ+i6lG21IcVe6ywLJdDliT+3vzvrb/2hU/XjCCMDWb/Pw +aZslV5iL4QEiKxvRIiWMYHW0MkkL7mzRBDVN/Vz3ZiL5Lpq7awiKuX9OXpS2a1wf +qSGAlm2TxjU884q9Ky85JJugn0Q/C3dc8aaFPKLHlRs6rIvN1l0LwB1b5EWPzTPJ +d9EhRPFJOAbJS66nSgX06Fl7eWB71ow6w/25otLQCbpy6OrF8wBVMtPMHqFb1c32 +PaaNzpCBnIU7vaMCAwEAAaOCATswggE3MB0GA1UdDgQWBBS7z3zBhCExZtq1vlOo +cBTd00jYzDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAHomNJtmFNtRJI2+s6ZwdzCTHXXIcR/T+N/lfPbE +hIUG4Kg+3uQMP7zBi22m3I3Kk9SXsjLqV5mnsQUGMGlF7jw5W5Q+d6NSJz4taw9D +2DsiUxE/i5vrjWiUaWxv2Eckd4MUexe5Qz8YSh4FPqLB8FZnAlgx2kfdzRIUjkMq +EgFK8ZRSUjXdczvsud68YPVMIZTxK0L8POGJ6RYiDrjTelprfZ4pKKZ79XwxwAIo +pG6emUEf+doRT0KoHoCHr9vvWCWKhojqlQ6jflPZcEsNBMbq5KHVN77vOU58OKx1 +56v3EaqrZenVFt8+n6h2NzhOmg2quQXIr0V9jEg8GAMehDs= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem new file mode 100644 index 000000000000..f23eef034e2e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEfGoY6jANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xMjA3MTcwOTI0NTJaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAwODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJaIJu6 +r/betrMgWJ/JZ5j8ytoAA9RWq0cw7+W0e5L2kDLJMM288wYT+iEbfwx6sWSLAl7q +okXYDtTB9MFNhQ5ZWFLslFXbYigtXJxwANcSdPISTF1Czn6LLi1fu1EHddwCXFC8 +xaX0iGgQ9pZklvAy2ijK9BPHquWisisEiWZNRT9dCVylzOR3+p2YOC3ZrRmg7Bj+ +DkC7dltTTO6dPR+LNOFe01pJlpZdF4YHcu4EC10gRu0quZz1LtDZWFKezK7rg5Rj +LSAJbKOsGXjl6hQXMtADEX9Vlz1vItD21OYCNRsu6VdipiL0bl0aAio4BV3GMyjk +0gHnQwCk9k/YPU8CAwEAAaOCATswggE3MB0GA1UdDgQWBBRMS01kiQjkW/5aENNj +h6aIrsHPeDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBALMiDyQ9WKH/eTI84Mk8KYk+TXXEwf+fhgeCvxOQ +G0FTSmOpJaNIzxWXr/gDbY3dO0ODjWRKYvhimZUuV+ckMA+wZX2C6o8g5njpWIOH +pSAa+W35ijArh0Zt3MASJ46avd+fnQGTdzT0hK46gx6n2KixLvaZsR3JtuwUFYlQ +wzmz/UsbBNEoPiR8p5E0Zf5GEGiTqkmBVYyS6XA34axpMMRHy0wI7AGs0gVihwUM +rr0iWOu+GAcrm11lcYzqJvuEkfenAF62ufA2Ktv+Ut2xiRC0jUIp73CeplAJsqBr +camV3pJn3qYPI5c1njMRYnoRFWQbrOR5ADWDQLFQPYRrJmg= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem new file mode 100644 index 000000000000..89fb7c6b1c7a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEJCe5vDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xMzAxMTgxNDE4NTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDzzG8C +6MBIZQEQJzEGlkSoFfYx7UFnbAXOP35eXkDfs79tmXh/Kpvo+LgDXAPVwiJgcphS +MNTOhAes1kA/cuGk2/BpUE5W+owIB6cEUm6sHjea5VnrS7rZ205lKzsU5ThJel53 +aLzgv/r4AMYfHyJid1xSbheQor7PmgcqWPag8wQrUnn+mVe8rcPJclQotmsV1SY/ +AMUorEdxbeaTgZkP8jvCjywzty2Jtfju75BTtg0jBDEIHWVuqOwWx879nvWpBho8 +khOU1FPZrHc5fVm0w7ryWCZvZVWUacMAeYfVqDOOEPxUzZMDA8NwB9bh5sY/Nrz7 +oeSUr7Ps2aJAf/kCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU7D+NTMEqvoigGQZOimK3 +AY+i41kwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAJ1qznUH6nCB +1akxmhMYWBEjQsqHdy+lwYYMNHl98s9AnHWMXzpGcGUJg695D9hQrw4kHpjn9a1L +yxTA4NPz3W3k5gk4Jtp20yJeClGXEIcf86WsJwyC1gDGQfV2k+vdzlhpfCJLVq1i +Ec0I/AlwOJBgRvLmldPuYAqtDTE0drffAkhaMoEr5d+X5cC1iAsvpPw0dL+AqqFh +3+YVDtrjdmhcHtopQfzM4/voZr9F+t+WBdg+NIfZHJZud/ZX+4FrNco91wDueryU +Az7W27Cet2fUk9zv/GYMRVrS8lO7K76Leawt4fNtLDBVQLlj+3RYyU5cK8aj8yAe +KboVHBoSukQ= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem new file mode 100644 index 000000000000..af1a703403a2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIEW1RJ0TANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xMzAxMTgxNDMyNDBaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANs3+XqT +S/vs4eR8quyXIgPFixBg75cWbSjl7yXHylta8sLrmog5xtMdtjtUZIE6ko34PQ0r +b2nLnviHzmKsVGcEgVqB5DYR4p1/WcuQXY+POaWeWnHUVI8wErvjfuCBkkofL5lE +wD+HaznTRE9ZMFpmRGGbC5oVsGSd1OGefjeaIK3DMZFQle5YQgbFh5CccQ8nTOHK +cPqcgEI/ncAZMecGMZFmXvgxn24tQ+PCutuBvmY1BYt76US5MnKr9rKpcBtmygRY +xTMWmEETr3lTlElvEzDuMmj+cjrbweMZldS1r3Vf+hCGrDidcQidu3BY5v+ZifUL +Db0ekQBo2NVFUTcCAwEAAaOCATswggE3MB0GA1UdDgQWBBR1aP8m830RJoVntoZO +xyoIyBiJHjAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAMuw0E9SWAmRoMyYeH4QfA0Eu2DHHsAVvpTWICqN +YCWCnDku3PEUJpAS02Iu4MN2EUjywgIgccYjawfiI1xQ+qKJWVVXo1rScfRn3g4a +LyfBzZDo/ka7dK1azNDI2ieRrh6pPvIgYAriipX6kVTNV2tTpQVF+OoeXOvqMyIY +sIpwZCIwSTvgwMIQblik9IQt+rxh3fqESlAZ9NztFnA+ftTS1YeeQR/OjLxUtUX0 +lbKHtjIuvokyEAj1C+TMASt2CMsRuSf5U0nVA4Ekci+XzCIhvPnB2860TMvq+hzy +ANAzLSZsSZOo8KYY9ZgBdksLpPPrOYTFSMXO+oom5xh5r/Q= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem new file mode 100644 index 000000000000..10c6fe9de5f9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCA4egAwIBAgIESa1p+zANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xMzA4MjcxMzU4NTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAISatv1/ +C6U9+bRoGnFIRJP99ETyRdBaZZbjMzomJ0+n6VsyZKU8HshD1D56e7td3nOqMixg +ygaBK3Fq6jgR4nEDafH8bXvhY+6nLYzqgWub8htqAjOxyw9AVSJaeByr1Xo9OZJX +06exrdSikAW6ANcn9khpEpl3kUB/z4qY+tDgabIYQokVvEZ1KCYXbAKTQaV1j2CJ +DYExo82lQJepEATiVpXlM71UCxpdpeudiWKYRWY7oV5EpyOcMzolYVfQ6c/2EDhj +6CxlYALKzu7xgNLXfhUCJWPjCK7NDr86n5s1tKHmJUdbHyqnes8h5p/7MVAn+BuA +auk5MR7GY5TfkwECAwEAAaOCATswggE3MB0GA1UdDgQWBBSP/UeIDiOaOjog3hPt +8QHogqnSHTAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV +HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93 +d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP +MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO +BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB +RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw +DQYJKoZIhvcNAQEFBQADggEBAJWePIX29bPvG9qnOWWGOuIsUhChgOzaLA/LkJEQ +HnRMPUU8hO9RGMuFW0QN62eSKel/H0M1ty3XtjMMxRg7DqJiRN7FgPkEN6gCX9TZ +lyNyxz8gNULrhQ5fB3oorQd0Miwo4zJ+GjW3tmCkfPzoXz8h6gRlIRtY+6mvaVw1 +ad0QgF3Dp6R1yY1jmCHqG0w26PU97G6Lk6l+y9cJzmgVxVgmYdRXQvsb0HVn0Vg7 +CYcq9L+VXwRmLH5YkehVS5r+VBXYCMiTCOLZ4GAtYkSQIUqZZk4lgM2uBXBdqqyo +0JAQaJMmyFG7GkB1SItEl3RGdLIX4pdbwRcRecB+TOE/dWM= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem new file mode 100644 index 000000000000..fbc00fba75f1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEANn6EDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xMzA4MjcxNDAyMjFaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIFJOXEJ +l01sCFDIpgME7X0gmxuI9DW2lTlNrZ+05kGAAqOUCWbS8EEDyIZZYA7qjipcaXxf +mJ9i0zoG2hC1AHXzfzzmrQcEE6DhCeFv5lKzk8Ta/FV5zLmRXppw9cBbzg00HWuI +f0PEM0vY7GopP/q3N/d6RQac0DRdPVNOhNApApw3omfAzC2Nzj4sdvIaQPXY1GOI +Koy7ktgjVoUmZ1Po8FHni2geh4EKWyHvcZZiqCCN/ZTFWhJqES454Ncy1zxZkJX6 +/1K7wOjFs9zZBNBd4A1cURLz33t2YCq+XcD4+JtViJokxU7boSNK5Ji+mwLLXIBI +0dyQIQcFuvwOKDcCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUoMnewI/TmotZxGvL6H/Z +lIxV+XAwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAMvISZvt0QDC +8OW67Lcn6FKjl95hm/MdhNX3QwkRaSYFCpVDW8dk622SFrwlzKoMAnNSlpwf7MOl +9n5Fkd4gSlyMOdBIwtd53mAOVRCRIhHgrrfmi76saLsaNQci3kjnCDYL4U68o1dQ +41zlCko8vb7EO5/2fBKG/DS1gzGW1y3ctEpYNn38TunrDYgkUksNKaSZtmrfXNeI +ZavtFtxRQo5v5VNUqOkyfvn4dB/og+xFnqOCpi7FLNAfG/1DnLhvheHk5Ii51oKs +iOIcij0vGiyKbozlNvHl+0xe7UOT1s1U6YdzWz6YmzyCEjOkz720TenG99l89UZX +71FyouYrMhw= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Root_CA.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Root_CA.pem new file mode 100644 index 000000000000..4fe98e716a89 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IFX_TPM_EK_Root_CA.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUDCCAzigAwIBAgIQRyQE4N8hgD99IM2HSOq5WjANBgkqhkiG9w0BAQUFADCB +ljELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTswOQYDVQQL +EzJWZXJpU2lnbiBUcnVzdGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eTExMC8GA1UEAxMoVmVyaVNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBNb2R1bGUg +Um9vdCBDQTAeFw0wNTEwMjUwMDAwMDBaFw0zMDEwMjQyMzU5NTlaMG0xCzAJBgNV +BAYTAkRFMRAwDgYDVQQIEwdCYXZhcmlhMSEwHwYDVQQKExhJbmZpbmVvbiBUZWNo +bm9sb2dpZXMgQUcxDDAKBgNVBAsTA0FJTTEbMBkGA1UEAxMSSUZYIFRQTSBFSyBS +b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yZqFFg0PLDo +cW7Fyis2Xe5vERxnJ+KlEMUOQnrw5At9f0/ggovDM8uCVW71T6e24T6HH6kUQZCt +yddtsaf0tebmA3TxjiuBzBAtT6qyns35+sXuL6uZaLnjGKXDv+uByOzpmBXUSwq1 +tdSTPQ0wWWQ6v/qwKofZdxAaPCTIBw61G08rkUT42a1hPESmVFrmc5hcnn4AQmJE +cjcOhClwIKE9OQw8TzI+7ncgCZlY3FZFKqHp7NRNnaihpmKbHvn5wXIUnKuvS4iZ +HqSbzGBuZ0ogqJ22ruDJi+JWYUWBmgI1JO85CPJ1Q58t0ME3hM3oWeqV6adWUcIc +IpclkYQWlwIDAQABo4HBMIG+MBIGA1UdEwEB/wQIMAYBAf8CAQEwWAYDVR0gAQH/ +BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LnZl +cmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwDgYDVR0PAQH/BAQDAgIE +MB0GA1UdDgQWBBRW65FEhWPWcrOu1EWWC/eUDlRCpjAfBgNVHSMEGDAWgBQPFPXj +IIhEFsomv40fzjcV6kVvBjANBgkqhkiG9w0BAQUFAAOCAQEAWKL5zsV8p/TZk3mt +9m9NAqXWBDVHBnDgBE+Qphf25s+3s098vkWVLTddH3PtddF3MEYC4W8+dn4tyFe9 +mQ+96q8dwJdNabwBokrZy2beL71CXt/4jYNN0j/N9uYO4vIDBFDKRMWCtUO217+w +xQTSOv5+mpgFw7UML/QpgpdmZy2i+eZPxDo8dzT+YJXC5vsHVSooA3rWDDzvnoLC +cmDDiT3pG6AdjAN61MeeHHmoJavV8Tvdoa3g14Sn1lL+TQ1xaznyh520sX0dXPTp +GqZbDzqEMiVbG7vFECqINE96/rwppJlWK91F1MZikGXr7FeF5C0JutGLb0gaYOmv +Yau4DQ== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem new file mode 100644 index 000000000000..bfc572631c0e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEZmv8sDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzM0MzhaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOhEJeRA +L+2FCGv1Gp58ZomkW57YaxYF8tX75eV3H37eBg65bsr9fivzLI93zOnQhVP8rFqA +MxWWvkm3mPGtbVgCCdQU6KpPBb9y4d5EnJXC5TQ6eqOj/h40Dv98PGNxuuxIXf5N +iYkTs2C7qe0ZvxMFMbC+Zh7LpU7X6seE4tzNFS67xYNNTMen/K/QwEgWNxzRxO9+ +Dwi0ybzX0yFnLF6mX17+p2D7mk9QlLso1pyaK7eLTo3boletX1Hy43E7SrXZDOhW +WIfKL7to2/szblRPZza1LcPD6q9HfqzTsnq4pGxIji61Hm4lLYb7272GBMp8i9LM +dZG5zbvvM4ujyKUCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUm8NagruRQWj2xTVYfo1w +iLz1jlYwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAJqCjlFEJD3u +7ZeAOZoYz6nU7EHV2CbMpUSFUUZ1j0npIBDIfnOCJFj5xnysdN1GnruhHPqHyTPp +wcUNeXgpGh02/peR1Pt5nPz87RBgdkzApPEDZAONmsBPhZGW20jIojJYeOsIWT2r +9nWSc8TaNLC9c+lo5P2oZT4aRB1SKdk4HPd2ZJLOFL1ziEIuNVwtJ1vjQVB3OaBi +PSIu56xopxEKsuEJzoGwFvDWxhVM3jN9qM1vyOYuU11kMr0zyFwW1dv8evKkNvZ/ +f5WCfvnusaV8KgsxOxwiP9zHcqQ5pMj6ZZX/AB6w7R81HQ4TKh7dgenkzDuJRUbA +xH34CWV0uvo= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem new file mode 100644 index 000000000000..a23fd098c9cf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEFLjKeTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNTA1MTkwODQwNDdaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtaHXlX +JprVsWAKov/mD3JPCnD9pKnoI1ODtdgOfVNk7IHHHuqeX4GezJ062wzT4HXfbwLu +kZ34+fyUbWgaq/Ig3MYpLwfF/V/0S+XOiFpJiIYK8Vr7404Cw5Inu0gkGUbN8+1F +JXC2jjtvVA5CbzqHjcA+KRNc9PnTyhguSCFMcTxpVLAemIlOX5uvDnAF3yfJG7HI +QtyUm+E757DxRX2MKe+/BALh5IgPyBDS38b2t7G9c5gA6jH7XVMd/7zEtWogHhWE +7lNXqlgJFxYGkDDT8toy3qiOusagHz0yTnFS2R4Hv9BGItdnM/MxzFNN2AnIvz4H +hkuOtutced3o+y0CAwEAAaOBwTCBvjAdBgNVHQ4EFgQUl+XRzYsEl8BLRlWoacjz +DvqJOI0wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBABKmY19oBOwZ +fJPhhjTGmxJsUM2mYAb7HvmLPp7iE0iGjqgzMRl6xCCpd77kO+m9sr4OFf2JygCS +wO0F+ZaBWJOFtlHhyHGyjvspP3tbpGqCO+HO+JAICjtD78MzJZBMbpDRBsccKe1I +WvBkP2h5QHBmaw6ACTbFBOrPv/1VQiP2nLF5QzHfyHAVIzemxLVlhptk/Fnr8gR6 +ronVPD7EYTdc4SgIxQaKuktrrnXZ2O6XALLUkW3WjOLetCR1HdoBpBiHfgxYNg6b +zHFZ7HdLTWnzVAHia/BhIfFlucNNo6DrHk4yKVOy5/yIXgI3pjR+HlRXz9WEtTiu +dQh/7jQ9tss= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem new file mode 100644 index 000000000000..74fdcb6db4a9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAs2gAwIBAgIEAxHqozAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh +MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ +R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND +IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjM5WhcNMzUwODI3MTIzMjM5WjCBgzELMAkG +A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG +A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH +QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDExMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEEFSwmnoHF+cFvvzNGm8WrWz7Dja7KFVsiSYeZzE9Svn9AduLqbfC +hhlUF/JntiuWgn5LK6Z3ITHPEg9DgCa/3KOCATgwggE0MFcGCCsGAQUFBwEBBEsw +STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj +Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFJF3PLhoJOHBlUnt +isEz3ManNpuFMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG +A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj +Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB +FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF +Z4EFCAEwCgYIKoZIzj0EAwMDaQAwZgIxAPjxzTlhPxleoQE9IGaEXWP5w4OjC+Zw +2aaSk+f46h8O4FZK3Csf1XzIoa0tLG4O3wIxALssqv1PeM0rotzWRTjTF4cJ9GfX +TvSHONnkZyiiOxMJGgjPmW6fRZshWROK7eU7uw== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem new file mode 100644 index 000000000000..ea8c357b0926 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIEXYw6ZDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE +RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP +UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg +UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODU3WhcNMzUwODI3MTIyODU3WjCBgzEL +MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa +MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q +VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDExMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAue1NnPP7ZWDRj1of4h/vyabVX9ZLHiwuBIZkheDk +NF4jsn+uR8xud3RXZrNd6lga6kmJPBwwa60HNc4bJ1XuFVy6Ch2V6yYNqzrIHgTB +zfc5GqfjVXir47tRws2Em01lv+hLPcx0wdJLw1WVadwjPjKDVauNMTaWcZbQryXn +ZQkDTlNJqMEwCdYrnSxpNtgvmM/OqvdgQyGTV+N1A1uHGTqMyaRVzuq9BGyLfLrd +bCgum4OUTlwmhVkRXCoo4loa6Mx3qlP4WsPLe0pnGnBNXzUO2Y+F2Ye2S45R58ox +keP2fznHY0z/7FDAJSYZSmfnjGwuNGANhoqzkjmAvfDOXwIDAQABo4IBODCCATQw +VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u +LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E +FgQUXCkgdCF5vHBNsdjFTDTKlEBWF8owDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB +/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv +bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g +BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS +uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAYeUbnJWPImxO +yGYdc9kPj9xGd59U0Y4bypm3z2YW4tPLr2c5MP8Tte0Cpq3AD+V9MlWQW3VRhcv8 +ATEcKyWoOEBSPzNcSMDekjwAnS4mAOEdlJ5rG+bbixH5116QYUCkJvdVYIb3sZTy +02hj2Z3zofmz/9CSCuKqeQdoF4l/3olR8k46Pd/Z9DUZSCxW26WYzviYORzAusoi +H9qGgO7NLkFeYBlKFrkplOWlNTpM1psfAYhIuhhnIGarcp+59owc99n/f3VS6mQn +789KMaVPJYqOC2/t1R5P/hgwoDxbjoRmy74f+nUmMdp7lF55GsN/APQ71LgqDg8V +LuVVuaFSW5kb8DWDjG/z5fNR46/TBI2VFAAabuYmfC2y9n4CYRNdSHH8FnDOGdxl +ll6VJi3x84ywPxNf3m9ok8j+lmoiGm82YUlZbAnjFIoNtNvFIh5NoPzf6/LHEKYD +zOaK3TimuJESzPuxjTumUj06rceOokczl2oVvGzvHqWYAWU8gJQa1aY3LkQ0fK5q ++Vc/+uenilJEXEQZX2Y5Px8dLDcr9rPiMuxY76sEcg+PFvJLg9QIhKkgzt74v8Ih +aeDhrhAwKgDKcWAohYA/WQluxQommKp0N0s/Oi6yICpV73l41ea7kKzrjMu40IUS +befqsgmXOcuz+HHnTsINAd1EK+kMoFI= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem new file mode 100644 index 000000000000..fa0a28071716 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9zCCAt+gAwIBAgIQc3HALwPpy5ENrJ49S+Yo0TANBgkqhkiG9w0BAQUFADCB +ljELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTswOQYDVQQL +EzJWZXJpU2lnbiBUcnVzdGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eTExMC8GA1UEAxMoVmVyaVNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBNb2R1bGUg +Um9vdCBDQTAeFw0wNTEwMjUwMDAwMDBaFw00NTEwMjQyMzU5NTlaMIGWMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xOzA5BgNVBAsTMlZlcmlT +aWduIFRydXN0ZWQgQ29tcHV0aW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTEw +LwYDVQQDEyhWZXJpU2lnbiBUcnVzdGVkIFBsYXRmb3JtIE1vZHVsZSBSb290IENB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VBrQOh7Y1WHczxt1IGn +rlBKKr0K6OZXVllr6F5vuF0lneajCRpxZJUne7v7/apxesr59LrQcDbOktlrGXXz +OXjKBaXZBkKOO8ROIE2Ae6rslOMynlPHWP4HKdogZe3LPPViuC14uhgz5iXJ8pFf +UQdKxCdKWTzICg0B+l46pp42Fxr83eR72O9kSzEqijkaYdoDx06yxWALguUGzS7H +5sycnu2tAGDGFrmsQoh8mK4FUi5vce8JuWuhirCXZzmP/fV4tYndw+HJS/D7XuWk +BWcbm0clLTbmYZ7Ae1rl1XTP5pd8Q3cHGB6R0HcXyACyE4Vjp/g0J3HJjHd3L6Tr +wwIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4E +FgQUDxT14yCIRBbKJr+NH843FepFbwYwDQYJKoZIhvcNAQEFBQADggEBAH6Ujdhq +L8b38+swPJ2Jowu7UxcgzRWr2ayLqx8MwQkN1giSLsxcj6sHseMwqHLz2fCFfK2W +Si5ZeyIWlB1TOJtwdpcmafFNPs0hOWWyl3D4uY2kfiQFu+GdpRtM7T+lsgDLlXvz +t6nW2TscwGRKZA34hhvtE7294JJ56DlIcdSm3CY9MBvJ+pF2LyOC1NddHDf8ywKE +XA9CXVmu3dpvwE+s7flQPS2E+y5EaWkXtKso2JTaHMS3PSwSJRhmknf/QtEkPZfb +jzbhZZxVu48EZKOJL8lXzqm4hgpf7kX+WrVsCAny6AJkNn1xsQfvT0Y5OaVNH2RF +j4ORjyt4A5du3H4= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem new file mode 100644 index 000000000000..50544dda97f6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G +A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo +VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv +b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG +EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL +DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU +TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 +GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe +Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud +DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk +MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ ++O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem new file mode 100644 index 000000000000..2a7e2e238727 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEcWsKzTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNTA1MTkwODQ0NTVaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSAyOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1CQ3B3 +aJCs4znGLX+q6EO7LHZdJ2hcBEHSeDYakpBitMlcxXITyGTpHLuSsRUfF6NGpOdU +xmbyo+B+qf+5yA/lTZR59zRYxkv3sMpOOIId0xjoLW/jh5A8pzyj5Z20jv47PHyJ +WZvoe7XkOab1hDpBLUoyHxVJVUSLccoLX9pHXIahyZnd56AaoWQ25l8LBIdMDbOX +BUa9gGFXBYxVdqXACyvOcXPIh/OI3E1SZ8aPpcR/zuPYSRBxzXdC1DFiyyhfW6Xg +2qDpEP3OVmxbv3s3AdUWYAkDRBlf1yeEVr2YSDgvxfzq6/k6LsiMVyJyNRlpLpDS +P4acNNixr0mdQScCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU9T5PR14NPG4rPlbjroq7 +lTEiYX8wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAE32RSaqKXQY +09Oqvl0RnpmnqXd4X7opdam1XxbohB7tsC1hjsvZ0zSXZ68MJUhqaoEZRAShS9xp +JZ04yiaYB6cqMPa/APlR1+CW/Ff7FroRRaxF4Jia4EBVooWb18uR4YBZkCyJNBkn +ch0YltTMKpBga6+n8nJUuS7idTyw38cts+gPZIs8jS6+J4/3Bkq25V1OmbQvjwcA +6xZ7Y5PPGPUCWhIS2C1syRGjOG8xVEjRwC8KwbQ9tiH+LjbWsyJHC7rltt7bp4L6 +YNmtpBF3sdtUopVbw1d3zXi/nJydqpXJJhgp6gsj1lFqE98oBwamuAUq6SlW7o1r +MCA/Va9Mn6E= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem new file mode 100644 index 000000000000..7b2b1684c76f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEHZiMxTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzM2MTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALC9fdSh +l+2uEu3rXJijH1evABQsqY7Z1BLhoejD0fgbwVKTbuaxJZy0mocPNYp9ygyY2Gbf +Mycn5viX7crF6hQuwr4vC7gUpy1Zht6tCtIOzvpJKWbBykT++wUzwxF4PNSNP0An +uZa2cD0RCiV9S9Aybwno+SgCCmuVPeT7jx3L7D6qYUL2Bow4tMjkHoVESWWgTf5k +zC6hwJ43TP0fTU2nbzG1cFeueagDqOlvX9FYkgko688f8P7nWrzkSt6ecVYSLMSh +GkuqDd9z+SauWHQ7ST2MS8ijkwGAQbVD2LIj0pTeHU/o7I9NToRkbRtreN6t005Q +fMz0ct4cqe0EVbsCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUNlIAjh+4xZmFrcYyF7aE +enUu/uAwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAKAhZdWFtAWb +oevoXcOWoQaODTIFRVa3nGw/tFX6oYzBZXMqqHNMHDaffhUgP9za/I3YlDGLqaeg +WKbCN2N+SlshleLTDX5I2kuvUFmYVq9Jk6QLSNwBufeDW3GYf9erTCm7CZ5JeeKU +EzQkSnMEz+FbOjOZ+OqDs5w1dk/zvN/qzbLJJUnuSnx/2hl7JfpXQ3j/oTo4ryWl +8IxqbjS1qy8ukaPJG5zQu+xaWSOr1zfkq5ZSY/oWG3IadKc2vStEjUCq+un/LcMH +yuSAZQIDCR190SBTQE4tC+eIaXl6FK+EPJAB76Mos7e6ErV/F6sSf1j5J40SLTUf +K2owrzyHFkk= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem new file mode 100644 index 000000000000..31b3fb233fac --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEC/Gs7zANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzM4MjFaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWs4L3V +UiRqEu9B/aIcIU19FA9tnhyFG4mYTUBt4ho4FfeYbE3uAzxpNo819VlzId/pt7FD +v46Da3vs+ut29keREQovnS1HpOxZhWVh8j67Kr3BFVSzd9OZRyCDMe435cRHwP/3 +W0LXkpADFwaF/4O7/i2vzK04HK0Wb2vwIZFIixrQGVwavn/7YFeh5NQm8OU51XLE +n7GIXhHAyUXV4RpKcHhbDPuw67obUqkvulswEHe1M/hsqtPaY5cWeIl+Jjv9/kp2 +Ikl6eDclp7yHXc13Xvh2vqfrfeC2Bz3SPWLX4h9qptyC5td0tONfCMbzE9wk7D+C +eeM9b6W9kRE+f1MCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUKneg40LLxscu4/r8Owp7 +zqfJzk4wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAGhDSonPnyer +gyjkb0D/mejWOyOWAlM2YCktqx99hxWg8m/aIMRBP/xlVkd1GR4pp3TdP//EE4JQ +Swwk4A81K+HY/WRflX8R5+SdaskKAXWqIwmXILVuxgXJCnAkWAoX3ZK+eneWSZ9i +pGp0n33b2lyNh110IitPpgip73Amj7Jp5oRfN7SxeAxLYgxnjjvsnWOd+OZ+/K2A +GX+rGzlGZ36RvaiGUY4cJyHSdoQh3sGm8xjqTf2pddoWydoxmgifzG+01jLRi5Uh +Gbyq7M+wuG7aFlZuPMN4tBltBZAqxk9o4Vsf5uT/wjdWjWP+V62lutDM8lFdq3Tq +egGHxNUN5IY= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem new file mode 100644 index 000000000000..810bc9b0b82a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEQx49BDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzQwMThaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7G1JeF +Hb1FbO/L//24maD8vTYhdN8rJ6rukZ0tPuX/UZUcWMatsbfYeIIfSf2faX0Qk/Bp +XoBFa3rRlnMJa1RFf4p9PH8p0/O0su/GFyNkAp4RtwXfU0zniY2avTo60ttP45ei +n3k+V+mN3Qp/Z6Cv8tIrUCeMomnUfFBj//xolnaeBJTJqB9N9EspMP/ZKqWYzF3z +9fuHDaaPHJ51PbMqsPnC2TpFL2WoqAIZH5eduVi9UgHKI0uZG1K48RmmLwvjEyoi +B69Elg9Gxb8pjMwDFONCkUCSKPvLDUSFbVGfX063STp20f6QH4IDwy/Ewon/Ti6m +hwBNdsdvzuLV3gECAwEAAaOBwTCBvjAdBgNVHQ4EFgQUQEBgcCitE0/Fb7t7mvkO +hb3iGd4wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBACttyUx8sgLo +/NJGDs8yjVFzMdGSqFWeKbJux2TrKJ21yQ1kwT80JInmV0tPlEkPBhk76gN/UdhW +LgEa8NUa4Lfb4kHreSeeJUQYJ6yxwRWQK6L7XoWRoyT4ziLS2lvJrVTOfxLq+n43 +5UCnN0WuMsCmE4VRaIGTNe0qBljvl4V3sLc/9XB7q+WoccRRC58L9x+6YaEekQ1b +ZV4UAaEozlRtqyhgaJ5DnTVxcoyyk/3r4Dut2Cw9xdbpxPLnByfkVcXjBzDgYyLo +ytjIjpT81ddKoZdH5S1qTMo3lyx2zVB4TsbWpv4+Q8qHeU0L1qMfjJi0I0PTf5j0 ++tm+htxY9/Y= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem new file mode 100644 index 000000000000..44fb62ff1997 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEaKPtQzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzQzMzNaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA2MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJC1kYiE +VaHloKcYnzxDUlU+Wwk7AVaoZd0nCK+EH4Khbtf5OhjqJ7W37TSBjG63eCMcQRWV +YuPAwQj9i5CnLO4/Q1pU8TZA6LQfdsBuGeE8UYBjvgR8k2NpPPLQUuQJVLN0hC9C +ZtRYjSjgGroG1HDq8HR6f95NU/PwUWuh0T8hT5J0Fv6JJ9qfOImC/FAychOFd2Dh +uoSkJ61Uu2NtSuywYQ42+cSMtJbOzc1TWnyJxQ1//nsDhbRs01TZX6v6WPNxW7ng +HzsDJWAfM8UejWV0aXkFR2SGkqKj4HbdcOUO4PiY8TmQsfx3rRD6eZeVm++Ozost +CSG43qzrMrIDJkkCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU2xsj2J2JM3VhLPVRaj10 +FJw/6ZwwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBANKMf/BNsisc +97BN12tShgS3MiHsJDB1vIM5NLZ32laCv4hkGy18L70BipXvAcvJXxf0CqE25rOi +Un2sLBO+NIWtF2k/JodLZbhzp0PgZ/9ftchAAjkJUK7vsXH9ADM60+O8lh1N64XH +K+i0ZRR3jNND0/Q/JhJZiPeQNLAZlue6KydWGR+dkuicJWDAs0D0V48bxs9mG+Lj ++nn4VvfQYi1Kz2F42v5b5yX3Rihyja7ZXyoy+1sNCfUDviVJ/IK1tWOhpDS8GL7k +CyQC09drpnzWHiT8qRyUu7GzFFStod4XWlAtpBwNGZ/eeVKaitU+u+OpHkSC0UTC +09GGE7xes1c= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem new file mode 100644 index 000000000000..463f8383630c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJDCCAwygAwIBAgIEH9B9WDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE +RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n +aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD +QTAeFw0xNzA4MjExMzQ0MTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF +MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll +cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk +aWF0ZSBDQSA2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkHRgiW +Vjfv9aSAZ1+5jqsOBr+02Ki2X0fCZL71YSNiz90P2vud+iSeVBTSjDGrHLd3DlGa +MYxe1DPF3PVk0QNMXVledT52wOuGp5s+6uoSX+4W/zU3efC4zEJvvGz9qiwwDO4W +H6FgjTvVE+Rrn2pbrzW8n2lIvHnJLVGzHiSZfayQrmS0rAHrrbJSFvts1x/Al4GL +ky7RyCgqJw+KxDNZ16x4k0Gv9PhboKyUc+h/Hn+2w5RcAlKTZukLCfujg6KRUJek +v51ekPQzRf8mw4z5x2Bd5nmxNNWJ+4CGoG+/N+mP/n2gaYMZdadQzn6l+/WtIKhr +6QWnAYye++AKbEMCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUomzurJX6M2cyGdDCp3Y3 +EC+1P/IwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g +AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3 +LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU +VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAEVQDi0bnfgY +GaCMLvCnwhtqgc/rCSk2VYGlZ2QS8q+MmnegR9Lb3vZAsDT8c2TgvrnK1pHrFbsx +vZ9xloJkUt+aCIZ/8PR+wFZrsX0P7mLT9HgJDrCciN4b/giDto9IQ5WBtp/Fr3oM +Wg91QZdONHDtR/X7UYZMm6Ev6vQAdnZkSHnZApR+0yKoBJYININZfI9ePZ+s5Bll +meTVjyKtCG8LgcGDDq8Vaodl36VQya5TEkT3e6rLvl9XyhxG4R3xzNEK/0x5Rh4C +ZQLB4V09fbciSfsXpOflmO5rF7kDBIJyLhwWONtnsW8m3hGI0qhwb0MoLQ/OW4CA +7wYXq7TEzK4= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem new file mode 100644 index 000000000000..939d7bede125 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh +MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ +R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB +IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD +VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD +VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH +QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn +25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr +R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS +JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT +ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl +8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 +7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 +bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d +cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS +ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu +81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV +HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN +UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M +BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y +rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ +gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y +np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 +DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr +la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf +Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR +pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv +JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM +6sJa8iBpdRjZrBp5sJBI +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonECCChain010.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonECCChain010.pem new file mode 100644 index 000000000000..cd9b1c41868c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonECCChain010.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh +MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ +R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND +IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG +A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG +A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH +QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z +CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw +STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj +Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl +5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG +A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj +Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB +FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF +Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy +/iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle +pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G +A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo +VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv +b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG +EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL +DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU +TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 +GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe +Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud +DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk +MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ ++O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem new file mode 100644 index 000000000000..352d0d82fd74 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh +MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ +R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND +IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG +A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG +A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH +QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z +CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw +STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj +Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl +5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG +A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj +Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB +FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF +Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy +/iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle +pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem new file mode 100644 index 000000000000..7d563c844aa6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE +RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP +UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg +UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL +MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa +MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q +VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb +XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2 +86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J +7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb +DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1 +wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw +VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u +LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E +FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB +/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv +bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g +BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS +uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO +/fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh +GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo +Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R +V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG +UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT +UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm +463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI +RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/ +YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6 +v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+ +thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonRSAChain010.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonRSAChain010.pem new file mode 100644 index 000000000000..426183fccf15 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/InfineonRSAChain010.pem @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE +RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP +UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg +UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL +MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa +MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q +VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb +XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2 +86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J +7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb +DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1 +wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw +VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u +LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E +FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB +/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv +bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g +BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS +uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO +/fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh +GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo +Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R +V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG +UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT +UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm +463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI +RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/ +YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6 +v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+ +thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh +MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ +R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB +IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD +VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD +VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH +QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn +25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr +R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS +JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT +ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl +8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 +7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 +bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d +cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS +ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu +81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV +HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN +UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M +BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y +rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ +gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y +np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 +DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr +la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf +Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR +pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv +JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM +6sJa8iBpdRjZrBp5sJBI +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKIntermediate.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKIntermediate.pem new file mode 100644 index 000000000000..fea2f4f82e47 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKIntermediate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvjCCA2SgAwIBAgIUbOv9CbWie5MIiWFjQaGYw+NfG50wCgYIKoZIzj0EAwIw +gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh +cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg +cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTUw +MzI0MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBlTELMAkGA1UEBgwCVVMxCzAJBgNV +BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y +cG9yYXRpb24xLzAtBgNVBAsMJlRQTSBFSyBpbnRlcm1lZGlhdGUgZm9yIFNQVEhf +RVBJRF9QUk9EMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMFkwEwYHKoZIzj0CAQYI +KoZIzj0DAQcDQgAEryzECW6qpKxLE8m3YQwVO+oiea9EkzNEVxDAA/IOaq+u1MMY +W1POaBQFO17J57eFLmTfC3pCtaBnB9mWsjFhzqOCAZwwggGYMB8GA1UdIwQYMBaA +FOhSBcJP2NLVpSFHFrbODHtbuncPMB0GA1UdDgQWBBRec8iao+kCsnK58HQffYcw +4+xySjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjATBgNVHSUB +Af8ECTAHBgVngQUIATBwBgNVHSABAf8EZjBkMGIGCiqGSIb4TQEFAgEwVDBSBggr +BgEFBQcCARZGaHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9l +a2NlcnQvRUtjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjBcBggrBgEFBQcBAQRQME4w +TAYIKwYBBQUHMAKGQGh0dHA6Ly91cGdyYWRlcy5pbnRlbC5jb20vY29udGVudC9D +UkwvZWtjZXJ0L0VLUm9vdFB1YmxpY0tleS5jZXIwTQYDVR0fBEYwRDBCoECgPoY8 +aHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9la2NlcnQvRUtf +UGxhdGZvcm0uY3JsMAoGCCqGSM49BAMCA0gAMEUCIEwoRGZXyGrOi5c5XQ0sogO0 +7nKarDdxCHJjJmfB2j98AiEAzEpP1ysDBAD6k97Y0XVrqn4srCNv6132mRKeSw16 +wMk= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKRootCA.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKRootCA.pem new file mode 100644 index 000000000000..d30b958bc9e0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/IntelEKRootCA.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICdzCCAh6gAwIBAgIUB+dPf7a3IyJGO923z34oQLRP7pwwCgYIKoZIzj0EAwIw +gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh +cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg +cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTQw +MTE1MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBhzELMAkGA1UEBgwCVVMxCzAJBgNV +BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y +cG9yYXRpb24xITAfBgNVBAsMGFRQTSBFSyByb290IGNlcnQgc2lnbmluZzEWMBQG +A1UEAwwNd3d3LmludGVsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJR9 +gVEsjUrMb+E/dl19ywJsKZDnghmwVyG16dAfQ0Pftp1bjhtPEGEguvbLGRRopKWH +VscAOlTFnvCHq+6/9/SjZjBkMB8GA1UdIwQYMBaAFOhSBcJP2NLVpSFHFrbODHtb +uncPMB0GA1UdDgQWBBToUgXCT9jS1aUhRxa2zgx7W7p3DzASBgNVHRMBAf8ECDAG +AQH/AgEBMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAgNHADBEAiAldFScWQ6L +PQgW/YT+2GILcATEA2TgzASaCrG+AzL6FgIgLH8ABRzm028hRYR/JZVGkHiomzYX +VILmTjHwSL7uZBU= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA001.crt b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA001.crt new file mode 100644 index 000000000000..c7b7e8d955b3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA001.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNDCCArmgAwIBAgICEAAwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf +BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u +eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 +MDUxMzAwMDAwMFoXDTM3MDUxMzAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV +BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU +UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB +IDAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA8ri4sMjK5RoF9LOA8eZs9ZHKJ1 +dXT/w28Vtwe6yBA4Op5w0n0o3+9NPPKJfsw1YDoeKZ9kwvpxTVM7kBtpKOw6NRRq +bUAkzAfYqIwpHPPhN25JSOXhl3bn36dSCfUCfqOCASEwggEdMEsGCCsGAQUFBwEB +BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv +b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAIsvu1ddwYPKDPp1TdrqLwwjNm6 +MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS +b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud +IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G +A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2kA +MGYCMQC3Z7rH2wyIAhKM/2TopTbWUzrTTlwyjHw1ShOcovNEMgevVM/+AV1SAGSL ++n3LengCMQCYnzH/Wk4o4+0lOrnUDLNT4L7N6d3IIFGs0XARk1S/RCBoyGSlHUP3 +7JhNd0voDIc= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA002.crt b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA002.crt new file mode 100644 index 000000000000..d9b577939a53 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA002.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCArmgAwIBAgICEAEwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf +BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u +eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 +MDUxNDAwMDAwMFoXDTM3MDUxNDAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV +BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU +UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB +IDAwMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABLq7H/y6uXdkXZWYlGAHJGjaPsS6 +cnLxp+oMnOQhr/wuTviTiCWA7gFaPOeEg5JSC944VG54M+JS0jKnlM38CMPWBKQQ +nNEaWWMkJbhI/DychOqZ9bHVN0DmsrBWeSzFdKOCASEwggEdMEsGCCsGAQUFBwEB +BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv +b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAPRzeQ46j2zTZQxgcHNUX1ogGLv +MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS +b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud +IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G +A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA +MGUCMFWbhtvZOP+xqrxC2N5ArgiBBfheFTWM5rectLY50LQJpOMaiVSFs72PUrhz +IFX6ewIxAPL7H/hDyflrnB1kUrcbMaRxjuV8xP6h6bT6hrz5x4Y+nORKkxbz2KLU +G3zS/IDHOQ== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA003.crt b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA003.crt new file mode 100644 index 000000000000..ef95ed69e657 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkMfrCA003.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCArmgAwIBAgICEAIwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf +BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u +eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 +MDUxNTAwMDAwMFoXDTM3MDUxNTAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV +BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU +UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB +IDAwMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCtznQzLxTR4YGov53b3NXkjNBcb +iWeC7XsukpYkm61dxCw+bsP+jm1soaN9/WDcodzN8hlBFVYWwL79K+S5w9Xojnik +rrnadWfCJ/LwmY1esyjQEmSbCXiukCZGfB8Nq6OCASEwggEdMEsGCCsGAQUFBwEB +BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv +b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFOuy9OMS5lKcTtDNtoIoWArlID1F +MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS +b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud +IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G +A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA +MGUCMBFkhoH7ATgC8Z9QAsWJ6YZzI9wsXMcLjytBY1Ae9gWkFQEnfrx43gd+/pRl +2Mpy5AIxANhHc4NyRsFsZ828jOUthQIH0A8rckSDwNkoGWGVAuny/S9Gww6k5EM4 +EwQq9W0Syw== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkRootCA.crt b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkRootCA.crt new file mode 100644 index 000000000000..36cdff86b796 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NationZEkRootCA.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRDCCAcqgAwIBAgIBATAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJDTjEhMB8G +A1UECgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256 +IFRQTSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwHhcNMTcw +NTEyMDAwMDAwWhcNNDcwNTEzMDAwMDAwWjBrMQswCQYDVQQGEwJDTjEhMB8GA1UE +CgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256IFRQ +TSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAATvuDTN8TNvp3A9fSjWpDARLmvz7ItQrDq/mmuzvzInwQfs +YKUUJza4MXB3yS0PH1jjv1YMvaIBIalAgc+kahScQUy6W2fy6hd36pazmc/vQfG3 +Gdhw56gGwRHx4rn4TuqjQjBAMB0GA1UdDgQWBBQ6vP8I314BDCtkB4vHzpUG9Aj9 +5DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo +ADBlAjApzqSmd4cCMKC7slJ4NE/7zweXZx89JzSEnEWGcq78jbbXCw6yM+R4nCNX +phflI9QCMQCeFOAvyR+DQvThfGFINABej+1zeDVIjuZHat3FHVyV0UQVClPgMlZu +TntipXwGOVY= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA0100.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA0100.pem new file mode 100644 index 000000000000..5e3a4a1effb0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA0100.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCDCCAa2gAwIBAgIJAKSOwvBmtTZjMAoGCCqGSM49BAMCMFUxUzAfBgNVBAMT +GE51dm90b24gVFBNIFJvb3QgQ0EgMDEwMDAlBgNVBAoTHk51dm90b24gVGVjaG5v +bG9neSBDb3Jwb3JhdGlvbjAJBgNVBAYTAlRXMB4XDTE1MDQyMDA3NDIwM1oXDTM1 +MDQxNjA3NDIwM1owVTFTMB8GA1UEAxMYTnV2b3RvbiBUUE0gUm9vdCBDQSAwMTAw +MCUGA1UEChMeTnV2b3RvbiBUZWNobm9sb2d5IENvcnBvcmF0aW9uMAkGA1UEBhMC +VFcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRh5Aw2OaeLSXA3llLU6KcpZ+7 +kX9dOTXrQ5fRlhdO//IbMA4DotivYL2y9rgWOIPB8hwlA50RDxlzJPKlD6o5o2Yw +ZDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU +SC1WgM6Cj0gKjk9fZUgdajmRtGIwHwYDVR0jBBgwFoAUSC1WgM6Cj0gKjk9fZUgd +ajmRtGIwCgYIKoZIzj0EAwIDSQAwRgIhAPqfjnMuNRbMdpLN7GjxtAhPqLLuh/CD +TgU12LegjOpOAiEApW30TPJ2uhasTeMvdbtxKCc45sGrM+YYE4UxxiYZxqY= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA1110.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA1110.pem new file mode 100644 index 000000000000..96cecd948bef --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA1110.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAaygAwIBAgIIEDiqn2SaqGMwCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY +TnV2b3RvbiBUUE0gUm9vdCBDQSAxMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s +b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUwNTExMDg0MzMzWhcNMzUw +NTA3MDg0MzMzWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDExMTAw +JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU +VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDVkEOpuyhuviaDH6xQj3faaV2Z4 +FvXSdwUkTiB1JjPDgv1PU0SFYtEE1W9VmI1GcOn5FAUi2/QM36DPhmPTd+qjZjBk +MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQV +kdS26vmNAQSGS2kDpI3QAmB30zAfBgNVHSMEGDAWgBQVkdS26vmNAQSGS2kDpI3Q +AmB30zAKBggqhkjOPQQDAgNIADBFAiEAlfxysfHDcxYDed5dmRbvHPKHLEEq9Y9P +wAxoKqH7Q5kCIGfsxiLr2j9nJ9jELwXz0/VWN9PhUNdM3qmsx2JEne6p +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA2110.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA2110.pem new file mode 100644 index 000000000000..6381f752b34a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/NuvotonTPMRootCA2110.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAaygAwIBAgIIP5MvnZk8FrswCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY +TnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s +b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUxMDE5MDQzMjAwWhcNMzUx +MDE1MDQzMjAwWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDIxMTAw +JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU +VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPv9uK2BNm8/nmIyNsc2/aKHV0WR +ptzge3jKAIgUMosQIokl4LE3iopXWD3Hruxjf9vkLMDJrTeK3hWh2ySS4ySjZjBk +MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSf +u3mqD1JieL7RUJKacXHpajW+9zAfBgNVHSMEGDAWgBSfu3mqD1JieL7RUJKacXHp +ajW+9zAKBggqhkjOPQQDAgNIADBFAiEA/jiywhOKpiMOUnTfDmXsXfDFokhKVNTX +B6Xtqm7J8L4CICjT3/Y+rrSnf8zrBXqWeHDh8Wi41+w2ppq6Ev9orZFI +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/cacert.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/cacert.pem new file mode 100644 index 000000000000..b752ba545e2d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/cacert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM +A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw +NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 +b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B +AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T +31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf +KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT +XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy +4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k +JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD +VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe +RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr +xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC +/XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2 +wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T +/9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92 +AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy +K0wEax/1fsWqDeoom5I1NA== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/cacertecc.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/cacertecc.pem new file mode 100644 index 000000000000..a47eb31c21a1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/cacertecc.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT +AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC +TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz +OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 +b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq +ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk +p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL +sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh +3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM +5RyP15ckRA== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/gstpmroot.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/gstpmroot.pem new file mode 100644 index 000000000000..b40c5e963f93 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/gstpmroot.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgILBAAAAAABIBkJGa4wDQYJKoZIhvcNAQELBQAwgYcxOzA5 +BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT +aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwMzE4MTAw +MDAwWhcNNDkwMzE4MTAwMDAwWjCBhzE7MDkGA1UECxMyR2xvYmFsU2lnbiBUcnVz +dGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAoTCkds +b2JhbFNpZ24xMzAxBgNVBAMTKkdsb2JhbFNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBN +b2R1bGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPi3 +Gi0wHyTT7dq24caFAp31gXFDvALRGJrMiP+TunIYPacYD8eBVSNEiVoCUcVfYxzl +/DPTxmRyGXgQM8CVh9THrxDTW7N2PSAoZ7fvlmjTiBL/IQ7m1F+9wGI/FuaMTphz +w6lBda7HFlIYKTbM/vz24axCHLzJ8Xir2L889D9MMIerBRqouVsDGauH+TIOdw4o +IGKhorqfsDro57JHwViMWlbB1Ogad7PBX5X/e9GDNdZTdo4c0bZnKO+dEtzEgKCh +JmQ53Mxa9y4xPMGRRnjLsyxuM99vkkYXy7rnxctSo7GtGIJJVabNuXZ0peaY9ku0 +CUgKAsQndLkTHz8bIh0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFB4jY/CFtfYlTu0awFC+ZXzH1BV6MA0GCSqGSIb3 +DQEBCwUAA4IBAQCVb7lI4d49u7EtCX03/rUCCiaZ64NMxxqRmcSVdUx6yRrbl8NN +FNr6ym2kTvwe1+JkTCiDxKzJsOR/jcPczAFiYpFbZQYLA6RK0bzbL9RGcaw5LLhY +o/flqsu3N2/HNesWbekoxLosP6NLGEOnpj1B+R3y7HCQq/08U5l3Ete6TRKTAavc +0mty+uCFtLXf+tirl7xSaIGD0LwcYNdzLEB9g4je6FQSWL0QOXb+zR755QYupZAw +G1PnOgYWfqWowKcQQexFPrKGlzh0ncITV/nBEi++fnnZ7TFiwaKwe+WussrROV1S +DDF29dmoMcbSFDL+DgSMabVT6Qr6Ze1rbmSh +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.txt b/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.txt new file mode 100644 index 000000000000..6c2a04f2473d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.txt @@ -0,0 +1,49 @@ +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/InfineonECCChain010.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/InfineonRSAChain010.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NuvotonTPMRootCA0100.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NuvotonTPMRootCA1110.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NuvotonTPMRootCA2110.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/cacert.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/cacertecc.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/gstpmroot.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmeccint01.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmeccroot01.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekint01.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekint02.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekint03.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekint04.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekint05.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/stmtpmekroot.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/tpmeccroot.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IntelEKIntermediate.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IntelEKRootCA.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NationZEkMfrCA001.crt +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NationZEkMfrCA002.crt +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NationZEkMfrCA003.crt +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/NationZEkRootCA.crt +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Root_CA.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem +/gsa/yktgsa/home/k/g/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.windows.txt b/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.windows.txt new file mode 100644 index 000000000000..03161808fc1a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/rootcerts.windows.txt @@ -0,0 +1,49 @@ +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/InfineonECCChain010.pem +c:/users/ibm_admin/tpm2/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem +c:/users/ibm_admin/tpm2/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem +c:/users/ibm_admin/tpm2/utils/certificates/InfineonRSAChain010.pem +c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA0100.pem +c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA1110.pem +c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA2110.pem +c:/users/ibm_admin/tpm2/utils/certificates/cacert.pem +c:/users/ibm_admin/tpm2/utils/certificates/cacertecc.pem +c:/users/ibm_admin/tpm2/utils/certificates/gstpmroot.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmeccint01.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmeccroot01.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint01.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint02.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint03.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint04.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint05.pem +c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekroot.pem +c:/users/ibm_admin/tpm2/utils/certificates/tpmeccroot.pem +c:/users/ibm_admin/tpm2/utils/certificates/IntelEKIntermediate.pem +c:/users/ibm_admin/tpm2/utils/certificates/IntelEKRootCA.pem +c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA001.crt +c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA002.crt +c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA003.crt +c:/users/ibm_admin/tpm2/utils/certificates/NationZEkRootCA.crt +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Root_CA.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem +c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem +c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccint01.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccint01.pem new file mode 100644 index 000000000000..21767a51d5b2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccint01.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIEQAAAATAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJDSDEe +MBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR8wHQYDVQQDExZTVE0gVFBN +IEVDQyBSb290IENBIDAxMB4XDTE1MTAxNDE1MzQ0MFoXDTM1MTIzMTIzNTk1OVow +VjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBOVjEn +MCUGA1UEAxMeU1RNIFRQTSBFQ0MgSW50ZXJtZWRpYXRlIENBIDAxMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEvUVh5iXWQ0kYwUoy7bqWMVkRG5abfGOsV2SLLRNx +i7nmfa3q1sxh9KVRCDjhvElQb8B+DIG1L9m65NR+9AAjRqOBrjCBqzAdBgNVHQ4E +FgQUfrg2zvvfimNx/3Mz+brXFGFslsswHwYDVR0jBBgwFoAUIJJWPAtDqAVyUwMp +BxwH4OvsAwQwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0 +dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCAgQw +EgYDVR0TAQH/BAgwBgEB/wIBADAKBggqhkjOPQQDAwNoADBlAjEApGAqByxXaxnZ +gVkFeRywQ7Z/kZlRSVPJqU5aytBCrFLk5sNAb+pu69HKNuWlAMW7AjBza9+mibY2 +i82zFtTQqkjo0pDVAyF3iX1ejqGDEW/PinHJTmNC76R34flkucEhX+U= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccroot01.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccroot01.pem new file mode 100644 index 000000000000..532bbcb55163 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmeccroot01.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyDCCAk+gAwIBAgIORyzLp/OdsAvb9r+66LowCgYIKoZIzj0EAwMwgYsxOzA5 +BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT +aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE1MTAy +ODAwMDAwMFoXDTM4MDExOTAzMTQwN1owTjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoT +FVNUTWljcm9lbGVjdHJvbmljcyBOVjEfMB0GA1UEAxMWU1RNIFRQTSBFQ0MgUm9v +dCBDQSAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABG7/OLXMiprQQHwNnkpT6aqG +zOGLcbbAgUtyjlXOZtuv0GB0ttJ6fwMwgFtt8RKlko8Bwn89/BoZOUcI4ne8ddRS +oqE6StnU3I13qqjalToq3Rnz61Omn6NErK1pxUe3j6OBtTCBsjAOBgNVHQ8BAf8E +BAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUIJJWPAtDqAVyUwMp +BxwH4OvsAwQwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3MAMwTAYDVR0g +BEUwQzBBBgkrBgEEAaAyAVowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv +YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDZwAwZAIwWnuUAzwy +vHUhHehymKTZ2QcPUwHX0LdcVTac4ohyEL3zcuv/dM0BN62kFxHgBOhWAjAIxt9i +50yAxy0Z/MeV2NTXqKpLwdhWNuzOSFZnzRKsh9MxY3zj8nebDNlHTDGSMR0= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint01.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint01.pem new file mode 100644 index 000000000000..75c2380cd5c6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint01.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIEQAAAATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD +SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g +VFBNIEVLIFJvb3QgQ0EwHhcNMDkwNzI4MDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV +MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw +JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJQYnWO8iw955vWqakWNr3YyazQnNzqV97+l +Qa+wUKMVY+lsyhAyOyXO31j4+clvsj6+JhNEwQtcnpkSc+TX60eZvLhgZPUgRVuK +B9w4GUVyg/db593QUmP8K41Is8E+l32CQdcVh9go0toqf/oS/za1TDFHEHLlB4dC +joKkfr3/hkGA9XJaoUopO2ELt4Otop12aw1BknoiTh1+YbzrZtAlIwK2TX99GW3S +IjaCi+fLoXyK2Fmx8vKnr9JfNL888xK9BQfhZzKmbKm/eLD1e1CFRs1B3z2gd3ax +pW5j1OIkSBMOIUeip5+7xvYo2gor5mxatB+rzSvrWup9AwIcymMCAwEAAaOBrjCB +qzAdBgNVHQ4EFgQU88kVdKbnc/8TvwxrrXp7Zc8ceCAwHwYDVR0jBBgwFoAUb+bF +bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B +Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA +x4vL9XKio0c8mmtKCC0TFYEwCbH4ZCoOjyzpVcQFN7YNARFA62pqFVFq2nIeoAl1 +cCxy62kEPfUmYtu4j7MozXaCNMCZUdj9Upkgnhe46nMUpff/zNN0+x/uN9exKoaT +8ofwdSdFCeCAcrz1FeiaH5+IxNAPtASQditvE2O5WJxD6awGyCUMMy+931bX8Iba +KjBrW3iuy7//JRXp9/ZDoSNo/7fN3ogSkeK1a8c0wseyhK/ubGjjojZCcDCASD6q +FlkYFt2MQq5IaRMt0n1PPKL66ZQCAqo8lAnnXklvTx+fyYcwZ5waOTIUN6kV/3Bs +ewZ7cb+IDxqwZbQhxSWqnQ== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint02.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint02.pem new file mode 100644 index 000000000000..60ceac2158b4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint02.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIEQAAABTANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD +SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g +VFBNIEVLIFJvb3QgQ0EwHhcNMTEwMTIxMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV +MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw +JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJO3ihn/uHgV3HrlPZpv8+1+xg9ccLf3pVXJ +oT5n8PHHixN6ZRBmf/Ng85/ODZzxnotC64WD8GHMLyQ0Cna3MJF+MGJZ5R5JkuJR +B4CtgTPwcTVZIsCuup0aDWnPzYqHwvfaiD2FD0aaxCnTKIjWU9OztTD2I61xW2LK +EY4Vde+W3C7WZgS5TpqkbhJzy2NJj6oSMDKklfI3X8jVf7bngMcCR3X3NcIo349I +Dt1r1GfwB+oWrhogZVnMFJKAoSYP8aQrLDVl7SQOAgTXz2IDD6bo1jga/8Kb72dD +h8D2qrkqWh7Hwdas3jqqbb9uiq6O2dJJY86FjffjXPo3jGlFjTsCAwEAAaOBrjCB +qzAdBgNVHQ4EFgQUVx+Aa0fM55v6NZR87Yi40QBa4J4wHwYDVR0jBBgwFoAUb+bF +bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B +Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA +vmfL0ySkdZKRQGL1ifx3iIDx59qq0ICApIoDcrx4ibMG9wZ6MjhIVs9yXh/N/IAP +/uz96XZ4PR+Ljm9IfrVVsNxegHkmZxOhYJo567tna3hAWrj/onlXE8FgvxV3fwDq +AREaGXLyQhgRXUsepfsikguF+GdFoI/5vF5go8JrJpmXrLkiDnE2GyOQ0Bj6EdFC +bVXc7n+iYtdIoEq/H7sRX6Jz+i44EEg/pXebCeS29awwas/kQtfA/+LLl3AHfUVQ +b/FyjA+MnZVPhgg4MvXwy0ZHu3yuBX/Is6WS6cAlIQBpDFnLh2ZWAIIJ7pPxucM2 +SA76Pwf+QZIYDwybBwlppQ== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint03.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint03.pem new file mode 100644 index 000000000000..c2849529f3fb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint03.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIEQAAAAzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD +SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g +VFBNIEVLIFJvb3QgQ0EwHhcNMTIwNjIzMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV +MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw +JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKUVK0+9LHDAyaDdkZ9I3c3itcDJmIz/OwTs +2ET2zAA1bE4BtSRj3rUXnzas8MBtRXQyfDdXIpL80PJywtRep/IujY0YqmI1TCee +A76SIPDDgi0W3h6hwTC1mvxW4I8i8ZAqB/iB6+o3A7rapZTsvfj9FwkhG6Fnafc+ +dvNI4nVdu6L5TBhp73HnJvVvjs6YfzRcYi6LXCpUZtQQk8DcKYLmID2W9Tm1QjR6 +COh/xuJIo0bWGlBfUq3X92ilID1wuGi27JLveoOk5tHh0lkBhwV1XYEhdUifroPE +qylX9pqZk5SseiQ6XBzYX5K4ZIqODSMWX92G+tBpkL/Rb7MpM3kCAwEAAaOBrjCB +qzAdBgNVHQ4EFgQUAFamENU9GzttvRQJSy3Ofh91btAwHwYDVR0jBBgwFoAUb+bF +bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B +Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA +5xoP4zJRAs6TDRYIwZBOFmUDkyFHDcgLZP+gAA7o8UgpNDlSIm4gSGwGxGdxwIqW +rSkt8Sd5W0WLBeL31GrgacK5tgQ6hRA40GJgWXlafjCWJW4gUKosdU+hyY/FuStj +QmIlPwbVr8YV/01fhFAbcQOkmj248w64kavh2/36NsEX1uv/k4HFUqaY2j6/ahli +mIjO5BE29FC8u/UHu3iKgj42LbLlZ4HbJZhwJrAkRYamnrGDEvr7O5hCNcSBRhKc +GMMrx7PpPwBZ/jpYTHZ+qS+hjM5a5DRdr/rwsTygeg1Zi+UKt7scgkyKAnMVn0Y4 +Fp9CalunK6GC0OVOIWX55A== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint04.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint04.pem new file mode 100644 index 000000000000..596e62d496f3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint04.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIEQAAABDANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD +SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g +VFBNIEVLIFJvb3QgQ0EwHhcNMTUwMjA2MDAwMDAwWhcNMzkxMjMxMDAwMDAwWjBV +MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw +JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMJbZogFS+eKFqDq6zbqCSmU7UbjG/NFVuiC +l9xQQeiZ+Xz0cuDDZhOVK2htH3XzjYVuWm2go8dFkWOEADs75LYrU2sTt9WlyZBf +uocI0GohEY+KhMaLpZZJGMqr+wIgLKNXgcc7vB7uS+yvmjjjOM17Rxise1yVlN6H +IQYMpL55HWzAMs5JS0an6IEdHbc8/2mCZdBtZZTxLq4eER4e4Nt7YqkRHc/nZ1aY +utP3aiGIzyPjYFshKlooyvjVv3rutJORSBm4aNKEQUhLWBTnr/eaAj8ey4Bas/Gk +2xKI8kBVxlLm2DruJ1rRFAhfNRH+U6SGC4Av3zx0cYbzc80DjMMCAwEAAaOBrjCB +qzAdBgNVHQ4EFgQUzyPllSbkRsP+TxPraG9iTXBTBfIwHwYDVR0jBBgwFoAUb+bF +bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B +Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA +kEwaAL2giuQ+oPLbGAelCXD/SX6TeyfngynUeAazK53iLZVu8tcUISOiivFrWVIm +aHGvUl07ofoJ+WKU8qFCx6Hb5C6qVMdcc5fVYCDSwHP+cOWlK6v463qfIa3vrPzL +Fa7kM/bXhKO59yJ0208iulKkJEJxgyHLzKq9lxLl9Vvkcx1X8zg4OTX3YmXJeZwe +qPro14qItt5bMfMVkeB8cwmlPNQdKwAsjbpoaWAIPZxsbBeyX7xVVbsnH9eU3d/7 +2Bdjk211qOvpISuhEUp2NBVOHlz5OX/a7PWyqGvFQj0Ajy6yLw7mqtDbx7/v2Cbv +Fc10VHsSBkm/NGj/j9GRng== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint05.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint05.pem new file mode 100644 index 000000000000..f90f18245e72 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekint05.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIEQAAABjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD +SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g +VFBNIEVLIFJvb3QgQ0EwHhcNMTUxMDEwMDAwMDAwWhcNMzUxMjMxMDAwMDAwWjBV +MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw +JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALVW5ScoSiCyneCNrPfMobJiouF4syrDrCax +nTycQfJS4CsZwcaFEaZqKvuqwfNEk/L7dX4mc2e7wRQphYjtrXblzCAUcgSaMtae +Pjqb6tHOSEDScU3++NHGcJZfnb5UJErab6eNrc7DPTuqfx1C2OX212SRs+mBb0mr +v6GU1EsPiJGl+joegKA8sJk0BwL4g4LlxNKCRU5EL2/hoxKbhLi//BG9drWZejOY +aRBlWloF50vhwqnRsReSEWwO2HN7G0RPdVPbu6u2Ay+Qb3+/jAxHDIm5KKa7+tQd +/Ck9Jicmldm+cT5b6lgy0eLWBVzvVjuqSuYoVLuc2mDEAmAWga0CAwEAAaOBrjCB +qzAdBgNVHQ4EFgQUGtuZSrWL5XoMybkA54UeGkPAhmAwHwYDVR0jBBgwFoAUb+bF +bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B +Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA +5pMimBvsGIBd92cEZszwvsKPiWugfPyFz8Dvybio7TTZA2L1K7n3xGwspDBti4lh +aP2ZTw+F+A2GYqBIy77pnA72tEEIZHuW1WhDxDb48w+XGwf5f0r2FiheShySkyyk +i+mFz6YoTIZMeEbWhH4UnmPnQ6RPgGEg+hBvCUnEvEVK4pssK01SgH/6SUwqEGbV +XewmPLe1fSIVmZDUB9ojEthJ9kTW8+WhlRGO3f1juWX7BXu/YI3d56wLGQ3STUGO +bNDkSXjvyVkbU04pHIC2QihLAmwxBE4SlQUaBwXyNhdTQLzNq12u2P3Sj1A5OFZc +tPKVAYvTlfvwtFDqv978+Q== +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekroot.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekroot.pem new file mode 100644 index 000000000000..81b747bd07f4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/stmtpmekroot.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgILBAAAAAABIsFs834wDQYJKoZIhvcNAQELBQAwgYcxOzA5 +BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT +aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwNzI4MTIw +MDAwWhcNMzkxMjMxMjM1OTU5WjBKMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RN +aWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0gVFBNIEVLIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxBLG5wcB9J0MsiJMreoWQ +l21bBN12SSGZPJ3HoPjzcrzAz6SPy+TrFmZ6eUVspsFL/23wdPprqTUtDHi+C2pw +k/3dF3/Rb2t/yHgiPlbCshYpi5f/rJ7nzbQ1ca2LzX3saBe53VfNQQV0zd5uM0DT +SrmAKU1RIAj2WlZFWXoN4NWTyRtqT5suPHa2y8FlCWMZKlS0FiY4pfM20b5YQ+EL +4zqb9zN53u/TdYZegrfSlc30Nl9G13Mgi+8rtPFKwsxx05EBbhVroH7aKVI1djsf +E1MVrUzw62PHik3xlzznXML8OjY//xKeiCWcsApuGCaIAf7TsTRi2l8DNB3rCr1X +AgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQEw +HQYDVR0OBBYEFG/mxWwHt2yLCoGSg1zLQR72jtEnMEsGA1UdIAREMEIwQAYJKwYB +BAGgMgFaMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv +cmVwb3NpdG9yeS8wHwYDVR0jBBgwFoAUHiNj8IW19iVO7RrAUL5lfMfUFXowDQYJ +KoZIhvcNAQELBQADggEBAFrKpwFmRh7BGdpPZWc1Y6wIbdTAF6T+q1KwDJcyAjgJ +qThFp3xTAt3tvyVrCRf7T/YARYE24DNa0iFaXsIXeQASDYHJjAZ6LQTslYBeRYLb +C9v8ZE2ocKSCiC8ALYlJWk39Wob0H1Lk6l2zcUo3oKczGiAcRrlmwV496wvGyted +2RBcLZro7yhOOGr9KMabV14fNl0lG+31J1nWI2hgTqh53GXg1QH2YpggD3b7UbVm +c6GZaX37N3z15XfQafuAfHt10kYCNdePzC9tOwirHIsO8lrxoNlzOSxX8SqQGbBI ++kWoe5+SY3gdOGGDQKIdw3W1poMN8bQ5x7XFcgVMwVU= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certificates/tpmeccroot.pem b/libstb/tss2/ibmtpm20tss/utils/certificates/tpmeccroot.pem new file mode 100644 index 000000000000..13be323e7d78 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certificates/tpmeccroot.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICszCCAjqgAwIBAgIORdycjBUV21nQRkudeekwCgYIKoZIzj0EAwMwgYsxOzA5 +BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT +aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE0MTEy +NjAwMDAwMFoXDTM4MDExOTAzMTQwN1owgYsxOzA5BgNVBAsTMkdsb2JhbFNpZ24g +VHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQK +EwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxTaWduIFRydXN0ZWQgUGxhdGZv +cm0gTW9kdWxlIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENTps +86FDUD+bep3kd1U5pnita316zBktOVNWxZQ+Ymua0oaR66ItzHrl19zYSGbW6ar0 +1V91kktxWDJ6UFl3MyH3yXKsCHS2O5vxMlfmdRp8tpebMorHtIWf9u1+ctNFo2Mw +YTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUYT78 +EZkKf7CpW5CgJl4pYUe3MAMwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3 +MAMwCgYIKoZIzj0EAwMDZwAwZAIwd02iAb5aN/pQGWdTJ7/lgMhFCuOLGtQ+ocdV +/xmoxdIWLtggAuq9fFDfsu/vzeJ7AjAGhdk03AjHpLl0dAp7aCI8D8qupwyYTBaL +rSJCZDMHhvNhETbbLu8uEPKt/U6/mGM= +-----END CERTIFICATE----- diff --git a/libstb/tss2/ibmtpm20tss/utils/certify.c b/libstb/tss2/ibmtpm20tss/utils/certify.c new file mode 100644 index 000000000000..f1f54d018125 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certify.c @@ -0,0 +1,411 @@ +/********************************************************************************/ +/* */ +/* Certify */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Certify_In in; + Certify_Out out; + TPMI_DH_OBJECT objectHandle = 0; + TPMI_DH_OBJECT signHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *keyPassword = NULL; + const char *objectPassword = NULL; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + TPM_ALG_ID sigAlg = TPM_ALG_RSA; + TPMS_ATTEST tpmsAttest; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == 0) { + printf("Missing object handle parameter -ho\n"); + printUsage(); + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that will perform certifying */ + in.objectHandle = objectHandle; + in.signHandle = signHandle; + if (sigAlg == TPM_ALG_RSA) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (sigAlg == TPM_ALG_ECDSA) { + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + else { /* HMAC */ + in.inScheme.scheme = TPM_ALG_HMAC; + in.inScheme.details.hmac.hashAlg = halg; + } + } + /* data supplied by the caller */ + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Certify, + sessionHandle0, objectPassword, sessionAttributes0, + sessionHandle1, keyPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; + uint32_t tmpSize = out.certifyInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + /* For an attestation command using the ECDAA scheme, both the qualifiedSigner and extraData + fields in the attestation block (a TPMS_ATTEST) are set to be the Empty Buffer */ + if ((rc == 0) && (in.inScheme.scheme != ALG_ECDAA_VALUE)) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("certify: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, + out.certifyInfo.t.size, + attestInfoFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("certify: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("certify: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("certify\n"); + printf("\n"); + printf("Runs TPM2_Certify\n"); + printf("\n"); + printf("\t-ho\tobject handle\n"); + printf("\t[-pwdo\tpassword for object (default empty)]\n"); + printf("\t-hk\tcertifying key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/certifycreation.c b/libstb/tss2/ibmtpm20tss/utils/certifycreation.c new file mode 100644 index 000000000000..ab54c0ae442e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certifycreation.c @@ -0,0 +1,453 @@ +/********************************************************************************/ +/* */ +/* CertifyCreation */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2017 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + CertifyCreation_In in; + CertifyCreation_Out out; + TPMI_DH_OBJECT objectHandle = 0; + TPMI_DH_OBJECT signHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *keyPassword = NULL; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + const char *ticketFilename = NULL; + const char *creationHashFilename = NULL; + unsigned char *buffer = NULL; + size_t length; + int useRsa = 1; + TPMS_ATTEST tpmsAttest; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == 0) { + printf("Missing object handle parameter -ho\n"); + printUsage(); + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + if (ticketFilename == NULL) { + printf("Missing ticket parameter -tk\n"); + printUsage(); + } + if (creationHashFilename == NULL) { + printf("Missing creation hash file parameter -ch\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that will perform certifying */ + in.objectHandle = objectHandle; + in.signHandle = signHandle; + if (useRsa) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else { /* ecc */ + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + } + /* qualifyingData supplied by the caller */ + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* creationTicket */ + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.creationTicket, + (UnmarshalFunction_t)TSS_TPMT_TK_CREATION_Unmarshalu, + ticketFilename); + } + /* creationHash */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + creationHashFilename); + } + if (rc == 0) { + if (length > sizeof(TPMU_HA)) { + printf("Size of creationHash %lu greater than hash size %lu\n", + (unsigned long)length, (unsigned long)sizeof(TPMU_HA)); + rc = 1; + } + } + if (rc == 0) { + in.creationHash.t.size = (uint16_t)length; + memcpy(in.creationHash.t.buffer, buffer, length); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_CertifyCreation, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; + uint32_t tmpSize = out.certifyInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("certifycreation: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.creationHash.b, &tpmsAttest.attested.creation.creationHash.b); + if (!match) { + printf("certifycreation: failed, in creationHash != out creationHash\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, + out.certifyInfo.t.size, + attestInfoFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("certifycreation: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("certifycreation: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("certifycreation\n"); + printf("\n"); + printf("Runs TPM2_CertifyCreation\n"); + printf("\n"); + printf("\t-ho\tobject handle\n"); + printf("\t-hk\tcertifying key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc) (default rsa)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t-tk\tinput ticket file name\n"); + printf("\t-ch\tinput creation hash file name\n"); + printf("\t[-os\tsignature file name] (default do not save)\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/certifyx509.c b/libstb/tss2/ibmtpm20tss/utils/certifyx509.c new file mode 100644 index 000000000000..ace43d0c4a7e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/certifyx509.c @@ -0,0 +1,1497 @@ +/********************************************************************************/ +/* */ +/* CertifyX509 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* CertifyX509 exercises the TPM2_CertifyX509 command. It: + + - Creates a partialCertificate parameter + - Runs the TPM2_CertifyX509 command + - Reconstructs the X509 certificate from the addedToCertificate and signature outputs +*/ + +/* mbedtls does not support this utility */ + +#include +#include +#include +#include + +#include "cryptoutils.h" + +#ifndef TPM_TSS_MBEDTLS + +#include +#include +#include +#include +#include +#include + +/* NOTE: This is currently openssl only. */ +#include + +static void printUsage(void); + +TPM_RC createPartialCertificate(X509 *x509Certificate, + uint8_t *partialCertificateDer, + uint16_t *partialCertificateDerLength, + size_t partialCertificateDerSize, + const char *keyUsage, + uint32_t tpmaObject, + int addTpmaObject, + int subeqiss); +TPM_RC convertCertToPartialCert(uint16_t *partialCertificateDerLength, + uint8_t *partialCertificateDer, + uint16_t certificateDerLength, + uint8_t *certificateDer); +TPM_RC reformCertificate(X509 *x509Certificate, + int useRsa, + TPM2B_MAX_BUFFER *addedToCertificate, + TPMT_SIGNATURE *tSignature); +TPM_RC addSerialNumber(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex); +TPM_RC addPubKeyRsa(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex); +TPM_RC addSignatureRsa(X509 *x509Certificate, + TPMT_SIGNATURE *tSignature); +TPM_RC addSignatureEcc(X509 *x509Certificate, + TPMT_SIGNATURE *signature); +TPM_RC addPubKeyEcc(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex); +TPM_RC addCertExtensionTpmaOid(X509 *x509Certificate, + uint32_t tpmaObject); + +TPM_RC getDataLength(uint8_t type, + uint16_t *wrapperLength, + uint16_t *dataLength, + uint16_t *certificateDerIndex, + uint8_t *certificateDer); + +TPM_RC skipSequence(uint16_t *certificateDerIndex, uint8_t *certificateDer); +TPM_RC skipBitString(uint16_t *dataLength, + uint16_t *certificateDerIndex, uint8_t *certificateDer); + +TPM_RC copyType(uint8_t type, + uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer, + uint16_t *certificateDerIndex, uint8_t *certificateDer); + +TPM_RC getInteger(uint16_t *integerLength, unsigned char *integerStream, + uint16_t *certificateDerIndex, unsigned char *certificateDer); +TPM_RC prependSequence(uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer); + +int verbose = FALSE; + +/* FIXME + length checks +*/ + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + CertifyX509_In in; + CertifyX509_Out out; + TPMI_DH_OBJECT objectHandle = 0; + TPMI_DH_OBJECT signHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + unsigned int bit = 0; + int testBit = FALSE; + const char *keyPassword = NULL; + const char *objectPassword = NULL; + const char *outPartialCertificateFilename = NULL; + const char *outCertificateFilename = NULL; + const char *addedToCertificateFilename = NULL; + const char *tbsDigestFilename = NULL; + const char *signatureFilename = NULL; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + int useRsa = 1; + int subeqiss = FALSE; /* TRUE: subject = issuer */ + const char *keyUsage = "critical,digitalSignature,keyCertSign,cRLSign"; + uint32_t tpmaObject = 0; + int addTpmaObject = FALSE; + X509 *x509Certificate = NULL; + unsigned char *x509Der = NULL; + uint32_t x509DerLength = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + verbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == 0) { + printf("Missing object handle parameter -ho\n"); + printUsage(); + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of the object to be certified */ + in.objectHandle = objectHandle; + /* Handle of key that will perform certifying */ + in.signHandle = signHandle; + if (useRsa) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else { /* ecc */ + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + in.reserved.t.size = 0; + } + /* initialize a new, empty X509 structure. It will first be used to form the partialCertificate + command parameter, and then be used to reform the certificate from the response + parameters. */ + if (rc == 0) { + x509Certificate = X509_new(); /* freed @1 */ + if (x509Certificate == NULL) { + printf("main: Error in X509_new\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* form partial certificate */ + if (rc == 0) { + rc = createPartialCertificate(x509Certificate, + in.partialCertificate.t.buffer, + &in.partialCertificate.b.size, + sizeof(in.partialCertificate.t.buffer), + keyUsage, + tpmaObject, + addTpmaObject, + subeqiss); + } + if ((rc == 0) && (testBit)) { + unsigned int bitInByte = bit % 8; + unsigned int byteInDer = bit / 8; + if (byteInDer <= in.partialCertificate.b.size) { + if (verbose) { + printf("main: Testing byte %u bit %u\n", byteInDer, bitInByte); + printf("main: Byte was %02x\n", in.partialCertificate.t.buffer[byteInDer]); + } + in.partialCertificate.t.buffer[byteInDer] ^= (1 << bitInByte); + if (verbose) printf("main: Byte is %02x\n", in.partialCertificate.t.buffer[byteInDer]); + } + else { + printf("Bad -bit parameter, byte %u, DER length %u\n", + byteInDer, in.partialCertificate.b.size); + rc = TSS_RC_BAD_PROPERTY; + } + } + /* for debug, or stop here for sample of how to create the partialCertificate parameter */ + if (rc == 0) { + if (outPartialCertificateFilename != NULL) { + rc = TSS_File_WriteBinaryFile(in.partialCertificate.b.buffer, + in.partialCertificate.b.size, + outPartialCertificateFilename); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_CertifyX509, + sessionHandle0, objectPassword, sessionAttributes0, + sessionHandle1, keyPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("certifyx509: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + /* write response parameters for debug */ + if ((rc == 0) && (addedToCertificateFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.addedToCertificate.t.buffer, + out.addedToCertificate.t.size, + addedToCertificateFilename); + } + if ((rc == 0) && (tbsDigestFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.tbsDigest.t.buffer, + out.tbsDigest.t.size, + tbsDigestFilename); + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if (rc == 0) { + if (verbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + } + /* reform the signed certificate from the original input plus the response parameters */ + if (rc == 0) { + rc = reformCertificate(x509Certificate, + useRsa, + &out.addedToCertificate, + &out.signature); + } + if (rc == 0) { + if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */ + rc = convertX509ToDer(&x509DerLength, + &x509Der, /* freed @2 */ + x509Certificate); + } + if ((rc == 0) && (outCertificateFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(x509Der, x509DerLength, + outCertificateFilename); + } + if (x509Certificate != NULL) { + X509_free(x509Certificate); /* @1 */ + } + free(x509Der); /* @2 */ + return rc; +} + +/* example of a 20 year validity */ +#define CERT_DURATION (60 * 60 * 24 * ((365 * 20) + 5)) /* +5 for leap years */ + +/* in this test, the issuer and subject are the same, making a self signed certificate. This is + simply so that openssl can be used to verify the certificate signature. + */ + +char *issuerEntries[] = { + "US" , + "NY" , + "Yorktown" , + "IBM" , + NULL , + "CA" , + NULL +}; + +char *subjectEntries[] = { + "US" , + "NY" , + "Yorktown" , + "IBM" , + NULL , + "Subject" , + NULL +}; + +/* createPartialCertificate() forms the partialCertificate DER. It starts with an empty X509 + structure and adds the needed parameters. Then (in a total hack), converts the X509 structure to + DER, parses the DER field by field, and outputs just the fields required for the + partialCertificate parameter. + + subeqiss FALSE: subject name is independent of issuer name + subeqiss TRUE: subject name is the same as the issuer name +*/ + +TPM_RC createPartialCertificate(X509 *x509Certificate, /* input / output */ + uint8_t *partialCertificateDer, /* output */ + uint16_t *partialCertificateDerLength, + size_t partialCertificateDerSize, + const char *keyUsage, + uint32_t tpmaObject, + int addTpmaObject, + int subeqiss) /* subject variation */ +{ + TPM_RC rc = 0; + int irc; + ASN1_TIME *arc; /* return code */ + + X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */ + X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */ + size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *); + size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *); + + uint32_t certificateDerLength = 0; + uint8_t *certificateDer = NULL; + + partialCertificateDerSize = partialCertificateDerSize; /* FIXME needs size check */ + + /* add certificate version X509 v3 */ + if (rc == 0) { + irc = X509_set_version(x509Certificate, 2L); /* value 2 == v3 */ + if (irc != 1) { + printf("createPartialCertificate: Error in X509_set_version\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add issuer */ + if (rc == 0) { + if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n", + (unsigned long)issuerEntriesSize); + rc = createX509Name(&x509IssuerName, + issuerEntriesSize, + issuerEntries); + } + if (rc == 0) { + irc = X509_set_issuer_name(x509Certificate, x509IssuerName); + if (irc != 1) { + printf("createPartialCertificate: Error setting issuer\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add validity */ + if (rc == 0) { + /* can't fail, just returns a structure member */ + ASN1_TIME *notBefore = X509_get_notBefore(x509Certificate); + arc = X509_gmtime_adj(notBefore ,0L); /* set to today */ + if (arc == NULL) { + printf("createPartialCertificate: Error setting notBefore time\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + /* can't fail, just returns a structure member */ + ASN1_TIME *notAfter = X509_get_notAfter(x509Certificate); + arc = X509_gmtime_adj(notAfter, CERT_DURATION); /* set to duration */ + if (arc == NULL) { + printf("createPartialCertificate: Error setting notAfter time\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add subject */ + if (rc == 0) { + /* normal case */ + if (!subeqiss) { + if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n", + (unsigned long)subjectEntriesSize); + rc = createX509Name(&x509SubjectName, + subjectEntriesSize, + subjectEntries); + } + /* special case, self signed CA, make the subject the same as the issuer */ + else { + if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n", + (unsigned long)issuerEntriesSize); + rc = createX509Name(&x509SubjectName, + issuerEntriesSize, + issuerEntries); + } + } + if (rc == 0) { + irc = X509_set_subject_name(x509Certificate, x509SubjectName); + if (irc != 1) { + printf("createPartialCertificate: Error setting subject\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add some certificate extensions, requires corresponding bits in subject key */ + if (rc == 0) { + if (verbose) printf("createPartialCertificate: Adding extensions\n"); + rc = addCertExtension(x509Certificate, + NID_key_usage, keyUsage); + } + /* optional TPMA_OBJECT extension */ + /* From TCG OID registry tcg-tpmaObject 2.23.133.10.1.1.1 */ + if (rc == 0) { + if (addTpmaObject) { + rc = addCertExtensionTpmaOid(x509Certificate, tpmaObject); + } + } + /* convertX509ToDer() serializes the openSSL X509 structure to a DER certificate stream */ + if (rc == 0) { + rc = convertX509ToDer(&certificateDerLength, + &certificateDer, /* freed @4 */ + x509Certificate); /* input */ + } + /* for debug. The structure is incomplete and so will trace with errors */ + if (rc == 0) { + if (verbose) printf("createPartialCertificate: Trace preliminary certificate\n"); + if (verbose) X509_print_fp(stdout, x509Certificate); + } +#if 1 + /* for debug. Use dumpasn1 to view the incomplete certificate */ + if (rc == 0) { + rc = TSS_File_WriteBinaryFile(certificateDer, certificateDerLength , "tmpx509i.bin"); + } +#endif + /* extract the partialCertificate DER from the X509 DER */ + if (rc == 0) { + rc = convertCertToPartialCert(partialCertificateDerLength, + partialCertificateDer, /* output partial */ + certificateDerLength, + certificateDer); /* input X509 */ + } + free(certificateDer); /* @4 */ + return rc; +} + +/* addCertExtension() adds the tpmaObject extension oid to the X509 certificate + + */ + +TPM_RC addCertExtensionTpmaOid(X509 *x509Certificate, uint32_t tpmaObject) +{ + TPM_RC rc = 0; + X509_EXTENSION *extension = NULL; /* freed @1 */ + + + uint8_t tpmaObjectOid[] = {0x06, 0x07, 0x67, 0x81, 0x05, 0x0A, 0x01, 0x01, 0x01}; + const uint8_t *tmpOidPtr; + + /* BIT STRING 0x03 length 5 no padding 0, 4 dummy bytes of TPMA_OBJECT */ + uint8_t tpmaObjectData[] = {0x03, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00}; + ASN1_OBJECT *object = NULL; + ASN1_OCTET_STRING *osData = NULL; + uint8_t *tmpOdPtr; + uint32_t tpmaObjectNbo = htonl(tpmaObject); + + if (rc == 0) { + tmpOidPtr = tpmaObjectOid; + object = d2i_ASN1_OBJECT(NULL, &tmpOidPtr, sizeof(tpmaObjectOid)); /* freed @2 */ + if (object == NULL) { + printf("d2i_ASN1_OBJECT failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + osData = ASN1_OCTET_STRING_new(); /* freed @3 */ + if (osData == NULL) { + printf("d2i_ASN1_OCTET_STRING failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + tmpOdPtr = tpmaObjectData; + memcpy(tmpOdPtr + 3, &tpmaObjectNbo, sizeof(uint32_t)); + ASN1_OCTET_STRING_set(osData, tmpOdPtr, sizeof (tpmaObjectData)); + } + if (rc == 0) { + extension = X509_EXTENSION_create_by_OBJ(NULL, /* freed @1 */ + object, + 0, /* int crit */ + osData); + if (extension == NULL) { + printf("X509_EXTENSION_create_by_OBJ failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + int irc = X509_add_ext(x509Certificate, /* the certificate */ + extension, /* the extension to add */ + -1); /* location - append */ + if (irc != 1) { + printf("addCertExtension: Error adding oid to extension\n"); + } + } + if (extension != NULL) { + X509_EXTENSION_free(extension); /* @1 */ + } + if (object != NULL) { + ASN1_OBJECT_free(object); /* @2 */ + } + if (osData != NULL) { + ASN1_OCTET_STRING_free(osData); /* @3 */ + } + return rc; +} + + +/* convertCertToPartialCert() extracts the partialCertificate DER from the X509 DER + + It assumes that the input is well formed and has exactly the fields required. +*/ + +TPM_RC convertCertToPartialCert(uint16_t *partialCertificateDerLength, + uint8_t *partialCertificateDer, + uint16_t certificateDerLength, + uint8_t *certificateDer) +{ + TPM_RC rc = 0; + uint16_t certificateDerIndex = 0; /* index into the DER input */ + + + certificateDerLength = certificateDerLength; /* FIXME for future error checking */ + *partialCertificateDerLength = 0; /* updates on each call */ + + /* skip the outer SEQUENCE wrapper */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip outer SEQUENCE wrapper\n"); + rc = skipSequence(&certificateDerIndex, certificateDer); + } + /* skip the inner SEQUENCE wrapper, will be back filled with the total length */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip inner SEQUENCE wrapper\n"); + rc = skipSequence(&certificateDerIndex, certificateDer); + } + /* skip the a3 wrapping the version */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip a3 version wrapper\n"); + rc = copyType(0xa0, NULL, NULL, /* NULL says to skip */ + &certificateDerIndex, certificateDer); + } + /* skip the integer (version) */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip version\n"); + rc = copyType(0x02, NULL, NULL, /* NULL says to skip */ + &certificateDerIndex, certificateDer); + } + /* skip the sequence (serial number) */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip serial number\n"); + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + &certificateDerIndex, certificateDer); + } + /* copy the next SEQUENCE, issuer */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Copy issuer\n"); + rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer, + &certificateDerIndex, certificateDer); + } + /* copy the next SEQUENCE, validity */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Copy validity\n"); + rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer, + &certificateDerIndex, certificateDer); + } + /* copy the next SEQUENCE, subject */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Copy subject\n"); + rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer, + &certificateDerIndex, certificateDer); + } + /* skip the SEQUENCE (public key) */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Skip public key\n"); + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + &certificateDerIndex, certificateDer); + } + /* copy the a3 and encapsulating sequence */ + if (rc == 0) { + if (verbose) printf("convertCertToPartialCert: Copy a3 extensions\n"); + rc = copyType(0xa3, partialCertificateDerLength, partialCertificateDer, + &certificateDerIndex, certificateDer); + } + /* shift and back fill the sequence length */ + if (rc == 0) { + rc = prependSequence(partialCertificateDerLength, partialCertificateDer); + } + return rc; +} + +/* reformCertificate() starts with the X509 certificate used as the input partialCertificate + parameter plus a few fields like the version. It adds the output addedToCertificate and + signature values to reform the X509 certificate that the TPM signed. +*/ + +TPM_RC reformCertificate(X509 *x509Certificate, + int useRsa, + TPM2B_MAX_BUFFER *addedToCertificate, + TPMT_SIGNATURE *tSignature) +{ + TPM_RC rc = 0; + unsigned char *tmpAddedToCert = NULL; + /* size_t tmpAddedToCertLength = 0; FIXME better to sanity check length */ + + /* the index increments, so this function must parse the addedToCertificate in its order */ + uint16_t tmpAddedToCertIndex = 0; + + tmpAddedToCert = addedToCertificate->t.buffer; + /* tmpAddedToCertLength = addedToCertificate->t.size; */ + + /* add serial number */ + if (rc == 0) { + rc = addSerialNumber(x509Certificate, + tmpAddedToCert, + &tmpAddedToCertIndex); + } + if (useRsa) { + /* add public key algorithm and public key */ + if (rc == 0) { + rc = addPubKeyRsa(x509Certificate, + tmpAddedToCert, + &tmpAddedToCertIndex); + } + /* add certificate signature */ + if (rc == 0) { + rc = addSignatureRsa(x509Certificate, tSignature); + } + } + else { + /* add public key */ + if (rc == 0) { + rc = addPubKeyEcc(x509Certificate, + tmpAddedToCert, + &tmpAddedToCertIndex); + } + /* add certificate signature */ + if (rc == 0) { + rc = addSignatureEcc(x509Certificate, tSignature); + } + } + return rc; +} + +/* addSerialNumber() is the first call from reforming the certificate. tmpAddedToCertIndex will be + 0. + + After the call, tmpAddedToCertIndex will point after the serial number. +*/ + +TPM_RC addSerialNumber(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex) +{ + TPM_RC rc = 0; + ASN1_INTEGER *x509Serial; /* certificate serial number in ASN1 */ + BIGNUM *x509SerialBN; /* certificate serial number as a BIGNUM */ + unsigned char x509SerialBin[1048]; /* certificate serial number in binary */ + uint16_t integerLength = 0; + + /* FIXME check the size */ + + x509SerialBN = NULL; + + /* skip outer sequence */ + if (rc == 0) { + rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip version */ + if (rc == 0) { + rc = copyType(0xa0, NULL, NULL, /* NULL says to skip */ + tmpAddedToCertIndex, tmpAddedToCert); + } + /* get integer serial number from addedToCertificate */ + if (rc == 0) { + rc = getInteger(&integerLength, x509SerialBin, + tmpAddedToCertIndex, tmpAddedToCert); + } + /* convert the integer stream to a BIGNUM */ + if (rc == 0) { + x509SerialBN = BN_bin2bn(x509SerialBin, integerLength, x509SerialBN); /* freed @1 */ + if (x509SerialBN == NULL) { + printf("addSerialNumber: Error in serial number BN_bin2bn\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add it into the final certificate */ + if (rc == 0) { + /* get the serial number structure member, can't fail */ + x509Serial = X509_get_serialNumber(x509Certificate); + /* convert the BIGNUM to ASN1 and add to X509 certificate */ + x509Serial = BN_to_ASN1_INTEGER(x509SerialBN, x509Serial); + if (x509Serial == NULL) { + printf("addSerialNumber: Error setting certificate serial number\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (x509SerialBN != NULL) BN_clear_free(x509SerialBN ); /* @1 */ + return rc; +} + +/* addPubKeyRsa() adds the public key to the certificate. tmpAddedToCertIndex must point to the + public key. + */ + +TPM_RC addPubKeyRsa(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex) +{ + TPM_RC rc = 0; + TPM2B_PUBLIC_KEY_RSA tpm2bRsa; + uint16_t dataLength; + + /* skip the SEQUENCE with the Signature Algorithm object identifier */ + if (rc == 0) { + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the SEQUENCE wrapper for the Subject Public Key Info */ + if (rc == 0) { + rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the SEQUENCE Public Key Algorithm */ + if (rc == 0) { + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the BIT STRING intoduction to the public key */ + if (rc == 0) { + rc = skipBitString(&dataLength, tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the SEQUENCE wrapper for the public key */ + if (rc == 0) { + rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert); + } + /* get the integer public modulus FIXME missing length check */ + if (rc == 0) { + rc = getInteger(&tpm2bRsa.t.size, tpm2bRsa.t.buffer, + tmpAddedToCertIndex, tmpAddedToCert); + } + if (rc == 0) { + rc = addCertKeyRsa(x509Certificate, + &tpm2bRsa); /* certified public key */ + } + /* skip the INTEGER public exponent - should not matter since it's the last item */ + /* FIXME test for 010001 */ + if (rc == 0) { + uint16_t dummy; + rc = getInteger(&dummy, NULL, + tmpAddedToCertIndex, tmpAddedToCert); + } + return rc; +} + +/* addPubKeyEcc() adds the public key to the certificate. tmpAddedToCertIndex must point to the + public key. +*/ + + +TPM_RC addPubKeyEcc(X509 *x509Certificate, + unsigned char *tmpAddedToCert, + uint16_t *tmpAddedToCertIndex) +{ + TPM_RC rc = 0; + uint16_t dataLength; + TPMS_ECC_POINT tpmsEccPoint; + + /* skip the SEQUENCE with the Signature Algorithm object identifier ecdsaWithSHA256 */ + if (rc == 0) { + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the SEQUENCE wrapper for the Subject Public Key Info */ + if (rc == 0) { + rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the SEQUENCE Public Key Algorithm */ + if (rc == 0) { + rc = copyType(0x30, NULL, NULL, /* NULL says to skip */ + tmpAddedToCertIndex, tmpAddedToCert); + } + /* skip the BIT STRING intoduction to the public key */ + if (rc == 0) { + rc = skipBitString(&dataLength, tmpAddedToCertIndex, tmpAddedToCert); + } + /* the next bytes are the 04, x and y */ + if (rc == 0) { + + /* FIXME check that dataLength is 65 */ + + *tmpAddedToCertIndex += 1; /* skip the 0x04 compression byte */ + + tpmsEccPoint.x.t.size = 32; + memcpy(tpmsEccPoint.x.t.buffer, tmpAddedToCert + *tmpAddedToCertIndex, 32); + *tmpAddedToCertIndex += 32; + + tpmsEccPoint.y.t.size = 32; + memcpy(tpmsEccPoint.y.t.buffer, tmpAddedToCert + *tmpAddedToCertIndex, 32); + *tmpAddedToCertIndex += 32; + + rc = addCertKeyEcc(x509Certificate, &tpmsEccPoint); + } + return rc; +} + +/* addSignatureRsa() copies the TPMT_SIGNATURE output of the TPM2_CertifyX509 command to the X509 + certificate. + */ + +TPM_RC addSignatureRsa(X509 *x509Certificate, + TPMT_SIGNATURE *tSignature) +{ + TPM_RC rc = 0; + int irc; + X509_ALGOR *signatureAlgorithm = NULL; + X509_ALGOR *certSignatureAlgorithm = NULL; + ASN1_BIT_STRING *asn1Signature = NULL; + + /* FIXME check sign length */ + + if (rc == 0) { + certSignatureAlgorithm = (X509_ALGOR *)X509_get0_tbs_sigalg(x509Certificate); + X509_get0_signature((OSSLCONST ASN1_BIT_STRING**)&asn1Signature, + (OSSLCONST X509_ALGOR **)&signatureAlgorithm, + x509Certificate); + } + /* set the algorithm in the top level structure */ + if (rc == 0) { + X509_ALGOR_set0(signatureAlgorithm, + OBJ_nid2obj(NID_sha256WithRSAEncryption), V_ASN1_NULL, NULL); + } + /* set the algorithm in the to be signed structure */ + if (rc == 0) { + X509_ALGOR_set0(certSignatureAlgorithm, + OBJ_nid2obj(NID_sha256WithRSAEncryption), V_ASN1_NULL, NULL); + } + /* ASN1_BIT_STRING x509Certificate->signature contains a BIT STRING with the RSA signature */ + if (rc == 0) { + irc = ASN1_BIT_STRING_set(asn1Signature, + tSignature->signature.rsassa.sig.t.buffer, + tSignature->signature.rsassa.sig.t.size); + asn1Signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + asn1Signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (irc == 0) { + printf("addSignatureRsa: Error in ASN1_BIT_STRING_set for signature\n"); + rc = TSS_RC_X509_ERROR; + } + } + return rc; +} + +/* addSignatureEcc() copies the TPMT_SIGNATURE output of the TPM2_CertifyX509 command to the X509 + certificate. +*/ + +TPM_RC addSignatureEcc(X509 *x509Certificate, + TPMT_SIGNATURE *tSignature) +{ + TPM_RC rc = 0; + int irc; + X509_ALGOR *signatureAlgorithm = NULL; + X509_ALGOR *certSignatureAlgorithm = NULL; + ASN1_BIT_STRING *asn1Signature = NULL; + BIGNUM *rSig = NULL; + BIGNUM *sSig = NULL; + ECDSA_SIG *ecdsaSig = NULL; + unsigned char *ecdsaSigBin = NULL; + int ecdsaSigBinLength; + + /* FIXME check sign length */ + + if (rc == 0) { + certSignatureAlgorithm = (X509_ALGOR *)X509_get0_tbs_sigalg(x509Certificate); + X509_get0_signature((OSSLCONST ASN1_BIT_STRING**)&asn1Signature, + (OSSLCONST X509_ALGOR **)&signatureAlgorithm, + x509Certificate); + } + /* set the algorithm in the top level structure */ + if (rc == 0) { + X509_ALGOR_set0(signatureAlgorithm, + OBJ_nid2obj(NID_ecdsa_with_SHA256), V_ASN1_UNDEF, NULL); + } + /* set the algorithm in the to be signed structure */ + if (rc == 0) { + X509_ALGOR_set0(certSignatureAlgorithm, + OBJ_nid2obj(NID_ecdsa_with_SHA256), V_ASN1_UNDEF, NULL); + } + /* ASN1_BIT_STRING x509Certificate->signature contains a sequence with two INTEGER, R and S */ + /* construct DER and then ASN1_BIT_STRING_set into X509 */ + if (rc == 0) { + rSig = BN_new(); + if (rSig == NULL) { + printf("addSignatureEcc: BN_new() failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + sSig = BN_new(); + if (sSig == NULL) { + printf("addSignatureEcc: BN_new() failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + rSig = BN_bin2bn(tSignature->signature.ecdsa.signatureR.b.buffer, + tSignature->signature.ecdsa.signatureR.b.size, rSig); + if (rSig == NULL) { + printf("addSignatureEcc: Error in BN_bin2bn\n"); + rc = TSS_RC_BIGNUM; + } + } + if (rc == 0) { + sSig = BN_bin2bn(tSignature->signature.ecdsa.signatureS.b.buffer, + tSignature->signature.ecdsa.signatureS.b.size, sSig); + if (sSig == NULL) { + printf("addSignatureEcc: Error in BN_bin2bn\n"); + rc = TSS_RC_BIGNUM; + } + } + if (rc == 0) { + ecdsaSig = ECDSA_SIG_new(); /* freed @1 */ + if (ecdsaSig == NULL) { + printf("addSignatureEcc: ECDSA_SIG_new() failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + irc = ECDSA_SIG_set0(ecdsaSig, rSig, sSig); + if (irc != 1) { + printf("addSignatureEcc: Error in ECDSA_SIG_set0\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* serialize the signature to DER */ + if (rc == 0) { + ecdsaSigBinLength = i2d_ECDSA_SIG(ecdsaSig, &ecdsaSigBin); /* freed @2 */ + if (ecdsaSigBinLength < 0) { + printf("addSignatureEcc: Error in signature serialization i2d_ECDSA_SIG()\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add the DER signature to the certificate */ + if (rc == 0) { + irc = ASN1_BIT_STRING_set(asn1Signature, + ecdsaSigBin, + ecdsaSigBinLength); + asn1Signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + asn1Signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; + if (irc == 0) { + printf("addSignatureEcc: Error in ASN1_BIT_STRING_set for signature\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* freed by ECDSA_SIG_free */ + if (ecdsaSig == NULL) { + BN_free(rSig); + BN_free(sSig); + } + ECDSA_SIG_free(ecdsaSig); /* @1 */ + OPENSSL_free(ecdsaSigBin); /* @2 */ + return rc; +} + +/* getDataLength() checks the type, gets the length of the wrapper and following data */ + +TPM_RC getDataLength(uint8_t type, /* expected type */ + uint16_t *wrapperLength, /* wrapper */ + uint16_t *dataLength, /* data */ + uint16_t *certificateDerIndex, + uint8_t *certificateDer) +{ + TPM_RC rc = 0; + uint32_t i = 0; + uint16_t lengthLength = 0; /* number of length bytes */ + + /* validate the wrapper type */ + if (rc == 0) { + if (certificateDer[*certificateDerIndex] != type) { + printf("getDataLength: index %u expect %02x actual %02x\n", + *certificateDerIndex, type, certificateDer[*certificateDerIndex]); + rc = TSS_RC_X509_ERROR; + } + } + /* get the length */ + if (rc == 0) { + /* long form length starts with the 'length of the length' */ + if ((certificateDer[*certificateDerIndex + 1] & 0x80)) { + lengthLength = certificateDer[*certificateDerIndex + 1] & 0x7f; + if (lengthLength <= sizeof(*dataLength)) { + + *dataLength = 0; + for (i = 0 ; i < lengthLength ; i++) { + *dataLength <<= (i * 8); + *dataLength += certificateDer[*certificateDerIndex + 2 + i]; + } + } + else { + printf("getDataLength: lengthLength %u too large for uint16_t\n", lengthLength); + rc = TSS_RC_X509_ERROR; + } + } + /* short form length is in byte following type */ + else { + *dataLength = certificateDer[*certificateDerIndex + 1] & 0x7f; + } + } + if (rc == 0) { + *wrapperLength = 2 + lengthLength; + if (verbose) printf("getDataLength: wrapperLength %u dataLength %u\n", + *wrapperLength, *dataLength); + } + return rc; +} + +/* skipSequence() moves the certificateDerIndex past the SEQUENCE and its length. I.e., it just + skips the wrapper, not the contents +*/ + +TPM_RC skipSequence(uint16_t *certificateDerIndex, uint8_t *certificateDer) +{ + TPM_RC rc = 0; + uint16_t wrapperLength; + uint16_t dataLength; + + if (rc == 0) { + rc = getDataLength(0x30, /* variable length SEQUENCE */ + &wrapperLength, + &dataLength, + certificateDerIndex, certificateDer); + } + if (rc == 0) { + *certificateDerIndex += wrapperLength; + } + return rc; +} + +/* skipBitString() moves the certificateDerIndex past the BIT STRING, its length, and its padding, + not the contents +*/ + +TPM_RC skipBitString(uint16_t *dataLength, + uint16_t *certificateDerIndex, uint8_t *certificateDer) +{ + TPM_RC rc = 0; + uint16_t wrapperLength; + + if (rc == 0) { + rc = getDataLength(0x03, /* BIT STRING */ + &wrapperLength, + dataLength, + certificateDerIndex, certificateDer); + } + if (rc == 0) { + *certificateDerIndex += wrapperLength; + *certificateDerIndex += 1; /* BIT STRING padding */ + } + return rc; +} + +/* copyType() copies the type at certificateDerIndex to partialCertificateDer. + + certificateDerIndex and partialCertificateDerLength are updated +*/ + +TPM_RC copyType(uint8_t type, /* expected type */ + uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer, + uint16_t *certificateDerIndex, uint8_t *certificateDer) +{ + TPM_RC rc = 0; + uint16_t wrapperLength = 0; + uint16_t dataLength = 0; + + if (rc == 0) { + rc = getDataLength(type, + &wrapperLength, + &dataLength, + certificateDerIndex, certificateDer); + } + if (rc == 0) { + if (partialCertificateDer != NULL) { + memcpy(partialCertificateDer + *partialCertificateDerLength, + &(certificateDer[*certificateDerIndex]), + wrapperLength + dataLength); + *partialCertificateDerLength += wrapperLength + dataLength; + } + *certificateDerIndex += wrapperLength + dataLength; + } + return rc; +} + +/* getInteger() copies the INTEGER data (not including the wrapper) to integerStream. + + certificateDerIndex is updated. +*/ + +TPM_RC getInteger(uint16_t *integerDataLength, unsigned char *integerStream, + uint16_t *certificateDerIndex, unsigned char *certificateDer) +{ + TPM_RC rc = 0; + uint16_t wrapperLength = 0; + + if (rc == 0) { + rc = getDataLength(0x02, /* INTEGER */ + &wrapperLength, + integerDataLength, + certificateDerIndex, certificateDer); + } + if (rc == 0) { + if (integerStream != NULL) { + memcpy(integerStream, + certificateDer + *certificateDerIndex + wrapperLength, + *integerDataLength); + } + *certificateDerIndex += wrapperLength + *integerDataLength; + } + return rc; +} + +/* prependSequence() shifts the DER down and back fills the SEQUENCE and length */ + +TPM_RC prependSequence(uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer) +{ + TPM_RC rc = 0; + uint16_t prefixLength; + uint16_t lengthLength = 0; + uint16_t i = 0; + + if (verbose) printf("prependSequence: total length %u %04x\n", + *partialCertificateDerLength, *partialCertificateDerLength); + /* calculate the number of prepended bytes */ + if (rc == 0) { + /* long form length when greater than 7f */ + if ((*partialCertificateDerLength) > 0x7f) { + lengthLength = (*partialCertificateDerLength / 0x100) + 1; /* +1 to round up */ + prefixLength = 2 + lengthLength; /* SEQUENCE + length of length + length bytes */ + } + /* short form length when up to 7f */ + else { + prefixLength = 2; /* SEQUENCE + length byte */ + } + } + /* shift the partialCertificateDer down by prefix length */ + if (rc == 0) { + memmove(partialCertificateDer + prefixLength, + partialCertificateDer, + *partialCertificateDerLength); + } + /* construct the prefix */ + if (rc == 0) { + partialCertificateDer[0] = 0x30; /* SEQUENCE */ + /* long form length */ + if (lengthLength > 0) { + partialCertificateDer[1] = 0x80 + lengthLength; /* byte 1 bit 7 set for long form */ + for (i = 0 ; i < lengthLength ; i++) { /* start at byte 2 */ + partialCertificateDer[2 + i] = /* add length bytes */ + (*partialCertificateDerLength >> ((lengthLength - i - 1) * 8)) & 0xff; + } + } + /* short form length */ + else { + /* just length for short form, cast safe bacause of above test */ + partialCertificateDer[1] = (uint8_t)*partialCertificateDerLength; + } + *partialCertificateDerLength += prefixLength; /* adjust the total length of the DER */ + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("certifyx509\n"); + printf("\n"); + printf("Runs TPM2_Certifyx509\n"); + printf("\n"); + printf("\t-ho\tobject handle\n"); + printf("\t[-pwdo\tpassword for object (default empty)]\n"); + printf("\t-hk\tcertifying key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc) (default rsa)]\n"); + + printf("\t[-ku\tX509 key usage - string - comma separated, no spaces]\n"); + printf("\t[-iob\tTPMA_OBJECT - 4 byte hex]\n"); + printf("\t\te.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default)\n"); + printf("\t\te.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly\n"); + printf("\t\te.g. fixedTPM: critical,nonRepudiation\n"); + printf("\t\te.g. parent (restrict decrypt): critical,keyEncipherment\n"); + + printf("\t[-bit\tbit in partialCertificate to toggle]\n"); + printf("\t[-sub\tsubject same as issuer for self signed (root) certificate]\n"); + printf("\t[-opc\tpartial certificate file name (default do not save)]\n"); + printf("\t[-oa\taddedToCertificate file name (default do not save)]\n"); + printf("\t[-otbs\tsigned tbsDigest file name (default do not save)]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-ocert\t reconstructed certificate file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} + +#endif /* TPM_TSS_MBEDTLS */ + +#ifdef TPM_TSS_MBEDTLS + +int verbose; + +int main(int argc, char *argv[]) +{ + argc = argc; + argv = argv; + printf("certifyx509 not supported with mbedtls yet\n"); + return 0; +} + +#endif /* TPM_TSS_MBEDTLS */ diff --git a/libstb/tss2/ibmtpm20tss/utils/changeeps.c b/libstb/tss2/ibmtpm20tss/utils/changeeps.c new file mode 100644 index 000000000000..157ec60459c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/changeeps.c @@ -0,0 +1,216 @@ +/********************************************************************************/ +/* */ +/* ChangeEPS */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ChangeEPS_In in; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + in.authHandle = TPM_RH_PLATFORM; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ChangeEPS, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("changeeps: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("changeeps: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("changeeps\n"); + printf("\n"); + printf("Runs TPM2_ChangeEPS\n"); + printf("\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/changepps.c b/libstb/tss2/ibmtpm20tss/utils/changepps.c new file mode 100644 index 000000000000..8de39ff2d9cf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/changepps.c @@ -0,0 +1,216 @@ +/********************************************************************************/ +/* */ +/* ChangePPS */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ChangePPS_In in; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + in.authHandle = TPM_RH_PLATFORM; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ChangePPS, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("changepps: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("changepps: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("changepps\n"); + printf("\n"); + printf("Runs TPM2_ChangePPS\n"); + printf("\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/clear.c b/libstb/tss2/ibmtpm20tss/utils/clear.c new file mode 100644 index 000000000000..ae9ce258e66f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/clear.c @@ -0,0 +1,238 @@ +/********************************************************************************/ +/* */ +/* Clear */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Clear_In in; + char authHandleChar = 0; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (authHandleChar == 'l') { + in.authHandle = TPM_RH_LOCKOUT; + } + else if (authHandleChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Clear, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("clear: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("clear: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("clear\n"); + printf("\n"); + printf("Runs TPM2_Clear\n"); + printf("\n"); + printf("\t-hi\tauthhandle hierarchy (l, p)\n"); + printf("\t\tl lockout, p platform\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/clearcontrol.c b/libstb/tss2/ibmtpm20tss/utils/clearcontrol.c new file mode 100644 index 000000000000..9e2ad6952fec --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/clearcontrol.c @@ -0,0 +1,258 @@ +/********************************************************************************/ +/* */ +/* ClearControl */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ClearControl_In in; + char authHandleChar = 0; + const char *authPassword = NULL; + int state = 1; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (authHandleChar == 'l') { + in.auth = TPM_RH_LOCKOUT; + } + else if (authHandleChar == 'p') { + in.auth = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + if (state != 0) { + in.disable = YES; + } + else { + in.disable = NO; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ClearControl, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("clearcontrol: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("clearcontrol: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("clearcontrol\n"); + printf("\n"); + printf("Runs TPM2_ClearControl\n"); + printf("\n"); + printf("\t-hi\tauthhandle hierarchy (l, p)\n"); + printf("\t\tl lockout, p platform\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\t-state\t0 to disable, 1 to enable (default enable)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/clockrateadjust.c b/libstb/tss2/ibmtpm20tss/utils/clockrateadjust.c new file mode 100644 index 000000000000..7edf41ce23f7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/clockrateadjust.c @@ -0,0 +1,260 @@ +/********************************************************************************/ +/* */ +/* ClockRateAdjust */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ClockRateAdjust_In in; + char hierarchyChar = 'p'; + TPMI_RH_HIERARCHY authHandle = TPM_RH_PLATFORM; + const char *parentPassword = NULL; + TPM_CLOCK_ADJUST rateAdjust = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (rc == 0) { + in.rateAdjust = rateAdjust; + } + /* Table 50 - TPMI_RH_HIERARCHY authHandle */ + if (rc == 0) { + if (hierarchyChar == 'o') { + authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + authHandle = TPM_RH_PLATFORM; + } + else { + printf("Bad parameter %c for -hi\n", hierarchyChar); + printUsage(); + } + in.auth = authHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ClockRateAdjust, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("clockrateadjust: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("clockrateadjust: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("clockrateadjust\n"); + printf("\n"); + printf("Runs TPM2_ClockRateAdjust\n"); + printf("\n"); + printf("\t[-hi\thierarchy auth (p, o) (default p)]\n"); + printf("\t[-pwdp\thierarchy password (default empty)]\n"); + printf("\t[-adj\trate adjust (default 0)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/clockset.c b/libstb/tss2/ibmtpm20tss/utils/clockset.c new file mode 100644 index 000000000000..cc6b15b763ca --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/clockset.c @@ -0,0 +1,310 @@ +/********************************************************************************/ +/* */ +/* ClockSet */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ClockSet_In in; + char hierarchyChar = 'p'; + TPMI_RH_HIERARCHY authHandle = TPM_RH_PLATFORM; + const char *parentPassword = NULL; + uint64_t newClock = 0; + unsigned int addSec = 0; + const char *clockFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((newClock == 0) && (clockFilename == NULL)) { + printf("Missing -clock or -iclock\n"); + printUsage(); + } + if ((newClock != 0) && (clockFilename != NULL)) { + printf("Cannot have both -clock and -iclock\n"); + printUsage(); + } + if ((rc == 0) && (newClock != 0)) { + in.newTime = newClock; + } + if ((rc == 0) && (clockFilename != NULL)) { + unsigned char *data = NULL; + size_t length; + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&data, &length, clockFilename); /* freed @1 */ + } + if (rc == 0) { + if (length != sizeof(in.newTime)) { + printf("Clock file %s length %lu should be %lu\n", + clockFilename, (unsigned long)length, (unsigned long)sizeof(in.newTime)); + } + } + if (rc == 0) { + memcpy((uint8_t *)&in.newTime, data, length); + } + free(data); /* @1 */ + } + /* Table 50 - TPMI_RH_HIERARCHY authHandle */ + if (rc == 0) { + in.newTime += (addSec * 1000); /* new clock is in msec */ + if (tssUtilsVerbose) printf("clockset: New clock %"PRIu64"\n", in.newTime); + if (hierarchyChar == 'o') { + authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + authHandle = TPM_RH_PLATFORM; + } + else { + printf("Bad parameter %c for -hi\n", hierarchyChar); + printUsage(); + } + in.auth = authHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ClockSet, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("clockset: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("clockset: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("clockset\n"); + printf("\n"); + printf("Runs TPM2_ClockSet\n"); + printf("\n"); + printf("\t-clock\t\tnew clock\n"); + printf("\t-iclock\t\tnew clock file name\n"); + printf("\t[-addsec\tseconds to add to new clock]\n"); + printf("\t-hi\t\thierarchy (o, p) (default platform)\n"); + printf("\t\to owner, p platform\n"); + printf("\t-pwdp\t\tpassword for hierarchy (default empty)\n"); + printf("\n"); + printf("\t-se[0-2]\t session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/commit.c b/libstb/tss2/ibmtpm20tss/utils/commit.c new file mode 100644 index 000000000000..b6c560081355 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/commit.c @@ -0,0 +1,395 @@ +/********************************************************************************/ +/* */ +/* Commit */ +/* Written by Bill Martin */ +/* Green Hills Integrity Software Services */ +/* */ +/* (c) Copyright IBM Corporation 2017 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "objecttemplates.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Commit_In in; + Commit_Out out; + TPMI_DH_OBJECT signHandle = 0; + TPMA_OBJECT objectAttributes; + const char *s2Filename = NULL; + const char *y2Filename = NULL; + const char *dataFilename = NULL; + const char *Kfilename = NULL; + const char *Lfilename = NULL; + const char *Efilename = NULL; + const char *counterFilename = NULL; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + objectAttributes.val = 0; + objectAttributes.val |= TPMA_OBJECT_NODA; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (signHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that will perform signing */ + in.signHandle = signHandle; + } + /* set P1 */ + if (rc == 0) { + if (dataFilename != NULL) { + rc = TSS_File_ReadStructure(&in.P1, + (UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu, + dataFilename); + } + else { + in.P1.point.x.t.size = 0; + in.P1.point.y.t.size = 0; + } + } + /* set S2 */ + if (rc == 0) { + if (s2Filename != NULL) { + rc = TSS_File_Read2B(&in.s2.b, + sizeof(in.s2.t.buffer), + s2Filename); + } + else { + in.s2.t.size = 0; + } + } + /* set y2 */ + if (rc == 0) { + if (y2Filename != NULL) { + rc = TSS_File_Read2B(&in.y2.b, + sizeof(in.y2.t.buffer), + y2Filename); + } + else { + in.y2.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Commit, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (Kfilename != NULL)) { + rc = TSS_File_WriteStructure(&out.K, + (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu, + Kfilename); + + + } + if ((rc == 0) && (Lfilename != NULL)) { + rc = TSS_File_WriteStructure(&out.L, + (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu, + Lfilename); + + + } + if ((rc == 0) && (Efilename != NULL)) { + rc = TSS_File_WriteStructure(&out.E, + (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu, + Efilename); + + + } + if (rc == 0) { + if (tssUtilsVerbose) printf("counter is %d\n", out.counter); + if (counterFilename != NULL) { + rc = TSS_File_WriteStructure(&out.counter, + (MarshalFunction_t)TSS_UINT16_Marshalu, + counterFilename); + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("commit: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("commit: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + + +static void printUsage(void) +{ + printf("\n"); + printf("commit\n"); + printf("\n"); + printf("Runs TPM2_Commit\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t[-pt\tpoint input file name (default empty)]\n"); + printf("\t[-s2\ts2 input file name (default empty)]\n"); + printf("\t[-y2\ty2 input file name (default empty)]\n"); + printf("\t[-Kf\tK output data file name (default do not save)]\n"); + printf("\t[-Lf\toutput data file name (default do not save)]\n"); + printf("\t[-Ef\toutput data file name (default do not save)]\n"); + printf("\t[-cf\toutput counter file name (default do not save)]\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} + + + diff --git a/libstb/tss2/ibmtpm20tss/utils/contextload.c b/libstb/tss2/ibmtpm20tss/utils/contextload.c new file mode 100644 index 000000000000..315953b93fee --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/contextload.c @@ -0,0 +1,146 @@ +/********************************************************************************/ +/* */ +/* ContextLoad */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ContextLoad_In in; + ContextLoad_Out out; + const char *contextFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ContextSave_In in; + ContextSave_Out out; + TPMI_DH_CONTEXT saveHandle = 0; + const char *contextFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "objecttemplates.h" +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Create_In in; + Create_Out out; + TPMI_DH_OBJECT parentHandle = 0; + TPMA_OBJECT addObjectAttributes; + TPMA_OBJECT deleteObjectAttributes; + int keyType = 0; + uint32_t keyTypeSpecified = 0; + int rev116 = FALSE; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_ECC_CURVE curveID = TPM_ECC_NONE; + TPMI_RSA_KEY_BITS keyBits = 2048; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + const char *policyFilename = NULL; + const char *publicKeyFilename = NULL; + const char *privateKeyFilename = NULL; + const char *pemFilename = NULL; + const char *ticketFilename = NULL; + const char *creationHashFilename = NULL; + const char *dataFilename = NULL; + const char *keyPassword = NULL; + const char *parentPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + addObjectAttributes.val = 0; + addObjectAttributes.val |= TPMA_OBJECT_NODA; + deleteObjectAttributes.val = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (parentHandle == 0) { + printf("Missing handle parameter -hp\n"); + printUsage(); + } + if (keyTypeSpecified != 1) { + printf("Missing or too many key attributes\n"); + printUsage(); + } + switch (keyType) { + case TYPE_BL: + if (dataFilename == NULL) { + printf("-bl needs -if (sealed data object needs data to seal)\n"); + printUsage(); + } + break; + case TYPE_DAA: + case TYPE_DAAR: + if (algPublic != TPM_ALG_ECC) { + printf("-dau and -dar need -ecc\n"); + printUsage(); + } + if (dataFilename != NULL) { + printf("asymmetric key cannot have -if (sensitive data)\n"); + printUsage(); + } + break; + case TYPE_ST: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + if (dataFilename != NULL) { + printf("asymmetric key cannot have -if (sensitive data)\n"); + printUsage(); + } + break; + case TYPE_DES: + case TYPE_KH: + case TYPE_KHR: + case TYPE_DP: + /* inSensitive optional for symmetric keys */ + break; + } + if (rc == 0) { + in.parentHandle = parentHandle; + } + /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */ + if (rc == 0) { + /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure sensitive */ + /* Table 75 - Definition of Types for TPM2B_AUTH userAuth */ + if (keyPassword == NULL) { + in.inSensitive.sensitive.userAuth.t.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, + keyPassword, + sizeof(in.inSensitive.sensitive.userAuth.t.buffer)); + } + } + if (rc == 0) { + /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ + if (dataFilename != NULL) { + rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, + sizeof(in.inSensitive.sensitive.data.t.buffer), + dataFilename); + } + else { + in.inSensitive.sensitive.data.t.size = 0; + } + } + /* TPM2B_PUBLIC */ + if (rc == 0) { + switch (keyType) { + case TYPE_BL: + rc = blPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, + policyFilename); + break; + case TYPE_ST: + case TYPE_DAA: + case TYPE_DAAR: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + rc = asymPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, algPublic, keyBits, curveID, nalg, halg, + policyFilename); + break; + case TYPE_DES: + rc = symmetricCipherTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, rev116, + policyFilename); + break; + case TYPE_KH: + case TYPE_KHR: + rc = keyedHashPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, nalg, halg, + policyFilename); + break; + case TYPE_DP: + rc = derivationParentPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, halg, + policyFilename); + } + } + if (rc == 0) { + /* TPM2B_DATA outsideInfo */ + in.outsideInfo.t.size = 0; + /* Table 102 - TPML_PCR_SELECTION creationPCR */ + in.creationPCR.count = 0; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Create, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* + validate the creation data + */ + { + uint16_t written = 0; + uint8_t *buffer = NULL; /* for the free */ + uint32_t sizeInBytes; + TPMT_HA digest; + + /* get the digest size from the Name algorithm */ + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(nalg); + if (out.creationHash.b.size != sizeInBytes) { + printf("create: failed, " + "creationData size %u incompatible with name algorithm %04x\n", + out.creationHash.b.size, nalg); + rc = EXIT_FAILURE; + } + } + /* re-marshal the output structure */ + if (rc == 0) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + &out.creationData.creationData, + (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshalu); + } + /* recalculate the creationHash from creationData */ + if (rc == 0) { + digest.hashAlg = nalg; /* Name digest algorithm */ + rc = TSS_Hash_Generate(&digest, + written, buffer, + 0, NULL); + } + /* compare the digest to creation hash */ + if (rc == 0) { + int irc; + irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes); + if (irc != 0) { + printf("create: failed, creationData hash does not match creationHash\n"); + rc = EXIT_FAILURE; + } + } + free(buffer); /* @1 */ + } + /* save the private key */ + if ((rc == 0) && (privateKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPrivate, + (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshalu, + privateKeyFilename); + } + /* save the public key */ + if ((rc == 0) && (publicKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPublic, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + publicKeyFilename); + } + /* save the optional PEM public key */ + if ((rc == 0) && (pemFilename != NULL)) { + rc = convertPublicToPEM(&out.outPublic, + pemFilename); + } + /* save the optional creation ticket */ + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.creationTicket, + (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshalu, + ticketFilename); + } + /* save the optional creation hash */ + if ((rc == 0) && (creationHashFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer, + out.creationHash.b.size, + creationHashFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("create: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("create: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("create\n"); + printf("\n"); + printf("Runs TPM2_Create\n"); + printf("\n"); + printf("\t-hp parent handle\n"); + printf("\n"); + printUsageTemplate(); + printf("\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-pwdp\tpassword for parent key (default empty)]\n"); + printf("\n"); + printf("\t[-opu\tpublic key file name (default do not save)]\n"); + printf("\t[-opr\tprivate key file name (default do not save)]\n"); + printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n"); + printf("\t[-tk\toutput ticket file name (default do not save)]\n"); + printf("\t[-ch\toutput creation hash file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/createek.c b/libstb/tss2/ibmtpm20tss/utils/createek.c new file mode 100644 index 000000000000..d15aa8f09df8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/createek.c @@ -0,0 +1,294 @@ +/********************************************************************************/ +/* */ +/* IWG EK Index Parsing */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This demo application shows the EK createprimary process. + + It reads the EK template at 01c00004 (RSA) 01c0000c (EC) + + It reads the EK nonce at 01c00003 (RSA) 01c0000b (EC) + + It constructs an EK createprimary input and runs the command + + It reads the EK certificate at 01c00002 (RSA) 01c0000a (EC) + + It compares the public key from the createprimary to that of the certificate. + + If validates the EK certificate against the TPM vendor root CA certificate. + + To validate certificate against the root, it must be in a file in PEM format. The root typically + comes from the TPM vendor in DER (binary) format. Convert using openssl, approximately: + + > openssl x509 -inform der -outform pem -in certificate.der -out certificate.pem + + This is a one time operation. +*/ + +#include +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include + +#include "ekutils.h" + +/* local function prototypes */ + +static void printUsage(void); + +/* possible utility commands */ + +#define EKTemplateType 1 +#define EKNonceType 2 +#define EKCertType 3 +#define CreateprimaryType 4 + +#define AlgRSA 1 +#define AlgEC 2 + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + unsigned int ui; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + int inputType = 0; + const char *listFilename = NULL; + unsigned int inputCount = 0; + unsigned int algType = 0; + /* initialized to suppress false gcc -O3 warning */ + TPMI_RH_NV_INDEX ekCertIndex = 0; + TPMI_RH_NV_INDEX ekNonceIndex = 0; + TPMI_RH_NV_INDEX ekTemplateIndex = 0; + TPMT_PUBLIC tpmtPublic; + char *rootFilename[MAX_ROOTS]; + unsigned int rootFileCount = 0; + unsigned char *nonce = NULL; /* freed @1 */ + uint16_t nonceSize; + void *ekCertificate = NULL; + uint8_t *modulusBin = NULL; + int modulusBytes; + unsigned int noFlush = 0; /* default flush after validation */ + TPM_HANDLE keyHandle; /* primary key handle */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* for free */ + for (i = 0 ; i < MAX_ROOTS ; i++) { + rootFilename[i] = NULL; + } + /* command line argument defaults */ + for (i=1 ; (i 1) { + printf("Only one of -te, -no, -ce can be specified\n"); + printUsage(); + } + if ((inputCount == 0) && (listFilename == NULL)) { + printf("Nothing to do\n"); + printUsage(); + } + if (algType == 0) { + printf("-alg must be specified\n"); + printUsage(); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + if (rc == 0) { + switch (inputType) { + case EKTemplateType: + rc = processEKTemplate(tssContext, &tpmtPublic, ekTemplateIndex, TRUE); + if (rc != 0) { + printf("No EK template\n"); + } + break; + case EKNonceType: + rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, TRUE); + if (rc != 0) { + printf("No EK nonce\n"); + } + break; + case EKCertType: + rc = processEKCertificate(tssContext, + &ekCertificate, /* freed @2 */ + &modulusBin, &modulusBytes, /* freed @3 */ + ekCertIndex, + TRUE); /* print the EK certificate */ + break; + case CreateprimaryType: + rc = processPrimary(tssContext, &keyHandle, + ekCertIndex, ekNonceIndex, ekTemplateIndex, + noFlush, TRUE); + break; + } + } + if (listFilename != NULL) { + if (rc == 0) { + rc = getRootCertificateFilenames(rootFilename, /* freed @4 */ + &rootFileCount, + listFilename, + tssUtilsVerbose); + } + if (rc == 0) { + rc = processRoot(tssContext, + ekCertIndex, + (const char **)rootFilename, + rootFileCount, + TRUE); + } + } + if ((rc == 0) && noFlush && (inputType == CreateprimaryType)) { + printf("Primary key Handle %08x\n", keyHandle); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + free(nonce); /* @1 */ + x509FreeStructure(ekCertificate); /* @2 */ + free(modulusBin); /* @3 */ + for (ui = 0 ; ui < rootFileCount ; ui++) { + free(rootFilename[ui]); /* @4 */ + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("createek\n"); + printf("\n"); + printf("Parses and prints the various EK NV indexes specified by the IWG\n"); + printf("Creates a primary key based on the EK NV indexes\n"); + printf("\n"); + printf("\t-te\tprint EK Template \n"); + printf("\t-no\tprint EK nonce \n"); + printf("\t-ce\tprint EK certificate \n"); + printf("\t-cp\tCreatePrimary using the EK template and EK nonce.\n"); + printf("\t\tValidate the EK against the EK certificate\n"); + printf("\t[-noflush\tDo not flush the primary key after validation]\n"); + printf("\t[-root\tfilename - validate EK certificate against the root]\n"); + printf("\t\tfilename contains a list of PEM format CA root certificate\n" + "\t\tfilenames, one per line.\n"); + printf("\t\tThe list may contain up to %u certificates.\n", MAX_ROOTS); + printf("\t-alg (rsa or ecc) \n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/createekcert.c b/libstb/tss2/ibmtpm20tss/utils/createekcert.c new file mode 100644 index 000000000000..072407cde406 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/createekcert.c @@ -0,0 +1,488 @@ +/********************************************************************************/ +/* */ +/* TPM 2.0 Attestation - Client EK and EK certificate */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This program provisions an EK certificate. It is required only for a SW TPM, which does not, of + course, come with a certificate. + + NOTE This is a one time operation unless the EPS is changed, typically through the TSS regression + test. I suggest saving the NVChip file. + + Steps implemented: + + Create a primary key using the default IWG template + + Create a certificate using the CA key cakey.pem + + Create NV Index if not already provisioned. + + Write the certificate to NV. +*/ + +#include +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include +#include "ekutils.h" + +/* local function prototypes */ + +static void printUsage(void); + +static TPM_RC defineEKCertIndex(TSS_CONTEXT *tssContext, + uint32_t certLength, + TPMI_RH_NV_INDEX nvIndex, + const char *platformPassword); +static TPM_RC storeEkCertificate(TSS_CONTEXT *tssContext, + uint32_t certLength, + unsigned char *certificate, + TPMI_RH_NV_INDEX nvIndex, + const char *platformPassword); + +int vverbose = 0; +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + int rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + int noFlush = FALSE; + const char *certificateFilename = NULL; + TPMI_RH_NV_INDEX ekCertIndex = EK_CERT_RSA_INDEX; + /* the CA for endorsement key certificates */ + const char *caKeyFileName = NULL; + const char *caKeyPassword = ""; + const char *platformPassword = NULL; + TPMT_PUBLIC tpmtPublicOut; /* primary key public part */ + char *x509CertString = NULL; + char *pemCertString = NULL; + uint32_t certLength; + unsigned char *certificate = NULL; + + /* FIXME may be better from command line or config file */ + char *subjectEntries[] = { + "US", /* 0 country */ + "NY", /* 1 state */ + "Yorktown", /* 2 locality*/ + "IBM", /* 3 organization */ + NULL, /* 4 organization unit */ + "IBM's SW TPM", /* 5 common name */ + NULL /* 6 email */ + }; + /* FIXME should come from root certificate, cacert.pem, cacertec.pem */ + char *rootIssuerEntriesRsa[] = { + "US" , + "NY" , + "Yorktown" , + "IBM" , + NULL , + "EK CA" , + NULL + }; + char *rootIssuerEntriesEc[] = { + "US" , + "NY" , + "Yorktown" , + "IBM" , + NULL , + "EK EC CA" , + NULL + }; + /* default RSA */ + char **issuerEntries = rootIssuerEntriesRsa; + size_t issuerEntriesSize = sizeof(rootIssuerEntriesRsa)/sizeof(char *); + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +#include "objecttemplates.h" +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + CreateLoaded_In in; + CreateLoaded_Out out; + TPMT_PUBLIC publicArea; + TPMI_DH_OBJECT parentHandle = 0; + TPMA_OBJECT addObjectAttributes; + TPMA_OBJECT deleteObjectAttributes; + int derived = FALSE; /* parent is derivation parent */ + int keyType = 0; + uint32_t keyTypeSpecified = 0; + int rev116 = FALSE; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_RSA_KEY_BITS keyBits = 2048; + TPMI_ECC_CURVE curveID = TPM_ECC_NONE; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + const char *policyFilename = NULL; + const char *publicKeyFilename = NULL; + const char *privateKeyFilename = NULL; + const char *pemFilename = NULL; + const char *dataFilename = NULL; + const char *keyPassword = NULL; + const char *parentPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + addObjectAttributes.val = 0; + addObjectAttributes.val |= TPMA_OBJECT_NODA; + deleteObjectAttributes.val = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (parentHandle == 0) { + printf("Missing handle parameter -hp\n"); + printUsage(); + } + if (keyTypeSpecified != 1) { + printf("Missing key attributes\n"); + printUsage(); + } + switch (keyType) { + case TYPE_BL: + if (dataFilename == NULL) { + printf("-bl needs -if (sealed data object needs data to seal)\n"); + printUsage(); + } + break; + case TYPE_ST: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + if (dataFilename != NULL) { + printf("asymmetric key cannot have -if (sensitive data)\n"); + printUsage(); + } + case TYPE_DES: + case TYPE_KH: + case TYPE_KHR: + case TYPE_DP: + /* inSensitive optional for symmetric keys */ + break; + } + if (rc == 0) { + in.parentHandle = parentHandle; + } + /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */ + if (rc == 0) { + /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure sensitive */ + /* Table 75 - Definition of Types for TPM2B_AUTH userAuth */ + if (keyPassword == NULL) { + in.inSensitive.sensitive.userAuth.t.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, + keyPassword, + sizeof(in.inSensitive.sensitive.userAuth.t.buffer)); + } + } + if (rc == 0) { + /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ + if (dataFilename != NULL) { + rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, + sizeof(in.inSensitive.sensitive.data.t.buffer), + dataFilename); + } + else { + in.inSensitive.sensitive.data.t.size = 0; + } + } + /* TPM2B_PUBLIC */ + if (rc == 0) { + switch (keyType) { + case TYPE_BL: + rc = blPublicTemplate(&publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, + policyFilename); + break; + case TYPE_ST: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + rc = asymPublicTemplate(&publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, algPublic, keyBits, curveID, nalg, halg, + policyFilename); + break; + case TYPE_DES: + rc = symmetricCipherTemplate(&publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, rev116, + policyFilename); + break; + case TYPE_KH: + case TYPE_KHR: + rc = keyedHashPublicTemplate(&publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, nalg, halg, + policyFilename); + break; + case TYPE_DP: + rc = derivationParentPublicTemplate(&publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, halg, + policyFilename); + } + } + /* marshal the TPMT_PUBLIC into the TPM2B_TEMPLATE */ + if (rc == 0) { + uint16_t written = 0; + uint32_t size = sizeof(in.inPublic.t.buffer); + uint8_t *buffer = in.inPublic.t.buffer; + if (!derived) { /* not derivation parent */ + rc = TSS_TPMT_PUBLIC_Marshalu(&publicArea, &written, &buffer, &size); + } + else { /* derivation parent */ + /* The API changed from rev 142 to 146. This is the 146 API. It is unlikely that any + 138 HW TPM will implement the 142 errata, but care must be taken to use a current SW + TPM. */ + /* derived key has TPMS_CONTEXT parameter */ + publicArea.unique.derive.label.t.size = 0; + publicArea.unique.derive.context.t.size = 0; + /* sensitiveDataOrigin has to be CLEAR in a derived object */ + publicArea.objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; + rc = TSS_TPMT_PUBLIC_D_Marshalu(&publicArea, &written, &buffer, &size); + } + in.inPublic.t.size = written; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_CreateLoaded, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* save the private key */ + if ((rc == 0) && (privateKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPrivate, + (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshalu, + privateKeyFilename); + } + /* save the public key */ + if ((rc == 0) && (publicKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPublic, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + publicKeyFilename); + } + /* save the optional PEM public key */ + if ((rc == 0) && (pemFilename != NULL)) { + rc = convertPublicToPEM(&out.outPublic, + pemFilename); + } + if (rc == 0) { + printf("Handle %08x\n", out.objectHandle); + if (tssUtilsVerbose) printf("createloaded: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("createloaded: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("createloaded\n"); + printf("\n"); + printf("Runs TPM2_CreateLoaded\n"); + printf("\n"); + printf("\t-hp parent handle (can be hierarchy)\n"); + printf("\t\t40000001 Owner\n"); + printf("\t\t4000000c Platform\n"); + printf("\t\t4000000b Endorsement\n"); + printf("\n"); + printUsageTemplate(); + printf("\n"); + printf("\t[-der\tobject's parent is a derivation parent]\n"); + printf("\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-pwdp\tpassword for parent key (default empty)]\n"); + printf("\n"); + printf("\t[-opu\tpublic key file name (default do not save)]\n"); + printf("\t[-opr\tprivate key file name (default do not save)]\n"); + printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/createprimary.c b/libstb/tss2/ibmtpm20tss/utils/createprimary.c new file mode 100644 index 000000000000..3c7676f4c825 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/createprimary.c @@ -0,0 +1,806 @@ +/********************************************************************************/ +/* */ +/* Create Primary */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "objecttemplates.h" +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + CreatePrimary_In in; + CreatePrimary_Out out; + char hierarchyChar = 'n'; + TPMI_RH_HIERARCHY primaryHandle = TPM_RH_NULL; + TPMA_OBJECT addObjectAttributes; + TPMA_OBJECT deleteObjectAttributes; + int keyType = TYPE_ST; + uint32_t keyTypeSpecified = 0; + int rev116 = FALSE; + const char *uniqueFilename = NULL; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + TPMI_RSA_KEY_BITS keyBits = 2048; + TPMI_ECC_CURVE curveID = TPM_ECC_NONE; + const char *policyFilename = NULL; + const char *publicKeyFilename = NULL; + const char *pemFilename = NULL; + const char *ticketFilename = NULL; + const char *creationHashFilename = NULL; + const char *dataFilename = NULL; + const char *keyPassword = NULL; + const char *parentPassword = NULL; + const char *parentPasswordFilename = NULL; + const char *parentPasswordPtr = NULL; + uint8_t *parentPasswordBuffer = NULL; /* for the free */ + size_t parentPasswordLength = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + addObjectAttributes.val = 0; + addObjectAttributes.val |= TPMA_OBJECT_NODA; + addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM; + addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT; + deleteObjectAttributes.val = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyTypeSpecified > 1) { + printf("Too many key attributes\n"); + printUsage(); + } + switch (keyType) { + case TYPE_BL: + if (dataFilename == NULL) { + printf("-bl needs -if (sealed data object needs data to seal)\n"); + printUsage(); + } + break; + case TYPE_DAA: + case TYPE_DAAR: + if (algPublic != TPM_ALG_ECC) { + printf("-dau and -dar need -ecc\n"); + printUsage(); + } + if (dataFilename != NULL) { + printf("asymmetric key cannot have -if (sensitive data)\n"); + printUsage(); + } + break; + case TYPE_ST: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + if (dataFilename != NULL) { + printf("asymmetric key cannot have -if (sensitive data)\n"); + printUsage(); + } + break; + case TYPE_DES: + case TYPE_KH: + case TYPE_KHR: + case TYPE_DP: + /* inSensitive optional for symmetric keys */ + break; + } + if (rc == 0) { + if ((parentPassword != NULL) && (parentPasswordFilename != NULL)) { + printf("Cannot specify both -pwdp and -pwdpi\n"); + printUsage(); + } + } + if (rc == 0) { + /* command auth from string */ + if (parentPassword != NULL) { + parentPasswordPtr = parentPassword; + } + /* command parent from file */ + else if (parentPasswordFilename != NULL) { + if (rc == 0) { + /* must be freed by caller */ + rc = TSS_File_ReadBinaryFile(&parentPasswordBuffer, /* freed @1 */ + &parentPasswordLength, + parentPasswordFilename); + } + if (rc == 0) { + if (parentPasswordLength > sizeof(TPMU_HA)) { + printf("Password too long %u\n", (unsigned int)parentPasswordLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + parentPasswordPtr = (const char *)parentPasswordBuffer; + } + } + /* no command parent specified */ + else { + parentPasswordPtr = NULL; + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (hierarchyChar == 'e') { + primaryHandle = TPM_RH_ENDORSEMENT; + } + else if (hierarchyChar == 'o') { + primaryHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + primaryHandle = TPM_RH_PLATFORM; + } + else if (hierarchyChar == 'n') { + primaryHandle = TPM_RH_NULL; + } + else { + printf("Bad parameter %c for -hi\n", hierarchyChar); + printUsage(); + } + in.primaryHandle = primaryHandle; + } + /* Table 134 - TPM2B_SENSITIVE_CREATE inSensitive */ + if (rc == 0) { + /* Table 133 - TPMS_SENSITIVE_CREATE */ + { + if (keyPassword == NULL) { + in.inSensitive.sensitive.userAuth.t.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, + keyPassword, + sizeof(in.inSensitive.sensitive.userAuth.t.buffer)); + } + } + } + if (rc == 0) { + /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ + if (dataFilename != NULL) { + rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, + sizeof(in.inSensitive.sensitive.data.t.buffer), + dataFilename); + } + else { + in.inSensitive.sensitive.data.t.size = 0; + } + } + /* Table 185 - TPM2B_PUBLIC inPublic */ + if (rc == 0) { + switch (keyType) { + case TYPE_BL: + rc = blPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, + policyFilename); + break; + case TYPE_ST: + case TYPE_DAA: + case TYPE_DAAR: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + rc = asymPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, algPublic, keyBits, curveID, nalg, halg, + policyFilename); + break; + case TYPE_DES: + rc = symmetricCipherTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, rev116, + policyFilename); + break; + case TYPE_KH: + case TYPE_KHR: + rc = keyedHashPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + keyType, nalg, halg, + policyFilename); + break; + case TYPE_DP: + rc = derivationParentPublicTemplate(&in.inPublic.publicArea, + addObjectAttributes, deleteObjectAttributes, + nalg, halg, + policyFilename); + break; + } + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 158 - TPM2B_PUBLIC_KEY_RSA rsa */ + if (rc == 0) { + if (uniqueFilename != NULL) { + rc = TSS_File_Read2B(&in.inPublic.publicArea.unique.rsa.b, + sizeof(in.inPublic.publicArea.unique.rsa.t.buffer), + uniqueFilename); + } + else { + in.inPublic.publicArea.unique.rsa.t.size = 0; + } + } + /* TPM2B_DATA outsideInfo */ + if (rc == 0) { + in.outsideInfo.t.size = 0; + } + /* Table 102 - TPML_PCR_SELECTION */ + /* TPML_PCR_SELECTION creationPCR */ + if (rc == 0) { + in.creationPCR.count = 0; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_CreatePrimary, + sessionHandle0, parentPasswordPtr, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* + validate the creation data + */ + { + uint16_t written = 0; + uint8_t *buffer = NULL; /* for the free */ + uint32_t sizeInBytes; + TPMT_HA digest; + + /* get the digest size from the Name algorithm */ + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(nalg); + if (out.creationHash.b.size != sizeInBytes) { + printf("createprimary: failed, " + "creationData size %u incompatible with name algorithm %04x\n", + out.creationHash.b.size, nalg); + rc = EXIT_FAILURE; + } + } + /* re-marshal the output structure */ + if (rc == 0) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + &out.creationData.creationData, + (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshalu); + } + /* recalculate the creationHash from creationData */ + if (rc == 0) { + digest.hashAlg = nalg; /* Name digest algorithm */ + rc = TSS_Hash_Generate(&digest, + written, buffer, + 0, NULL); + } + /* compare the digest to creation hash */ + if (rc == 0) { + int irc; + irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes); + if (irc != 0) { + printf("createprimary: failed, creationData hash does not match creationHash\n"); + rc = EXIT_FAILURE; + } + } + free(buffer); /* @1 */ + } + /* save the public key */ + if ((rc == 0) && (publicKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPublic, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + publicKeyFilename); + } + /* save the optional PEM public key */ + if ((rc == 0) && (pemFilename != NULL)) { + rc = convertPublicToPEM(&out.outPublic, + pemFilename); + } + /* save the optional creation ticket */ + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.creationTicket, + (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshalu, + ticketFilename); + } + /* save the optional creation hash */ + if ((rc == 0) && (creationHashFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer, + out.creationHash.b.size, + creationHashFilename); + } + if (rc == 0) { + printf("Handle %08x\n", out.objectHandle); + if (algPublic == TPM_ALG_RSA) { + if (tssUtilsVerbose) TSS_PrintAll("createprimary: public modulus", + out.outPublic.publicArea.unique.rsa.t.buffer, + out.outPublic.publicArea.unique.rsa.t.size); + } + else if (algPublic == TPM_ALG_ECC) { + if (tssUtilsVerbose) TSS_PrintAll("createprimary: public point X", + out.outPublic.publicArea.unique.ecc.x.t.buffer, + out.outPublic.publicArea.unique.ecc.x.t.size); + if (tssUtilsVerbose) TSS_PrintAll("createprimary: public point Y", + out.outPublic.publicArea.unique.ecc.y.t.buffer, + out.outPublic.publicArea.unique.ecc.y.t.size); + } + if (tssUtilsVerbose) printf("createprimary: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("createprimary: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(parentPasswordBuffer); /* @1 */ + parentPasswordBuffer = NULL; + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("createprimary creates a primary storage key\n"); + printf("\n"); + printf("Runs TPM2_CreatePrimary\n"); + printf("\n"); + printf("\t[-hi\t\thierarchy (e, o, p, n) (default null)]\n"); + printf("\t[-pwdp\t\tpassword for hierarchy (default empty)]\n"); + printf("\t[-pwdpi\t\tpassword file name for hierarchy (default empty)]\n"); + printf("\t[-pwdk\t\tpassword for key (default empty)]\n"); + printf("\t[-iu\t\tinPublic unique field file (default none)]\n"); + printf("\t[-opu\t\tpublic key file name (default do not save)]\n"); + printf("\t[-opem\t\tpublic key PEM format file name (default do not save)]\n"); + printf("\t[-tk\t\toutput ticket file name]\n"); + printf("\t[-ch\t\toutput creation hash file name]\n"); + printf("\n"); + printUsageTemplate(); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/cryptoutils.c b/libstb/tss2/ibmtpm20tss/utils/cryptoutils.c new file mode 100644 index 000000000000..af46b3c5ff05 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/cryptoutils.c @@ -0,0 +1,2079 @@ +/********************************************************************************/ +/* */ +/* OpenSSL Crypto Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* These functions are worthwhile sample code that probably (judgment call) do not belong in the TSS + library. + + They abstract out crypto library functions. + + They show how to convert public or private EC or RSA among PEM format <-> EVP format <-> EC_KEY + or RSA format <-> binary arrays <-> TPM format TPM2B_PRIVATE, TPM2B_SENSITIVE, TPM2B_PUBLIC + usable for loadexternal or import. + + There are functions to convert public keys from TPM <-> RSA, ECC <-> PEM, and to verify a TPM + signature using a PEM format public key. +*/ + +#include +#include +#include +#include +#include + +#ifndef TPM_TSS_NORSA +#include +#endif /* TPM_TSS_NORSA */ +#include +#include +#include + +#ifndef TPM_TSS_NOECC +#include +#endif + +#ifndef TPM_TSS_NOFILE +#include +#endif +#include +#include +#include +#include +#include + +#include "objecttemplates.h" +#include "cryptoutils.h" + +/* verbose tracing flag shared by command line utilities */ + +int tssUtilsVerbose; + +/* openssl compatibility functions, during the transition from 1.0.1, 1.0.2, 1.1.0, 1.1.1. Some + structures were made opaque, with gettters and setters. Some parameters were made const. Some + function names changed. */ + +/* Some functions add const to parameters as of openssl 1.1.0 */ + +/* These functions are only required for OpenSSL 1.0. OpenSSL 1.1 has them, and the structures are + opaque. */ + +#if OPENSSL_VERSION_NUMBER < 0x10100000 + +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) { + *pr = sig->r; + } + if (ps != NULL) { + *ps = sig->s; + } + return; +} + +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) +{ + return x->cert_info->signature; +} + +void RSA_get0_key(const RSA *rsaKey, + const BIGNUM **n, + const BIGNUM **e, + const BIGNUM **d) +{ + if (n != NULL) { + *n = rsaKey->n; + } + if (e != NULL) { + *e = rsaKey->e; + } + if (d != NULL) { + *d = rsaKey->d; + } + return; +} + +void RSA_get0_factors(const RSA *rsaKey, + const BIGNUM **p, + const BIGNUM **q) +{ + if (p != NULL) { + *p = rsaKey->p; + } + if (q != NULL) { + *q = rsaKey->q; + } + return; +} + +#endif /* pre openssl 1.1 */ + +/* These functions are only required for OpenSSL 1.0.1 OpenSSL 1.0.2 has them, and the structures + are opaque. In 1.1.0, the parameters became const. */ + +#if OPENSSL_VERSION_NUMBER < 0x10002000 + +void X509_get0_signature(OSSLCONST ASN1_BIT_STRING **psig, + OSSLCONST X509_ALGOR **palg, const X509 *x) +{ + *psig = x->signature; + *palg = x->sig_alg; + return; +} + +#endif /* pre openssl 1.0.2 */ + +#ifndef TPM_TSS_NOFILE + +/* getCryptoLibrary() returns a string indicating the underlying crypto library. + + It can be used for programs that must account for library differences. +*/ + +void getCryptoLibrary(const char **name) +{ + *name = "openssl"; + return; +} + +/* convertPemToEvpPrivKey() converts a PEM key file to an openssl EVP_PKEY key pair */ + +TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey, /* freed by caller */ + const char *pemKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + FILE *pemKeyFile = NULL; + + if (rc == 0) { + rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); /* closed @2 */ + } + if (rc == 0) { + *evpPkey = PEM_read_PrivateKey(pemKeyFile, NULL, NULL, (void *)password); + if (*evpPkey == NULL) { + printf("convertPemToEvpPrivKey: Error reading key file %s\n", pemKeyFilename); + rc = EXIT_FAILURE; + } + } + if (pemKeyFile != NULL) { + fclose(pemKeyFile); /* @2 */ + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NOFILE + +/* convertPemToEvpPubKey() converts a PEM public key file to an openssl EVP_PKEY public key */ + +TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey, /* freed by caller */ + const char *pemKeyFilename) +{ + TPM_RC rc = 0; + FILE *pemKeyFile = NULL; + + if (rc == 0) { + rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); /* closed @2 */ + } + if (rc == 0) { + *evpPkey = PEM_read_PUBKEY(pemKeyFile, NULL, NULL, NULL); + if (*evpPkey == NULL) { + printf("convertPemToEvpPubKey: Error reading key file %s\n", pemKeyFilename); + rc = EXIT_FAILURE; + } + } + if (pemKeyFile != NULL) { + fclose(pemKeyFile); /* @2 */ + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NOFILE + +/* convertPemToRsaPrivKey() converts a PEM format keypair file to a library specific RSA key + token. + + The return is void because the structure is opaque to the caller. This accomodates other crypto + libraries. + + rsaKey is an RSA structure +*/ + +TPM_RC convertPemToRsaPrivKey(void **rsaKey, /* freed by caller */ + const char *pemKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + FILE *pemKeyFile = NULL; + + if (rc == 0) { + rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); /* closed @1 */ + } + if (rc == 0) { + *rsaKey = (void *)PEM_read_RSAPrivateKey(pemKeyFile, NULL, NULL, (void *)password); + if (*rsaKey == NULL) { + printf("convertPemToRsaPrivKey: Error in OpenSSL PEM_read_RSAPrivateKey()\n"); + rc = EXIT_FAILURE; + } + } + if (pemKeyFile != NULL) { + fclose(pemKeyFile); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NOECC + +/* convertEvpPkeyToEckey retrieves the EC_KEY key token from the EVP_PKEY */ + +TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey, /* freed by caller */ + EVP_PKEY *evpPkey) +{ + TPM_RC rc = 0; + + if (rc == 0) { + *ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); + if (*ecKey == NULL) { + printf("convertEvpPkeyToEckey: Error extracting EC key from EVP_PKEY\n"); + rc = EXIT_FAILURE; + } + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertEvpPkeyToRsakey() retrieves the RSA key token from the EVP_PKEY */ + +TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey, /* freed by caller */ + EVP_PKEY *evpPkey) +{ + TPM_RC rc = 0; + + if (rc == 0) { + *rsaKey = EVP_PKEY_get1_RSA(evpPkey); + if (*rsaKey == NULL) { + printf("convertEvpPkeyToRsakey: EVP_PKEY_get1_RSA failed\n"); + rc = EXIT_FAILURE; + } + } + return rc; +} + +#ifndef TPM_TSS_NOECC + +/* convertEcKeyToPrivateKeyBin() converts an OpenSSL EC_KEY to a binary array + + FIXME Only supports NIST P256 curve. +*/ + +TPM_RC convertEcKeyToPrivateKeyBin(int *privateKeyBytes, + uint8_t **privateKeyBin, /* freed by caller */ + const EC_KEY *ecKey) +{ + TPM_RC rc = 0; + const EC_GROUP *ecGroup = NULL; + int nid; + const BIGNUM *privateKeyBn = NULL; + int bnBytes; + + /* get the group from the key */ + if (rc == 0) { + ecGroup = EC_KEY_get0_group(ecKey); + if (ecGroup == NULL) { + printf("convertEcKeyToPrivateKeyBin: Error extracting EC group from EC key\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* and then the curve from the group */ + if (rc == 0) { + nid = EC_GROUP_get_curve_name(ecGroup); + /* map NID to size of private key */ + switch (nid) { + case NID_X9_62_prime256v1: + *privateKeyBytes = 32; + break; + default: + printf("convertEcKeyToPrivateKeyBin: Error, curve NID %u not supported\n", nid); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* get the ECC private key as a BIGNUM from the EC_KEY */ + if (rc == 0) { + privateKeyBn = EC_KEY_get0_private_key(ecKey); + } + /* sanity check the BN size against the curve */ + if (rc == 0) { + bnBytes = BN_num_bytes(privateKeyBn); + if (bnBytes > *privateKeyBytes) { + printf("convertEcKeyToPrivateKeyBin: Error, private key %d bytes too large for curve\n", + bnBytes); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* allocate a buffer for the private key array based on the curve */ + if (rc == 0) { + rc = TSS_Malloc(privateKeyBin, *privateKeyBytes); + } + /* convert the private key bignum to binary */ + if (rc == 0) { + /* TPM rev 116 required the ECC private key to be zero padded in the duplicate parameter of + import */ + memset(*privateKeyBin, 0, *privateKeyBytes - bnBytes); + BN_bn2bin(privateKeyBn, (*privateKeyBin) + (*privateKeyBytes - bnBytes)); + if (tssUtilsVerbose) TSS_PrintAll("convertEcKeyToPrivateKeyBin:", *privateKeyBin, *privateKeyBytes); + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertRsaKeyToPrivateKeyBin() converts an OpenSSL RSA key token private prime p to a binary + array */ + +TPM_RC convertRsaKeyToPrivateKeyBin(int *privateKeyBytes, + uint8_t **privateKeyBin, /* freed by caller */ + const RSA *rsaKey) +{ + TPM_RC rc = 0; + const BIGNUM *p = NULL; + const BIGNUM *q; + + /* get the private primes */ + if (rc == 0) { + rc = getRsaKeyParts(NULL, NULL, NULL, &p, &q, rsaKey); + } + /* allocate a buffer for the private key array */ + if (rc == 0) { + *privateKeyBytes = BN_num_bytes(p); + rc = TSS_Malloc(privateKeyBin, *privateKeyBytes); + } + /* convert the private key bignum to binary */ + if (rc == 0) { + BN_bn2bin(p, *privateKeyBin); + } + return rc; +} + + +#ifndef TPM_TSS_NOECC + +/* convertEcKeyToPublicKeyBin() converts an OpenSSL EC_KEY public key token to a binary array */ + +TPM_RC convertEcKeyToPublicKeyBin(int *modulusBytes, + uint8_t **modulusBin, /* freed by caller */ + const EC_KEY *ecKey) +{ + TPM_RC rc = 0; + const EC_POINT *ecPoint = NULL; + const EC_GROUP *ecGroup = NULL; + + if (rc == 0) { + ecPoint = EC_KEY_get0_public_key(ecKey); + if (ecPoint == NULL) { + printf("convertEcKeyToPublicKeyBin: Error extracting EC point from EC public key\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (rc == 0) { + ecGroup = EC_KEY_get0_group(ecKey); + if (ecGroup == NULL) { + printf("convertEcKeyToPublicKeyBin: Error extracting EC group from EC public key\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* get the public modulus */ + if (rc == 0) { + *modulusBytes = EC_POINT_point2oct(ecGroup, ecPoint, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, NULL); + } + if (rc == 0) { + rc = TSS_Malloc(modulusBin, *modulusBytes); + } + if (rc == 0) { + EC_POINT_point2oct(ecGroup, ecPoint, + POINT_CONVERSION_UNCOMPRESSED, + *modulusBin, *modulusBytes, NULL); + if (tssUtilsVerbose) TSS_PrintAll("convertEcKeyToPublicKeyBin:", *modulusBin, *modulusBytes); + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertRsaKeyToPublicKeyBin() converts from an openssl RSA key token to a public modulus */ + +TPM_RC convertRsaKeyToPublicKeyBin(int *modulusBytes, + uint8_t **modulusBin, /* freed by caller */ + void *rsaKey) +{ + TPM_RC rc = 0; + const BIGNUM *n = NULL; + const BIGNUM *e; + const BIGNUM *d; + + /* get the public modulus from the RSA key token */ + if (rc == 0) { + rc = getRsaKeyParts(&n, &e, &d, NULL, NULL, rsaKey); + } + if (rc == 0) { + *modulusBytes = BN_num_bytes(n); + } + if (rc == 0) { + rc = TSS_Malloc(modulusBin, *modulusBytes); + } + if (rc == 0) { + BN_bn2bin(n, *modulusBin); + } + return rc; +} + +#ifdef TPM_TPM20 + +#ifndef TPM_TSS_NOECC + +/* convertEcPrivateKeyBinToPrivate() converts an EC 'privateKeyBin' to either a + TPM2B_PRIVATE or a TPM2B_SENSITIVE + +*/ + +TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + int privateKeyBytes, + uint8_t *privateKeyBin, + const char *password) +{ + TPM_RC rc = 0; + TPMT_SENSITIVE tSensitive; + TPM2B_SENSITIVE bSensitive; + + if (rc == 0) { + if (((objectPrivate == NULL) && (objectSensitive == NULL)) || + ((objectPrivate != NULL) && (objectSensitive != NULL))) { + printf("convertEcPrivateKeyBinToPrivate: Only one result supported\n"); + rc = EXIT_FAILURE; + } + } + /* In some cases, the sensitive data is not encrypted and the integrity value is not present. + When an integrity value is not needed, it is not present and it is not represented by an + Empty Buffer. + + In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a + marshaled TPMT_SENSITIVE */ + + /* construct TPMT_SENSITIVE */ + if (rc == 0) { + /* This shall be the same as the type parameter of the associated public area. */ + tSensitive.sensitiveType = TPM_ALG_ECC; + tSensitive.seedValue.b.size = 0; + /* key password converted to TPM2B */ + rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password, + sizeof(tSensitive.authValue.t.buffer)); + } + if (rc == 0) { + if (privateKeyBytes > 32) { /* hard code NISTP256 */ + printf("convertEcPrivateKeyBinToPrivate: Error, private key size %u not 32\n", + privateKeyBytes); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + tSensitive.sensitive.ecc.t.size = privateKeyBytes; + memcpy(tSensitive.sensitive.ecc.t.buffer, privateKeyBin, privateKeyBytes); + } + /* FIXME common code for EC and RSA */ + /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */ + if (rc == 0) { + if (objectPrivate != NULL) { + uint32_t size = sizeof(bSensitive.t.sensitiveArea); /* max size */ + uint8_t *buffer = bSensitive.b.buffer; /* pointer that can move */ + bSensitive.t.size = 0; /* required before marshaling */ + rc = TSS_TPMT_SENSITIVE_Marshalu(&tSensitive, + &bSensitive.b.size, /* marshaled size */ + &buffer, /* marshal here */ + &size); /* max size */ + } + else { /* return TPM2B_SENSITIVE */ + objectSensitive->t.sensitiveArea = tSensitive; + } + } + /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */ + if (rc == 0) { + if (objectPrivate != NULL) { + uint32_t size = sizeof(objectPrivate->t.buffer); /* max size */ + uint8_t *buffer = objectPrivate->t.buffer; /* pointer that can move */ + objectPrivate->t.size = 0; /* required before marshaling */ + rc = TSS_TPM2B_PRIVATE_Marshalu((TPM2B_PRIVATE *)&bSensitive, + &objectPrivate->t.size, /* marshaled size */ + &buffer, /* marshal here */ + &size); /* max size */ + } + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ +#endif /* TPM_TPM20 */ + +#ifdef TPM_TPM20 + +/* convertRsaPrivateKeyBinToPrivate() converts an RSA prime 'privateKeyBin' to either a + TPM2B_PRIVATE or a TPM2B_SENSITIVE + +*/ + +TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + int privateKeyBytes, + uint8_t *privateKeyBin, + const char *password) +{ + TPM_RC rc = 0; + TPMT_SENSITIVE tSensitive; + TPM2B_SENSITIVE bSensitive; + + if (rc == 0) { + if (((objectPrivate == NULL) && (objectSensitive == NULL)) || + ((objectPrivate != NULL) && (objectSensitive != NULL))) { + printf("convertRsaPrivateKeyBinToPrivate: Only one result supported\n"); + rc = EXIT_FAILURE; + } + } + /* In some cases, the sensitive data is not encrypted and the integrity value is not present. + When an integrity value is not needed, it is not present and it is not represented by an + Empty Buffer. + + In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a + marshaled TPMT_SENSITIVE */ + + /* construct TPMT_SENSITIVE */ + if (rc == 0) { + /* This shall be the same as the type parameter of the associated public area. */ + tSensitive.sensitiveType = TPM_ALG_RSA; + /* generate a seed for storage keys */ + tSensitive.seedValue.b.size = 32; /* FIXME hard coded seed length */ + rc = TSS_RandBytes(tSensitive.seedValue.b.buffer, tSensitive.seedValue.b.size); + } + /* key password converted to TPM2B */ + if (rc == 0) { + rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password, + sizeof(tSensitive.authValue.t.buffer)); + } + if (rc == 0) { + if ((size_t)privateKeyBytes > sizeof(tSensitive.sensitive.rsa.t.buffer)) { + printf("convertRsaPrivateKeyBinToPrivate: " + "Error, private key modulus %d greater than %lu\n", + privateKeyBytes, (unsigned long)sizeof(tSensitive.sensitive.rsa.t.buffer)); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + tSensitive.sensitive.rsa.t.size = privateKeyBytes; + memcpy(tSensitive.sensitive.rsa.t.buffer, privateKeyBin, privateKeyBytes); + } + /* FIXME common code for EC and RSA */ + /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */ + if (rc == 0) { + if (objectPrivate != NULL) { + uint32_t size = sizeof(bSensitive.t.sensitiveArea); /* max size */ + uint8_t *buffer = bSensitive.b.buffer; /* pointer that can move */ + bSensitive.t.size = 0; /* required before marshaling */ + rc = TSS_TPMT_SENSITIVE_Marshalu(&tSensitive, + &bSensitive.b.size, /* marshaled size */ + &buffer, /* marshal here */ + &size); /* max size */ + } + else { /* return TPM2B_SENSITIVE */ + objectSensitive->t.sensitiveArea = tSensitive; + } + } + /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */ + if (rc == 0) { + if (objectPrivate != NULL) { + uint32_t size = sizeof(objectPrivate->t.buffer); /* max size */ + uint8_t *buffer = objectPrivate->t.buffer; /* pointer that can move */ + objectPrivate->t.size = 0; /* required before marshaling */ + rc = TSS_TPM2B_PRIVATE_Marshalu((TPM2B_PRIVATE *)&bSensitive, + &objectPrivate->t.size, /* marshaled size */ + &buffer, /* marshal here */ + &size); /* max size */ + } + } + return rc; +} + +#endif /* TPM_TPM20 */ + +#ifndef TPM_TSS_NOECC + +/* convertEcPublicKeyBinToPublic() converts an EC modulus and other parameters to a TPM2B_PUBLIC + + FIXME Only supports NIST P256 curve. +*/ + +TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + TPMI_ECC_CURVE curveID, + int modulusBytes, + uint8_t *modulusBin) +{ + TPM_RC rc = 0; + + scheme = scheme; /* scheme parameter not supported yet */ + if (rc == 0) { + if (modulusBytes != 65) { /* 1 for compression + 32 + 32 */ + printf("convertEcPublicKeyBinToPublic: public modulus expected 65 bytes, actual %u\n", + modulusBytes); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + /* Table 184 - Definition of TPMT_PUBLIC Structure */ + objectPublic->publicArea.type = TPM_ALG_ECC; + objectPublic->publicArea.nameAlg = nalg; + objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA; + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + switch (keyType) { + case TYPE_SI: + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN; + objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; + objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; + break; + case TYPE_ST: /* for public part only */ + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; + objectPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128; + objectPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB; + objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + break; + case TYPE_DEN: /* for public and private part */ + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; + objectPublic->publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; + objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDH; + break; + } + objectPublic->publicArea.authPolicy.t.size = 0; + /* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ + objectPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg; + objectPublic->publicArea.parameters.eccDetail.curveID = curveID; + objectPublic->publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + objectPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = halg; + + objectPublic->publicArea.unique.ecc.x.t.size = 32; + memcpy(objectPublic->publicArea.unique.ecc.x.t.buffer, modulusBin +1, 32); + + objectPublic->publicArea.unique.ecc.y.t.size = 32; + memcpy(objectPublic->publicArea.unique.ecc.y.t.buffer, modulusBin +33, 32); + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertRsaPublicKeyBinToPublic() converts a public modulus to a TPM2B_PUBLIC structure. */ + +TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + int modulusBytes, + uint8_t *modulusBin) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if ((size_t)modulusBytes > sizeof(objectPublic->publicArea.unique.rsa.t.buffer)) { + printf("convertRsaPublicKeyBinToPublic: Error, " + "public key modulus %d greater than %lu\n", modulusBytes, + (unsigned long)sizeof(objectPublic->publicArea.unique.rsa.t.buffer)); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + /* Table 184 - Definition of TPMT_PUBLIC Structure */ + objectPublic->publicArea.type = TPM_ALG_RSA; + objectPublic->publicArea.nameAlg = nalg; + objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA; + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + switch (keyType) { + case TYPE_SI: + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN; + objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + case TYPE_ST: /* for public part only */ + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + objectPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128; + objectPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + break; + case TYPE_DEN: /* for public and private part */ + objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; + objectPublic->publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + } + objectPublic->publicArea.authPolicy.t.size = 0; + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + objectPublic->publicArea.parameters.rsaDetail.scheme.scheme = scheme; + objectPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg; + objectPublic->publicArea.parameters.rsaDetail.keyBits = modulusBytes * 8; + objectPublic->publicArea.parameters.rsaDetail.exponent = 0; + + objectPublic->publicArea.unique.rsa.t.size = modulusBytes; + memcpy(objectPublic->publicArea.unique.rsa.t.buffer, modulusBin, modulusBytes); + } + return rc; +} + +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOECC + +/* convertEcKeyToPrivate() converts an openssl EC_KEY to token to either a TPM2B_PRIVATE or + TPM2B_SENSITIVE +*/ + +TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + EC_KEY *ecKey, + const char *password) +{ + TPM_RC rc = 0; + int privateKeyBytes; + uint8_t *privateKeyBin = NULL; + + /* convert an openssl EC_KEY token to a binary array */ + if (rc == 0) { + rc = convertEcKeyToPrivateKeyBin(&privateKeyBytes, + &privateKeyBin, /* freed @1 */ + ecKey); + } + if (rc == 0) { + rc = convertEcPrivateKeyBinToPrivate(objectPrivate, + objectSensitive, + privateKeyBytes, + privateKeyBin, + password); + } + free(privateKeyBin); /* @1 */ + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertRsaKeyToPrivate() converts an openssl RSA key token to either a TPM2B_PRIVATE or + TPM2B_SENSITIVE +*/ + +TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + RSA *rsaKey, + const char *password) +{ + TPM_RC rc = 0; + int privateKeyBytes; + uint8_t *privateKeyBin = NULL; + + /* convert an openssl RSA key token private prime p to a binary array */ + if (rc == 0) { + rc = convertRsaKeyToPrivateKeyBin(&privateKeyBytes, + &privateKeyBin, /* freed @1 */ + rsaKey); + } + /* convert an RSA prime 'privateKeyBin' to either a TPM2B_PRIVATE or a TPM2B_SENSITIVE */ + if (rc == 0) { + rc = convertRsaPrivateKeyBinToPrivate(objectPrivate, + objectSensitive, + privateKeyBytes, + privateKeyBin, + password); + } + free(privateKeyBin); /* @1 */ + return rc; +} + +#ifndef TPM_TSS_NOECC + +/* convertEcKeyToPublic() converts an EC_KEY to a TPM2B_PUBLIC */ + +TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + EC_KEY *ecKey) +{ + TPM_RC rc = 0; + int modulusBytes; + uint8_t *modulusBin = NULL; + TPMI_ECC_CURVE curveID; + + if (rc == 0) { + rc = convertEcKeyToPublicKeyBin(&modulusBytes, + &modulusBin, /* freed @1 */ + ecKey); + } + if (rc == 0) { + rc = getEcCurve(&curveID, ecKey); + } + if (rc == 0) { + rc = convertEcPublicKeyBinToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + curveID, + modulusBytes, + modulusBin); + } + free(modulusBin); /* @1 */ + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertRsaKeyToPublic() converts from an openssl RSA key token to a TPM2B_PUBLIC */ + +TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + void *rsaKey) +{ + TPM_RC rc = 0; + int modulusBytes; + uint8_t *modulusBin = NULL; + + /* openssl RSA key token to a public modulus */ + if (rc == 0) { + rc = convertRsaKeyToPublicKeyBin(&modulusBytes, + &modulusBin, /* freed @1 */ + rsaKey); + } + /* public modulus to TPM2B_PUBLIC */ + if (rc == 0) { + rc = convertRsaPublicKeyBinToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + modulusBytes, + modulusBin); + } + free(modulusBin); /* @1 */ + return rc; +} + +#endif + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOECC + +/* convertEcPemToKeyPair() converts a PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */ + +TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_PRIVATE *objectPrivate, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + EC_KEY *ecKey = NULL; + + /* convert a PEM file to an openssl EVP_PKEY */ + if (rc == 0) { + rc = convertPemToEvpPrivKey(&evpPkey, /* freed @1 */ + pemKeyFilename, + password); + } + if (rc == 0) { + rc = convertEvpPkeyToEckey(&ecKey, /* freed @2 */ + evpPkey); + } + if (rc == 0) { + rc = convertEcKeyToPrivate(objectPrivate, /* TPM2B_PRIVATE */ + NULL, /* TPM2B_SENSITIVE */ + ecKey, + password); + } + if (rc == 0) { + rc = convertEcKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + ecKey); + } + EC_KEY_free(ecKey); /* @2 */ + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ +#endif +#endif + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOECC + +/* convertEcPemToPublic() converts an ECC P256 signing public key in PEM format to a + TPM2B_PUBLIC */ + +TPM_RC convertEcPemToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + EC_KEY *ecKey = NULL; + + if (rc == 0) { + rc = convertPemToEvpPubKey(&evpPkey, /* freed @1 */ + pemKeyFilename); + } + if (rc == 0) { + rc = convertEvpPkeyToEckey(&ecKey, /* freed @2 */ + evpPkey); + } + if (rc == 0) { + rc = convertEcKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + ecKey); + } + if (ecKey != NULL) { + EC_KEY_free(ecKey); /* @2 */ + } + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ +#endif +#endif + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NORSA + +/* convertRsaPemToKeyPair() converts an RSA PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */ + +TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_PRIVATE *objectPrivate, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + RSA *rsaKey = NULL; + + if (rc == 0) { + rc = convertPemToEvpPrivKey(&evpPkey, /* freed @1 */ + pemKeyFilename, + password); + } + if (rc == 0) { + rc = convertEvpPkeyToRsakey(&rsaKey, /* freed @2 */ + evpPkey); + } + if (rc == 0) { + rc = convertRsaKeyToPrivate(objectPrivate, /* TPM2B_PRIVATE */ + NULL, /* TPM2B_SENSITIVE */ + rsaKey, + password); + } + if (rc == 0) { + rc = convertRsaKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + rsaKey); + } + TSS_RsaFree(rsaKey); /* @2 */ + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ +#endif /* TPM_TPM20 */ +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOECC + +/* convertEcDerToKeyPair() converts an EC keypair stored in DER to a TPM2B_PUBLIC and + TPM2B_SENSITIVE. Useful for LoadExternal. + +*/ + +TPM_RC convertEcDerToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_SENSITIVE *objectSensitive, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + EC_KEY *ecKey = NULL; + unsigned char *derBuffer = NULL; + size_t derSize; + + /* read the DER file */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&derBuffer, /* freed @1 */ + &derSize, + derKeyFilename); + } + if (rc == 0) { + const unsigned char *tmpPtr = derBuffer; /* because pointer moves */ + ecKey = d2i_ECPrivateKey(NULL, &tmpPtr, derSize); /* freed @2 */ + if (ecKey == NULL) { + printf("convertEcDerToKeyPair: could not convert key to EC_KEY\n"); + rc = TPM_RC_VALUE; + } + } + if (rc == 0) { + rc = convertEcKeyToPrivate(NULL, /* TPM2B_PRIVATE */ + objectSensitive, /* TPM2B_SENSITIVE */ + ecKey, + password); + } + if (rc == 0) { + rc = convertEcKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + ecKey); + } + free(derBuffer); /* @1 */ + if (ecKey != NULL) { + EC_KEY_free(ecKey); /* @2 */ + } + return rc; +} + +/* convertEcDerToPublic() converts an EC public key stored in DER to a TPM2B_PUBLIC. Useful to + calculate a Name. + +*/ + +TPM_RC convertEcDerToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + EC_KEY *ecKey = NULL; + unsigned char *derBuffer = NULL; + size_t derSize; + + /* read the DER file */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&derBuffer, /* freed @1 */ + &derSize, + derKeyFilename); + } + if (rc == 0) { + const unsigned char *tmpPtr = derBuffer; /* because pointer moves */ + evpPkey = d2i_PUBKEY(NULL, &tmpPtr, derSize); /* freed @2 */ + if (evpPkey == NULL) { + printf("convertEcDerToPublic: could not convert key to EVP_PKEY\n"); + rc = TPM_RC_VALUE; + } + } + if (rc == 0) { + rc = convertEvpPkeyToEckey(&ecKey, /* freed @3 */ + evpPkey); + } + if (rc == 0) { + rc = convertEcKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + ecKey); + } + free(derBuffer); /* @1 */ + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + if (ecKey != NULL) { + EC_KEY_free(ecKey); /* @2 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ +#endif +#endif + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NORSA + +/* convertRsaDerToKeyPair() converts an RSA keypair stored in DER to a TPM2B_PUBLIC and + TPM2B_SENSITIVE. Useful for LoadExternal. + +*/ + +TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_SENSITIVE *objectSensitive, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename, + const char *password) +{ + TPM_RC rc = 0; + RSA *rsaKey = NULL; + unsigned char *derBuffer = NULL; + size_t derSize; + + /* read the DER file */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&derBuffer, /* freed @1 */ + &derSize, + derKeyFilename); + } + if (rc == 0) { + const unsigned char *tmpPtr = derBuffer; /* because pointer moves */ + rsaKey = d2i_RSAPrivateKey(NULL, &tmpPtr, derSize); /* freed @2 */ + if (rsaKey == NULL) { + printf("convertRsaDerToKeyPair: could not convert key to RSA\n"); + rc = TPM_RC_VALUE; + } + } + if (rc == 0) { + rc = convertRsaKeyToPrivate(NULL, /* TPM2B_PRIVATE */ + objectSensitive, /* TPM2B_SENSITIVE */ + rsaKey, + password); + } + if (rc == 0) { + rc = convertRsaKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + rsaKey); + } + free(derBuffer); /* @1 */ + TSS_RsaFree(rsaKey); /* @2 */ + return rc; +} + +/* convertRsaDerToPublic() converts an RSA public key stored in DER to a TPM2B_PUBLIC. Useful to + calculate a Name. + +*/ + +TPM_RC convertRsaDerToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename) +{ + TPM_RC rc = 0; + RSA *rsaKey = NULL; + unsigned char *derBuffer = NULL; + size_t derSize; + + /* read the DER file */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&derBuffer, /* freed @1 */ + &derSize, + derKeyFilename); + } + if (rc == 0) { + const unsigned char *tmpPtr = derBuffer; /* because pointer moves */ + rsaKey = d2i_RSA_PUBKEY(NULL, &tmpPtr, derSize); /* freed @2 */ + if (rsaKey == NULL) { + printf("convertRsaDerToPublic: could not convert key to RSA\n"); + rc = TPM_RC_VALUE; + } + } + if (rc == 0) { + rc = convertRsaKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + rsaKey); + } + free(derBuffer); /* @1 */ + TSS_RsaFree(rsaKey); /* @2 */ + return rc; +} + +#endif /* TPM_TSS_NORSA */ +#endif /* TPM_TPM20 */ +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 + +/* convertRsaPemToPublic() converts an RSA public key in PEM format to a TPM2B_PUBLIC */ + +TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + RSA *rsaKey = NULL; + + if (rc == 0) { + rc = convertPemToEvpPubKey(&evpPkey, /* freed @1 */ + pemKeyFilename); + } + if (rc == 0) { + rc = convertEvpPkeyToRsakey(&rsaKey, /* freed @2 */ + evpPkey); + } + if (rc == 0) { + rc = convertRsaKeyToPublic(objectPublic, + keyType, + scheme, + nalg, + halg, + rsaKey); + } + RSA_free(rsaKey); /* @2 */ + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif +#endif + +/* getRsaKeyParts() gets the RSA key parts from an OpenSSL RSA key token. + + If n is not NULL, returns n, e, and d. If p is not NULL, returns p and q. +*/ + +TPM_RC getRsaKeyParts(const BIGNUM **n, + const BIGNUM **e, + const BIGNUM **d, + const BIGNUM **p, + const BIGNUM **q, + const RSA *rsaKey) +{ + TPM_RC rc = 0; + if (n != NULL) { + RSA_get0_key(rsaKey, n, e, d); + } + if (p != NULL) { + RSA_get0_factors(rsaKey, p, q); + } + return rc; +} + +/* returns the type (EVP_PKEY_RSA or EVP_PKEY_EC) of the EVP_PKEY. + + */ + +int getRsaPubkeyAlgorithm(EVP_PKEY *pkey) +{ + int pkeyType; /* RSA or EC */ + pkeyType = EVP_PKEY_base_id(pkey); + return pkeyType; +} + +#ifndef TPM_TSS_NOFILE + +/* convertPublicToPEM() saves a PEM format public key from a TPM2B_PUBLIC + +*/ + +TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public, + const char *pemFilename) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPubkey = NULL; /* OpenSSL public key, EVP format */ + + /* convert TPM2B_PUBLIC to EVP_PKEY */ + if (rc == 0) { + switch (public->publicArea.type) { +#ifndef TPM_TSS_NORSA + case TPM_ALG_RSA: + rc = convertRsaPublicToEvpPubKey(&evpPubkey, /* freed @1 */ + &public->publicArea.unique.rsa); + break; +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcPublicToEvpPubKey(&evpPubkey, /* freed @1 */ + &public->publicArea.unique.ecc); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("convertPublicToPEM: Unknown publicArea.type %04hx unsupported\n", + public->publicArea.type); + rc = TSS_RC_NOT_IMPLEMENTED; + break; + } + } + /* write the openssl structure in PEM format */ + if (rc == 0) { + rc = convertEvpPubkeyToPem(evpPubkey, + pemFilename); + + } + if (evpPubkey != NULL) { + EVP_PKEY_free(evpPubkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NORSA + +/* convertRsaPublicToEvpPubKey() converts an RSA TPM2B_PUBLIC to a EVP_PKEY. + +*/ + +TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey, /* freed by caller */ + const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa) +{ + TPM_RC rc = 0; + int irc; + RSA *rsaPubKey = NULL; + + if (rc == 0) { + *evpPubkey = EVP_PKEY_new(); + if (*evpPubkey == NULL) { + printf("convertRsaPublicToEvpPubKey: EVP_PKEY failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* TPM to RSA token */ + if (rc == 0) { + /* public exponent */ + unsigned char earr[3] = {0x01, 0x00, 0x01}; + rc = TSS_RSAGeneratePublicTokenI + ((void **)&rsaPubKey, /* freed as part of EVP_PKEY */ + tpm2bRsa->t.buffer, /* public modulus */ + tpm2bRsa->t.size, + earr, /* public exponent */ + sizeof(earr)); + } + /* RSA token to EVP */ + if (rc == 0) { + irc = EVP_PKEY_assign_RSA(*evpPubkey, rsaPubKey); + if (irc == 0) { + TSS_RsaFree(rsaPubKey); /* because not assigned tp EVP_PKEY */ + printf("convertRsaPublicToEvpPubKey: EVP_PKEY_assign_RSA failed\n"); + rc = TSS_RC_RSA_KEY_CONVERT; + } + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOECC + +/* convertEcPublicToEvpPubKey() converts an EC TPMS_ECC_POINT to an EVP_PKEY. + */ + +TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey, /* freed by caller */ + const TPMS_ECC_POINT *tpmsEccPoint) +{ + TPM_RC rc = 0; + int irc; + EC_GROUP *ecGroup = NULL; + EC_KEY *ecKey = NULL; + BIGNUM *x = NULL; /* freed @2 */ + BIGNUM *y = NULL; /* freed @3 */ + + if (rc == 0) { + ecKey = EC_KEY_new(); /* freed @1 */ + if (ecKey == NULL) { + printf("convertEcPublicToEvpPubKey: Error creating EC_KEY\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + ecGroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); /* freed @4 */ + if (ecGroup == NULL) { + printf("convertEcPublicToEvpPubKey: Error in EC_GROUP_new_by_curve_name\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + /* returns void */ + EC_GROUP_set_asn1_flag(ecGroup, OPENSSL_EC_NAMED_CURVE); + } + /* assign curve to EC_KEY */ + if (rc == 0) { + irc = EC_KEY_set_group(ecKey, ecGroup); + if (irc != 1) { + printf("convertEcPublicToEvpPubKey: Error in EC_KEY_set_group\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (rc == 0) { + rc = convertBin2Bn(&x, /* freed @2 */ + tpmsEccPoint->x.t.buffer, + tpmsEccPoint->x.t.size); + } + if (rc == 0) { + rc = convertBin2Bn(&y, /* freed @3 */ + tpmsEccPoint->y.t.buffer, + tpmsEccPoint->y.t.size); + } + if (rc == 0) { + irc = EC_KEY_set_public_key_affine_coordinates(ecKey, x, y); + if (irc != 1) { + printf("convertEcPublicToEvpPubKey: " + "Error converting public key from X Y to EC_KEY format\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (rc == 0) { + *evpPubkey = EVP_PKEY_new(); /* freed by caller */ + if (*evpPubkey == NULL) { + printf("convertEcPublicToEvpPubKey: EVP_PKEY failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + irc = EVP_PKEY_set1_EC_KEY(*evpPubkey, ecKey); + if (irc != 1) { + printf("convertEcPublicToEvpPubKey: " + "Error converting public key from EC to EVP format\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (ecGroup != NULL) { + EC_GROUP_free(ecGroup); /* @4 */ + } + if (ecKey != NULL) { + EC_KEY_free(ecKey); /* @1 */ + } + if (x != NULL) { + BN_free(x); /* @2 */ + } + if (y != NULL) { + BN_free(y); /* @3 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +#ifndef TPM_TSS_NOFILE + +TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey, + const char *pemFilename) +{ + TPM_RC rc = 0; + int irc; + FILE *pemFile = NULL; + + if (rc == 0) { + pemFile = fopen(pemFilename, "wb"); /* close @1 */ + if (pemFile == NULL) { + printf("convertEvpPubkeyToPem: Unable to open PEM file %s for write\n", pemFilename); + rc = TSS_RC_FILE_OPEN; + } + } + if (rc == 0) { + irc = PEM_write_PUBKEY(pemFile, evpPubkey); + if (irc == 0) { + printf("convertEvpPubkeyToPem: Unable to write PEM file %s\n", pemFilename); + rc = TSS_RC_FILE_WRITE; + } + } + if (pemFile != NULL) { + fclose(pemFile); /* @1 */ + } + return rc; +} + +#endif +#ifndef TPM_TSS_NOFILE + +/* verifySignatureFromPem() verifies the signature 'tSignature' against the digest 'message' using + the public key in the PEM format file 'pemFilename'. + +*/ + +TPM_RC verifySignatureFromPem(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const char *pemFilename) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; /* OpenSSL public key, EVP format */ + + /* read the public key from PEM format */ + if (rc == 0) { + rc = convertPemToEvpPubKey(&evpPkey, /* freed @1*/ + pemFilename); + } + /* RSA or EC */ + if (rc == 0) { + switch(tSignature->sigAlg) { +#ifndef TPM_TSS_NORSA + case TPM_ALG_RSASSA: + case TPM_ALG_RSAPSS: + rc = verifyRSASignatureFromEvpPubKey(message, + messageSize, + tSignature, + halg, + evpPkey); + break; +#else + halg = halg; +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECDSA: + rc = verifyEcSignatureFromEvpPubKey(message, + messageSize, + tSignature, + evpPkey); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("verifySignatureFromPem: Unknown signature algorithm %04x\n", tSignature->sigAlg); + rc = TSS_RC_BAD_SIGNATURE_ALGORITHM; + } + } + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif + +#ifndef TPM_TSS_NORSA + +/* verifyRSASignatureFromEvpPubKey() verifies the signature 'tSignature' against the digest + 'message' using the RSA public key in evpPkey. + +*/ + +TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + EVP_PKEY *evpPkey) +{ + TPM_RC rc = 0; + RSA *rsaPubKey = NULL; /* OpenSSL public key, RSA format */ + + /* construct the RSA key token */ + if (rc == 0) { + rsaPubKey = EVP_PKEY_get1_RSA(evpPkey); /* freed @1 */ + if (rsaPubKey == NULL) { + printf("verifyRSASignatureFromEvpPubKey: EVP_PKEY_get1_RSA failed\n"); + rc = TSS_RC_RSA_KEY_CONVERT; + } + } + if (rc == 0) { + rc = verifyRSASignatureFromRSA(message, + messageSize, + tSignature, + halg, + rsaPubKey); + } + TSS_RsaFree(rsaPubKey); /* @1 */ + return rc; +} + +/* signRSAFromRSA() signs digest to signature, using th4 RSA key rsaKey. */ + +TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength, + size_t signatureSize, + const uint8_t *digest, size_t digestLength, + TPMI_ALG_HASH hashAlg, + void *rsaKey) +{ + TPM_RC rc = 0; + int irc; + int nid; /* openssl hash algorithm */ + + /* map the hash algorithm to the openssl NID */ + if (rc == 0) { + switch (hashAlg) { + case TPM_ALG_SHA1: + nid = NID_sha1; + break; + case TPM_ALG_SHA256: + nid = NID_sha256; + break; + case TPM_ALG_SHA384: + nid = NID_sha384; + break; + case TPM_ALG_SHA512: + nid = NID_sha512; + break; + default: + printf("signRSAFromRSA: Error, hash algorithm %04hx unsupported\n", hashAlg); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + /* validate that the length of the resulting signature will fit in the + signature array */ + if (rc == 0) { + unsigned int keySize = RSA_size(rsaKey); + if (keySize > signatureSize) { + printf("signRSAFromRSA: Error, private key length %u > signature buffer %u\n", + keySize, (unsigned int)signatureSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + unsigned int siglen; + irc = RSA_sign(nid, + digest, digestLength, + signature, &siglen, + rsaKey); + *signatureLength = siglen; + if (irc != 1) { + printf("signRSAFromRSA: Error in OpenSSL RSA_sign()\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + } + return rc; +} + +/* verifyRSASignatureFromRSA() verifies the signature 'tSignature' against the digest 'message' + using the RSA public key in the OpenSSL RSA format. + + Supports RSASSA and RSAPSS schemes. +*/ + +TPM_RC verifyRSASignatureFromRSA(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + void *rsaPubKey) +{ + TPM_RC rc = 0; + int irc; + int nid = 0; /* initialized these two to suppress false gcc -O3 + warnings */ + const EVP_MD *md = NULL; + /* map from hash algorithm to openssl nid */ + if (rc == 0) { + switch (halg) { + case TPM_ALG_SHA1: + nid = NID_sha1; + md = EVP_sha1(); + break; + case TPM_ALG_SHA256: + nid = NID_sha256; + md = EVP_sha256(); + break; + case TPM_ALG_SHA384: + nid = NID_sha384; + md = EVP_sha384(); + break; + case TPM_ALG_SHA512: + nid = NID_sha512; + md = EVP_sha512(); + break; + default: + printf("verifyRSASignatureFromRSA: Unknown hash algorithm %04x\n", halg); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + /* verify the signature */ + if (tSignature->sigAlg == TPM_ALG_RSASSA) { + if (rc == 0) { + irc = RSA_verify(nid, + message, messageSize, + tSignature->signature.rsassa.sig.t.buffer, + tSignature->signature.rsassa.sig.t.size, + rsaPubKey); + if (irc != 1) { + printf("verifyRSASignatureFromRSA: Bad signature\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + } + } + else if (tSignature->sigAlg == TPM_ALG_RSAPSS) { + uint8_t decryptedSig[sizeof(tSignature->signature.rsapss.sig.t.buffer)]; + if (rc == 0) { + irc = RSA_public_decrypt(tSignature->signature.rsapss.sig.t.size, + tSignature->signature.rsapss.sig.t.buffer, + decryptedSig, + rsaPubKey, + RSA_NO_PADDING); + if (irc == -1) { + printf("verifyRSASignatureFromRSA: RSAPSS Bad signature\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + } + if (rc == 0) { + irc = RSA_verify_PKCS1_PSS(rsaPubKey, + message, + md, + decryptedSig, + -2); /* salt length recovered from signature*/ + if (irc != 1) { + printf("verifyRSASignatureFromRSA: RSAPSS Bad signature\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + } + } + else { + printf("verifyRSASignatureFromRSA: Bad signature scheme %04x\n", + tSignature->sigAlg); + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOECC + +/* verifyEcSignatureFromEvpPubKey() verifies the signature 'tSignature' against the digest 'message' + using the EC public key in evpPkey. + +*/ + +TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + EVP_PKEY *evpPkey) +{ + TPM_RC rc = 0; + int irc; + EC_KEY *ecKey = NULL; + BIGNUM *r = NULL; + BIGNUM *s = NULL; + ECDSA_SIG *ecdsaSig = NULL; + + /* construct the EC key token */ + if (rc == 0) { + ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); /* freed @1 */ + if (ecKey == NULL) { + printf("verifyEcSignatureFromEvpPubKey: EVP_PKEY_get1_EC_KEY failed\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* construct the ECDSA_SIG signature token */ + if (rc == 0) { + rc = convertBin2Bn(&r, /* freed @2 */ + tSignature->signature.ecdsa.signatureR.t.buffer, + tSignature->signature.ecdsa.signatureR.t.size); + } + if (rc == 0) { + rc = convertBin2Bn(&s, /* freed @2 */ + tSignature->signature.ecdsa.signatureS.t.buffer, + tSignature->signature.ecdsa.signatureS.t.size); + } + /* ECDSA_SIG_new() allocates an empty ECDSA_SIG structure. */ + if (rc == 0) { + ecdsaSig = ECDSA_SIG_new(); /* freed @2 */ + if (ecdsaSig == NULL) { + printf("verifyEcSignatureFromEvpPubKey: Error creating ECDSA_SIG_new\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + int irc = ECDSA_SIG_set0(ecdsaSig, r, s); + if (irc != 1) { + printf("verifyEcSignatureFromEvpPubKey: Error in ECDSA_SIG_set0()\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + /* verify the signature */ + if (rc == 0) { + irc = ECDSA_do_verify(message, messageSize, + ecdsaSig, ecKey); + if (irc != 1) { /* quote signature did not verify */ + printf("verifyEcSignatureFromEvpPubKey: Bad signature\n"); + rc = TSS_RC_EC_SIGNATURE; + } + } + if (ecKey != NULL) { + EC_KEY_free(ecKey); /* @1 */ + } + /* if the ECDSA_SIG was allocated correctly, r and s are implicitly freed */ + if (ecdsaSig != NULL) { + ECDSA_SIG_free(ecdsaSig); /* @2 */ + } + /* if not, explicitly free */ + else { + if (r != NULL) BN_free(r); /* @2 */ + if (s != NULL) BN_free(s); /* @2 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +#ifndef TPM_TSS_NOFILE + +/* verifySignatureFromHmacKey() verifies the signature (MAC) against the digest 'message' + using the HMAC key in raw binary format. +*/ + +TPM_RC verifySignatureFromHmacKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const char *hmacKeyFilename) +{ + TPM_RC rc = 0; + TPM2B_KEY hmacKey; + uint32_t sizeInBytes; + + /* read the HMAC key */ + if (rc == 0) { + rc = TSS_File_Read2B(&hmacKey.b, + sizeof(hmacKey.t.buffer), + hmacKeyFilename); + } + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(halg); + rc = TSS_HMAC_Verify(&tSignature->signature.hmac, + &hmacKey, /* input HMAC key */ + sizeInBytes, + messageSize, message, + 0, NULL); + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +/* convertRsaBinToTSignature() converts an RSA binary signature to a TPMT_SIGNATURE */ + +TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + uint8_t *signatureBin, + size_t signatureBinLen) +{ + TPM_RC rc = 0; + + tSignature->sigAlg = TPM_ALG_RSASSA; + tSignature->signature.rsassa.hash = halg; + tSignature->signature.rsassa.sig.t.size = (uint16_t)signatureBinLen; + memcpy(&tSignature->signature.rsassa.sig.t.buffer, signatureBin, signatureBinLen); + return rc; +} + +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOECC + +/* convertEcBinToTSignature() converts an EC binary signature to a TPMT_SIGNATURE */ + +TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const uint8_t *signatureBin, + size_t signatureBinLen) +{ + TPM_RC rc = 0; + ECDSA_SIG *ecSig = NULL; + int rBytes; + int sBytes; + const BIGNUM *pr = NULL; + const BIGNUM *ps = NULL; + + if (rc == 0) { + tSignature->sigAlg = TPM_ALG_ECDSA; + tSignature->signature.ecdsa.hash = halg; + } + /* convert DER to ECDSA_SIG */ + if (rc == 0) { + ecSig = d2i_ECDSA_SIG(NULL, &signatureBin, signatureBinLen); /* freed @1 */ + if (ecSig == NULL) { + printf("convertEcBinToTSignature: could not convert signature to ECDSA_SIG\n"); + rc = TPM_RC_VALUE; + } + } + /* check that the signature size agrees with the currently hard coded P256 curve */ + if (rc == 0) { + ECDSA_SIG_get0(ecSig, &pr, &ps); + rBytes = BN_num_bytes(pr); + sBytes = BN_num_bytes(ps); + if ((rBytes > 32) || + (sBytes > 32)) { + printf("convertEcBinToTSignature: signature rBytes %u or sBytes %u greater than 32\n", + rBytes, sBytes); + rc = TPM_RC_VALUE; + } + } + /* extract the raw signature bytes from the openssl structure BIGNUMs */ + if (rc == 0) { + tSignature->signature.ecdsa.signatureR.t.size = rBytes; + tSignature->signature.ecdsa.signatureS.t.size = sBytes; + + BN_bn2bin(pr, (unsigned char *)&tSignature->signature.ecdsa.signatureR.t.buffer); + BN_bn2bin(ps, (unsigned char *)&tSignature->signature.ecdsa.signatureS.t.buffer); + if (tssUtilsVerbose) { + TSS_PrintAll("convertEcBinToTSignature: signature R", + tSignature->signature.ecdsa.signatureR.t.buffer, + tSignature->signature.ecdsa.signatureR.t.size); + TSS_PrintAll("convertEcBinToTSignature: signature S", + tSignature->signature.ecdsa.signatureS.t.buffer, + tSignature->signature.ecdsa.signatureS.t.size); + } + } + if (ecSig != NULL) { + ECDSA_SIG_free(ecSig); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +#ifndef TPM_TSS_NOECC + +/* getEcCurve() gets the TCG algorithm ID curve associated with the openssl EC_KEY */ + +TPM_RC getEcCurve(TPMI_ECC_CURVE *curveID, + const EC_KEY *ecKey) +{ + TPM_RC rc = 0; + const EC_GROUP *ecGroup; + int nid; + + if (rc == 0) { + ecGroup = EC_KEY_get0_group(ecKey); + nid = EC_GROUP_get_curve_name(ecGroup); /* openssl NID */ + /* NID to TCG curve ID */ + switch (nid) { + case NID_X9_62_prime256v1: + *curveID = TPM_ECC_NIST_P256; + break; + default: + printf("getEcCurve: Error, curve NID %u not supported \n", nid); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ +#endif + +/* convertBin2Bn() wraps the openSSL function in an error handler + + Converts a char array to bignum +*/ + +TPM_RC convertBin2Bn(BIGNUM **bn, /* freed by caller */ + const unsigned char *bin, + unsigned int bytes) +{ + TPM_RC rc = 0; + + /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + + BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM + and places it in ret. If ret is NULL, a new BIGNUM is created. + + BN_bin2bn() returns the BIGNUM, NULL on error. + */ + if (rc == 0) { + *bn = BN_bin2bn(bin, bytes, *bn); + if (*bn == NULL) { + printf("convertBin2Bn: Error in BN_bin2bn\n"); + rc = TSS_RC_BIGNUM; + } + } + return rc; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h b/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h new file mode 100644 index 000000000000..a7b851b14507 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h @@ -0,0 +1,333 @@ +/********************************************************************************/ +/* */ +/* Sample Crypto Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2017 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef CRYPTUTILS_H +#define CRYPTUTILS_H + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include +#endif + +/* TPM_TSS_NO_OPENSSL is a legacy macro. cryptoutils was exposing several OpenSSL specific + functions. They are not available for other crypto libraries. For OpenSSL, they are available + but deprecated. */ + +#ifndef TPM_TSS_NO_OPENSSL +#include +#include +#endif /* TPM_TSS_NO_OPENSSL */ + +#ifdef TPM_TSS_MBEDTLS +#include +#endif /* TPM_TSS_MBEDTLS */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + /* + crypto library independent functions + */ + + void getCryptoLibrary(const char **name); + + TPM_RC convertPemToRsaPrivKey(void **rsaKey, + const char *pemKeyFilename, + const char *password); + TPM_RC convertRsaKeyToPublicKeyBin(int *modulusBytes, + uint8_t **modulusBin, + void *rsaKey); + TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + void *rsaKey); + TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_PRIVATE *objectPrivate, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename, + const char *password); + TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_SENSITIVE *objectSensitive, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename, + const char *password); + TPM_RC convertRsaDerToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename); + TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename); + TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + int privateKeyBytes, + uint8_t *privateKeyBin, + const char *password); + TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + int modulusBytes, + uint8_t *modulusBin); + TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public, + const char *pemFilename); + + TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength, + size_t signatureSize, + const uint8_t *digest, size_t digestLength, + TPMI_ALG_HASH hashAlg, + void *rsaKey); + TPM_RC verifySignatureFromPem(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const char *pemFilename); + TPM_RC verifyRSASignatureFromRSA(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + void *rsaPubKey); + TPM_RC verifySignatureFromHmacKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const char *hmacKeyFilename); + + TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + uint8_t *signatureBin, + size_t signatureBinLen); + + /* Some OpenSSL builds do not include ECC */ + +#ifndef TPM_TSS_NOECC + + TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_PRIVATE *objectPrivate, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename, + const char *password); + TPM_RC convertEcPemToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *pemKeyFilename); + TPM_RC convertEcDerToKeyPair(TPM2B_PUBLIC *objectPublic, + TPM2B_SENSITIVE *objectSensitive, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename, + const char *password); + TPM_RC convertEcDerToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *derKeyFilename); + TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + int privateKeyBytes, + uint8_t *privateKeyBin, + const char *password); + TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + const uint8_t *signatureBin, + size_t signatureBinLen); + +#endif /* TPM_TSS_NOECC */ + + /* + OpenSSL specific functions + + These are not intended for general use. + */ + +#ifndef TPM_TSS_NO_OPENSSL + +/* Some functions add const to parameters as of openssl 1.1.0 */ + +#if OPENSSL_VERSION_NUMBER < 0x10100000 +#define OSSLCONST +#else +#define OSSLCONST const +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000 + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + void RSA_get0_key(const RSA *rsaKey, + const BIGNUM **n, + const BIGNUM **e, + const BIGNUM **d); + void RSA_get0_factors(const RSA *rsaKey, + const BIGNUM **p, + const BIGNUM **q); +#endif /* pre openssl 1.1 */ + +#if OPENSSL_VERSION_NUMBER < 0x10002000 + void X509_get0_signature(OSSLCONST ASN1_BIT_STRING **psig, + OSSLCONST X509_ALGOR **palg, const X509 *x); +#endif /* pre openssl 1.0.2 */ + + TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey, + const char *pemKeyFilename, + const char *password); + TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey, + const char *pemKeyFilename); + TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey, + const char *pemFilename); + TPM_RC convertBin2Bn(BIGNUM **bn, + const unsigned char *bin, + unsigned int bytes); + + TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey, + EVP_PKEY *evpPkey); + TPM_RC convertRsaKeyToPrivateKeyBin(int *privateKeyBytes, + uint8_t **privateKeyBin, + const RSA *rsaKey); + TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + RSA *rsaKey, + const char *password); + TPM_RC getRsaKeyParts(const BIGNUM **n, + const BIGNUM **e, + const BIGNUM **d, + const BIGNUM **p, + const BIGNUM **q, + const RSA *rsaKey); + int getRsaPubkeyAlgorithm(EVP_PKEY *pkey); + TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey, + const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa); + TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + TPMI_ALG_HASH halg, + EVP_PKEY *evpPkey); + +#ifndef TPM_TSS_NOECC + TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey, + EVP_PKEY *evpPkey); + TPM_RC convertEcKeyToPrivateKeyBin(int *privateKeyBytes, + uint8_t **privateKeyBin, + const EC_KEY *ecKey); + TPM_RC convertEcKeyToPublicKeyBin(int *modulusBytes, + uint8_t **modulusBin, + const EC_KEY *ecKey); + TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + TPMI_ECC_CURVE curveID, + int modulusBytes, + uint8_t *modulusBin); + TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE *objectPrivate, + TPM2B_SENSITIVE *objectSensitive, + EC_KEY *ecKey, + const char *password); + TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC *objectPublic, + int keyType, + TPMI_ALG_SIG_SCHEME scheme, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + EC_KEY *ecKey); + TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey, + const TPMS_ECC_POINT *tpmsEccPoint); + TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message, + unsigned int messageSize, + TPMT_SIGNATURE *tSignature, + EVP_PKEY *evpPkey); + TPM_RC getEcCurve(TPMI_ECC_CURVE *curveID, + const EC_KEY *ecKey); + +#endif /* TPM_TSS_NOECC */ +#endif /* TPM_TSS_NO_OPENSSL */ + + /* + mbedtls specific functions + + These are not intended for general use, but are used by ekutils.c + */ + +#ifdef TPM_TSS_MBEDTLS + + TPM_RC convertPkToRsaKey(mbedtls_rsa_context **rsaCtx, + mbedtls_pk_context *pkCtx); + TPM_RC convertPkToEckey(mbedtls_ecp_keypair **ecCtx, + mbedtls_pk_context *pkCtx); + TPM_RC convertEcKeyToPublicKeyXYBin(size_t *xBytes, + uint8_t **xBin, + size_t *yBytes, + uint8_t **yBin, + mbedtls_ecp_keypair *ecKp); + +#endif /* TPM_TSS_MBEDTLS */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/dictionaryattacklockreset.c b/libstb/tss2/ibmtpm20tss/utils/dictionaryattacklockreset.c new file mode 100644 index 000000000000..897c6f544981 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/dictionaryattacklockreset.c @@ -0,0 +1,216 @@ +/********************************************************************************/ +/* */ +/* DictionaryAttackLockReset */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + DictionaryAttackLockReset_In in; + const char *password = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (rc == 0) { + in.lockHandle = TPM_RH_LOCKOUT; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_DictionaryAttackLockReset, + sessionHandle0, password, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("dictionaryattacklockreset: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("dictionaryattacklockreset: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("dictionaryattacklockreset\n"); + printf("\n"); + printf("Runs TPM2_DictionaryAttackLockReset\n"); + printf("\n"); + printf("\t[-pwd\tlockout auth password (default empty)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/dictionaryattackparameters.c b/libstb/tss2/ibmtpm20tss/utils/dictionaryattackparameters.c new file mode 100644 index 000000000000..e359eb65cf06 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/dictionaryattackparameters.c @@ -0,0 +1,255 @@ +/********************************************************************************/ +/* */ +/* DictionaryAttackParameters */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + DictionaryAttackParameters_In in; + const char *password = NULL; + uint32_t newMaxTries = 1; + uint32_t newRecoveryTime = 10; + uint32_t lockoutRecovery = 1; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (rc == 0) { + in.lockHandle = TPM_RH_LOCKOUT; + in.newMaxTries = newMaxTries ; + in.newRecoveryTime = newRecoveryTime; + in.lockoutRecovery = lockoutRecovery; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_DictionaryAttackParameters, + sessionHandle0, password, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("dictionaryattackparameters: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("dictionaryattackparameters: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("dictionaryattackparameters\n"); + printf("\n"); + printf("Runs TPM2_DictionaryAttackParameters\n"); + printf("\n"); + printf("\t[-pwd\tlockout auth password (default empty)]\n"); + printf("\t[-nmt\tnew max tries (default 1 try)]\n"); + printf("\t[-nrt\tnew recovery time (default 10 seconds)]\n"); + printf("\t[-lr\tlockout recovery (default 1 second)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/duplicate.c b/libstb/tss2/ibmtpm20tss/utils/duplicate.c new file mode 100644 index 000000000000..87b33a4cab55 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/duplicate.c @@ -0,0 +1,353 @@ +/********************************************************************************/ +/* */ +/* Duplicate */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Duplicate_In in; + Duplicate_Out out; + TPMI_DH_OBJECT objectHandle = 0; + TPMI_DH_OBJECT newParentHandle = TPM_RH_NULL; + const char *encryptionKeyInFilename = NULL; + const char *encryptionKeyOutFilename = NULL; + const char *duplicateFilename = NULL; + const char *outSymSeedFilename = NULL; + const char *objectPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + in.symmetricAlg.algorithm = TPM_ALG_NULL; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == 0) { + printf("Missing or bad object handle parameter -ho\n"); + printUsage(); + } + if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) && + (encryptionKeyInFilename != NULL)) { + printf("-ik needs -salg\n"); + printUsage(); + } + if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) && + (encryptionKeyInFilename == NULL)) { + printf("-salg needs -ik\n"); + printUsage(); + } + if (rc == 0) { + in.objectHandle = objectHandle; + in.newParentHandle = newParentHandle; + } + /* optional symmetric encryption key */ + if (encryptionKeyInFilename != NULL) { + rc = TSS_File_Read2B(&in.encryptionKeyIn.b, + sizeof(in.encryptionKeyIn.t.buffer), + encryptionKeyInFilename); + } + else { + in.encryptionKeyIn.t.size = 0; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Duplicate, + sessionHandle0, objectPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (encryptionKeyOutFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.encryptionKeyOut.t.buffer, + out.encryptionKeyOut.t.size, + encryptionKeyOutFilename); + } + if ((rc == 0) && (duplicateFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.duplicate.t.buffer, + out.duplicate.t.size, + duplicateFilename); + } + if ((rc == 0) && (outSymSeedFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret, + out.outSymSeed.t.size, + outSymSeedFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("duplicate: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("duplicate: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("duplicate\n"); + printf("\n"); + printf("Runs TPM2_Duplicate\n"); + printf("\n"); + printf("\t-ho\tobject handle\n"); + printf("\t[-pwdo\tpassword for object (default empty)]\n"); + printf("\t[-hp\tnew parent handle (default TPM_RH_NULL)]\n"); + printf("\t[-ik\tencryption key in file name]\n"); + printf("\t[-salg\tsymmetric algorithm (aes)(default none)]\n"); + printf("\n"); + printf("\t[-oek\tencryption key out file name (default do not save)]\n"); + printf("\t[-od\tduplicate private area file name (default do not save)]\n"); + printf("\t[-oss\tsymmetric seed file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/eccparameters.c b/libstb/tss2/ibmtpm20tss/utils/eccparameters.c new file mode 100644 index 000000000000..052019fa6a25 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/eccparameters.c @@ -0,0 +1,172 @@ +/********************************************************************************/ +/* */ +/* ECC_Parameters */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ECC_Parameters_In in; + ECC_Parameters_Out out; + const char *datafilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.curveID = TPM_ECC_NONE; + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + EC_Ephemeral_In in; + EC_Ephemeral_Out out; + TPMI_ECC_CURVE curveID = TPM_ECC_NONE; + const char *QFilename = NULL; + const char *counterFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i +#include +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include + +#include +#include +#include +#include +#include + +#include "cryptoutils.h" +#include "ekutils.h" + +/* windows apparently uses _MAX_PATH in stdlib.h */ +#ifndef PATH_MAX +#ifdef _MAX_PATH +#define PATH_MAX _MAX_PATH +#else +/* Debian/Hurd does not define MAX_PATH */ +#define PATH_MAX 4096 +#endif +#endif + +/* The print flag is set by the caller, depending on whether it wants information displayed. + + tssUtilsVerbose is a global, used for verbose debug print + + Errors are always printed. +*/ + +extern int tssUtilsVerbose; + +#ifdef TPM_TPM20 + +/* readNvBufferMax() determines the maximum NV read/write block size. The limit is typically set by + the TPM property TPM_PT_NV_BUFFER_MAX. However, it's possible that a value could be larger than + the TSS side structure MAX_NV_BUFFER_SIZE. +*/ + +TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext, + uint32_t *nvBufferMax) +{ + TPM_RC rc = 0; + GetCapability_In in; + GetCapability_Out out; + + in.capability = TPM_CAP_TPM_PROPERTIES; + in.property = TPM_PT_NV_BUFFER_MAX; + in.propertyCount = 1; /* ask for one property */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetCapability, + TPM_RH_NULL, NULL, 0); + } + /* sanity check that the property name is correct (demo of how to parse the structure) */ + if (rc == 0) { + if ((out.capabilityData.data.tpmProperties.count > 0) && + (out.capabilityData.data.tpmProperties.tpmProperty[0].property == + TPM_PT_NV_BUFFER_MAX)) { + *nvBufferMax = out.capabilityData.data.tpmProperties.tpmProperty[0].value; + } + else { + if (tssUtilsVerbose) printf("readNvBufferMax: wrong property returned: %08x\n", + out.capabilityData.data.tpmProperties.tpmProperty[0].property); + /* hard code a value for a back level HW TPM that does not implement + TPM_PT_NV_BUFFER_MAX yet */ + *nvBufferMax = 512; + } + if (tssUtilsVerbose) printf("readNvBufferMax: TPM max read/write: %u\n", *nvBufferMax); + /* in addition, the maximum TSS side structure MAX_NV_BUFFER_SIZE is accounted for. The TSS + value is typically larger than the TPM value. */ + if (*nvBufferMax > MAX_NV_BUFFER_SIZE) { + *nvBufferMax = MAX_NV_BUFFER_SIZE; + } + if (tssUtilsVerbose) printf("readNvBufferMax: combined max read/write: %u\n", *nvBufferMax); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("getcapability: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +/* getIndexSize() uses TPM2_NV_ReadPublic() to return the NV index size */ + +TPM_RC getIndexSize(TSS_CONTEXT *tssContext, + uint16_t *dataSize, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + NV_ReadPublic_In in; + NV_ReadPublic_Out out; + + if (rc == 0) { + /* if (tssUtilsVerbose) printf("getIndexSize: index %08x\n", nvIndex); */ + in.nvIndex = nvIndex; + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_ReadPublic, + TPM_RH_NULL, NULL, 0); + /* only print if verbose, since EK nonce and template index may not exist */ + if ((rc != 0) && tssUtilsVerbose) { + const char *msg; + const char *submsg; + const char *num; + printf("nvreadpublic: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + } + } + if (rc == 0) { + /* if (tssUtilsVerbose) printf("getIndexSize: size %u\n", out.nvPublic.t.nvPublic.dataSize); */ + *dataSize = out.nvPublic.nvPublic.dataSize; + } + return rc; +} + +/* getIndexData() uses TPM2_NV_Read() to return the NV index contents. + + It assumes index authorization with an empty password +*/ + +TPM_RC getIndexData(TSS_CONTEXT *tssContext, + unsigned char **readBuffer, /* freed by caller */ + TPMI_RH_NV_INDEX nvIndex, + uint16_t readDataSize) /* total size to read */ +{ + TPM_RC rc = 0; + int done = FALSE; + uint32_t nvBufferMax; + uint16_t bytesRead; /* bytes read so far */ + NV_Read_In in; + NV_Read_Out out; + + /* data may have to be read in chunks. Read the TPM_PT_NV_BUFFER_MAX, the chunk size */ + if (rc == 0) { + rc = readNvBufferMax(tssContext, + &nvBufferMax); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("getIndexData: index %08x\n", nvIndex); + in.authHandle = nvIndex; /* index authorization */ + in.nvIndex = nvIndex; + in.offset = 0; /* start at beginning */ + bytesRead = 0; /* bytes read so far */ + } + if (rc == 0) { + rc = TSS_Malloc(readBuffer, readDataSize); + } + /* call TSS to execute the command */ + while ((rc == 0) && !done) { + if (rc == 0) { + /* read a chunk */ + in.offset = bytesRead; + if ((uint32_t)(readDataSize - bytesRead) < nvBufferMax) { + in.size = readDataSize - bytesRead; /* last chunk */ + } + else { + in.size = nvBufferMax; /* next chunk */ + } + } + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Read, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("nvread: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + } + } + /* copy the results to the read buffer */ + if (rc == 0) { + memcpy(*readBuffer + bytesRead, out.data.b.buffer, out.data.b.size); + bytesRead += out.data.b.size; + if (bytesRead == readDataSize) { + done = TRUE; + } + } + } + return rc; +} + +/* getIndexContents() uses TPM2_NV_ReadPublic() to get the NV index size, then uses TPM2_NV_Read() + to read the entire contents. + +*/ + +TPM_RC getIndexContents(TSS_CONTEXT *tssContext, + unsigned char **readBuffer, /* freed by caller */ + uint16_t *readBufferSize, /* total size read */ + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + + /* first read the public index size */ + if (rc == 0) { + rc = getIndexSize(tssContext, readBufferSize, nvIndex); + } + /* read the entire index */ + if (rc == 0) { + rc = getIndexData(tssContext, + readBuffer, /* freed by caller */ + nvIndex, + *readBufferSize); /* total size to read */ + } + return rc; +} + +/* IWG (TCG Infrastructure Work Group) default EK primary key policy */ + +static const unsigned char iwgPolicy[] = { + 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, + 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA +}; + +/* RSA EK primary key IWG default template */ + +void getRsaTemplate(TPMT_PUBLIC *tpmtPublic) +{ + tpmtPublic->type = TPM_ALG_RSA; + tpmtPublic->nameAlg = TPM_ALG_SHA256; + tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM | + TPMA_OBJECT_FIXEDPARENT | + TPMA_OBJECT_SENSITIVEDATAORIGIN | + TPMA_OBJECT_ADMINWITHPOLICY | + TPMA_OBJECT_RESTRICTED | + TPMA_OBJECT_DECRYPT; + tpmtPublic->authPolicy.t.size = 32; + memcpy(&tpmtPublic->authPolicy.t.buffer, iwgPolicy, 32); + tpmtPublic->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + tpmtPublic->parameters.rsaDetail.symmetric.keyBits.aes = 128; + tpmtPublic->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + tpmtPublic->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; + tpmtPublic->parameters.rsaDetail.scheme.details.anySig.hashAlg = 0; + tpmtPublic->parameters.rsaDetail.keyBits = 2048; + tpmtPublic->parameters.rsaDetail.exponent = 0; + tpmtPublic->unique.rsa.t.size = 256; + memset(&tpmtPublic->unique.rsa.t.buffer, 0, 256); + return; +} + +/* ECC EK primary key IWG default template */ + +void getEccTemplate(TPMT_PUBLIC *tpmtPublic) +{ + tpmtPublic->type = TPM_ALG_ECC; + tpmtPublic->nameAlg = TPM_ALG_SHA256; + tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM | + TPMA_OBJECT_FIXEDPARENT | + TPMA_OBJECT_SENSITIVEDATAORIGIN | + TPMA_OBJECT_ADMINWITHPOLICY | + TPMA_OBJECT_RESTRICTED | + TPMA_OBJECT_DECRYPT; + tpmtPublic->authPolicy.t.size = sizeof(iwgPolicy); + memcpy(tpmtPublic->authPolicy.t.buffer, iwgPolicy, sizeof(iwgPolicy)); + tpmtPublic->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; + tpmtPublic->parameters.eccDetail.symmetric.keyBits.aes = 128; + tpmtPublic->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB; + tpmtPublic->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + tpmtPublic->parameters.eccDetail.scheme.details.anySig.hashAlg = 0; + tpmtPublic->parameters.eccDetail.curveID = TPM_ECC_NIST_P256; + tpmtPublic->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + tpmtPublic->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0; + tpmtPublic->unique.ecc.x.t.size = 32; + memset(&tpmtPublic->unique.ecc.x.t.buffer, 0, 32); + tpmtPublic->unique.ecc.y.t.size = 32; + memset(&tpmtPublic->unique.ecc.y.t.buffer, 0, 32); + return; +} + +/* getIndexX509Certificate() reads the X509 certificate from the nvIndex and converts the DER + (binary) to OpenSSL X509 format + +*/ + +TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext, + void **certificate, /* freed by caller */ + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + unsigned char *certData = NULL; /* freed @1 */ + uint16_t certSize; + + /* read the certificate from NV to a DER stream */ + if (rc == 0) { + rc = getIndexContents(tssContext, + &certData, + &certSize, + nvIndex); + } + /* unmarshal the DER stream to an OpenSSL X509 structure */ + if (rc == 0) { + unsigned char *tmpData = NULL; + tmpData = certData; /* tmp pointer because d2i moves the pointer */ + *certificate = d2i_X509(NULL, /* freed by caller */ + (const unsigned char **)&tmpData, certSize); + if (*certificate == NULL) { + printf("getIndexX509Certificate: Could not parse X509 certificate\n"); + rc = TPM_RC_INTEGRITY; + } + } + free(certData); /* @1 */ + return rc; +} + +#endif /* TPM20 */ + +#ifndef TPM_TSS_NOFILE +#ifndef TPM_TSS_NORSA + +/* getPubkeyFromDerCertFile() gets an OpenSSL RSA public key token from a DER format X509 + certificate stored in a file. + + Returns both the OpenSSL X509 certificate token and RSA public key token. +*/ + +uint32_t getPubkeyFromDerCertFile(RSA **rsaPkey, + X509 **x509, + const char *derCertificateFileName) +{ + uint32_t rc = 0; + FILE *fp = NULL; + + /* open the file */ + if (rc == 0) { + fp = fopen(derCertificateFileName, "rb"); + if (fp == NULL) { + printf("getPubkeyFromDerCertFile: Error opening %s\n", derCertificateFileName); + rc = TSS_RC_FILE_OPEN; + } + } + /* read the file and convert the X509 DER to OpenSSL format */ + if (rc == 0) { + *x509 = d2i_X509_fp(fp, NULL); + if (*x509 == NULL) { + printf("getPubkeyFromDerCertFile: Error converting %s\n", derCertificateFileName); + rc = TSS_RC_X509_ERROR; + } + } + /* extract the OpenSSL format public key from the X509 token */ + if (rc == 0) { + rc = getPubKeyFromX509Cert(rsaPkey, *x509); + } + /* for debug, print the X509 certificate */ + if (rc == 0) { + if (tssUtilsVerbose) X509_print_fp(stdout, *x509); + } + if (fp != NULL) { + fclose(fp); + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ +#endif /* TPM_TSS_NOFILE */ + +#ifndef TPM_TSS_NORSA + +/* getPubKeyFromX509Cert() gets an OpenSSL RSA public key token from an OpenSSL X509 certificate + token. */ + +uint32_t getPubKeyFromX509Cert(RSA **rsaPkey, + X509 *x509) +{ + uint32_t rc = 0; + EVP_PKEY *evpPkey = NULL; + + if (rc == 0) { + evpPkey = X509_get_pubkey(x509); /* freed @1 */ + if (evpPkey == NULL) { + printf("getPubKeyFromX509Cert: X509_get_pubkey failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + *rsaPkey = EVP_PKEY_get1_RSA(evpPkey); + if (*rsaPkey == NULL) { + printf("getPubKeyFromX509Cert: EVP_PKEY_get1_RSA failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOFILE + +/* getRootCertificateFilenames() reads listFilename, which is a list of filenames. The intent is + that the filenames are a list of EK TPM vendor root certificates in PEM format. + + It accepts up to MAX_ROOTS filenames, which is a #define. + +*/ + +TPM_RC getRootCertificateFilenames(char *rootFilename[], + unsigned int *rootFileCount, + const char *listFilename, + int print) +{ + TPM_RC rc = 0; + int done = 0; + FILE *listFile = NULL; /* closed @1 */ + + *rootFileCount = 0; + + if (rc == 0) { + listFile = fopen(listFilename, "rb"); /* closed @1 */ + if (listFile == NULL) { + printf("getRootCertificateFilenames: Error opening list file %s\n", + listFilename); + rc = TSS_RC_FILE_OPEN; + } + } + while ((rc == 0) && !done && (*rootFileCount < MAX_ROOTS)) { + size_t rootFilenameLength; + if (rc == 0) { + rootFilename[*rootFileCount] = malloc(PATH_MAX); + if (rootFilename[*rootFileCount] == NULL) { + printf("getRootCertificateFilenames: Error allocating memory\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + char *tmpptr = fgets(rootFilename[*rootFileCount], PATH_MAX-1, listFile); + if (tmpptr == NULL) { /* end of file */ + free(rootFilename[*rootFileCount]); /* free malloced but unused entry */ + done = 1; + } + } + if ((rc == 0) && !done) { + rootFilenameLength = strlen(rootFilename[*rootFileCount]); + if (rootFilename[*rootFileCount][rootFilenameLength-1] != '\n') { + printf("getRootCertificateFilenames: filename %s too long\n", + rootFilename[*rootFileCount]); + rc = TSS_RC_OUT_OF_MEMORY; + free(rootFilename[*rootFileCount]); /* free malloced but bad entry */ + done = 1; + } + } + if ((rc == 0) && !done) { + rootFilename[*rootFileCount][rootFilenameLength-1] = '\0'; /* remove newline */ + if (print) printf("getRootCertificateFilenames: Root file name %u\n%s\n", + *rootFileCount, rootFilename[*rootFileCount]); + (*rootFileCount)++; + } + } + if (listFile != NULL) { + fclose(listFile); /* @1 */ + } + return rc; +} + +#endif + +#ifndef TPM_TSS_NOFILE + +/* getCaStore() creates an OpenSSL X509_STORE, populated by the root certificates in the + rootFilename array. Depending on the vendor, some certificates may be intermediate certificates. + OpenSSL handles this internally by walking the chain back to the root. + + The caCert array is returned because it must be freed after the caStore is freed + + NOTE: There is no TPM interaction. +*/ + +TPM_RC getCaStore(X509_STORE **caStore, /* freed by caller */ + X509 *caCert[], /* freed by caller */ + const char *rootFilename[], + unsigned int rootFileCount) +{ + TPM_RC rc = 0; + FILE *caCertFile = NULL; /* closed @1 */ + unsigned int i; + + if (rc == 0) { + *caStore = X509_STORE_new(); + if (*caStore == NULL) { + printf("getCaStore: X509_store_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + for (i = 0 ; (i < rootFileCount) && (rc == 0) ; i++) { + /* read a root certificate from the file */ + caCertFile = fopen(rootFilename[i], "rb"); /* closed @1 */ + if (caCertFile == NULL) { + printf("getCaStore: Error opening CA root certificate file %s\n", + rootFilename[i]); + rc = TSS_RC_FILE_OPEN; + } + /* convert the root certificate from PEM to X509 */ + if (rc == 0) { + caCert[i] = PEM_read_X509(caCertFile, NULL, NULL, NULL); /* freed by caller */ + if (caCert[i] == NULL) { + printf("getCaStore: Error reading CA root certificate file %s\n", + rootFilename[i]); + rc = TSS_RC_FILE_READ; + } + } + if ((rc == 0) && tssUtilsVerbose) { + X509_NAME *x509Name; + char *subject = NULL; + x509Name = X509_get_subject_name(caCert[i]); + subject = X509_NAME_oneline(x509Name, NULL, 0); + printf("getCaStore: subject %u: %s\n", i, subject); + OPENSSL_free(subject); + } + + /* add the CA X509 certificate to the certificate store */ + if (rc == 0) { + X509_STORE_add_cert(*caStore, caCert[i]); + } + if (caCertFile != NULL) { + fclose(caCertFile); /* @1 */ + caCertFile = NULL; + } + } + return rc; +} + +#endif + +#ifndef TPM_TSS_NOFILE + +/* verifyCertificate() verifies a certificate (typically an EK certificate against the root CA + certificate (typically the TPM vendor CA certificate chain) + + The 'rootFileCount' root certificates are stored in the files whose paths are in the array + 'rootFilename' + +*/ + +TPM_RC verifyCertificate(void *x509Certificate, + const char *rootFilename[], + unsigned int rootFileCount, + int print) +{ + TPM_RC rc = 0; + unsigned int i; + X509_STORE *caStore = NULL; /* freed @1 */ + X509 *caCert[MAX_ROOTS]; /* freed @2 */ + X509_STORE_CTX *verifyCtx = NULL; /* freed @3 */ + + for (i = 0 ; i < rootFileCount ; i++) { + caCert[i] = NULL; /* for free @2 */ + } + /* get the root CA certificate chain */ + if (rc == 0) { + rc = getCaStore(&caStore, /* freed @1 */ + caCert, /* freed @2 */ + rootFilename, + rootFileCount); + } + /* create the certificate verify context */ + if (rc == 0) { + verifyCtx = X509_STORE_CTX_new(); /* freed @3 */ + if (verifyCtx == NULL) { + printf("verifyCertificate: X509_STORE_CTX_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* add the root certificate store and EK certificate to be verified to the verify context */ + if (rc == 0) { + int irc = X509_STORE_CTX_init(verifyCtx, + caStore, /* trusted certificates */ + x509Certificate, /* end entity certificate */ + NULL); /* untrusted (intermediate) certificates */ + if (irc != 1) { + printf("verifyCertificate: " + "Error in X509_STORE_CTX_init initializing verify context\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + } + /* walk the certificate chain */ + if (rc == 0) { + int irc = X509_verify_cert(verifyCtx); + if (irc != 1) { + printf("verifyCertificate: Error in X509_verify_cert verifying certificate\n"); + rc = TSS_RC_RSA_SIGNATURE; + } + else { + if (print) printf("EK certificate verified against the root\n"); + } + } + if (caStore != NULL) { + X509_STORE_free(caStore); /* @1 */ + } + for (i = 0 ; i < rootFileCount ; i++) { + X509_free(caCert[i]); /* @2 */ + } + if (verifyCtx != NULL) { + X509_STORE_CTX_free(verifyCtx); /* @3 */ + } + return rc; +} + +/* verifyKeyUsage() validates the key usage for an EK. + + If the EK has the decrypt attribute set, the keyEncipherment bit MUST be set for an RSA EK + certificate; the keyAgreement bit MUST be set for an ECC EK certificate. +*/ + +TPM_RC verifyKeyUsage(X509 *ekX509Certificate, /* X509 certificate */ + int pkeyType, /* RSA or ECC */ + int print) +{ + TPM_RC rc = 0; + ASN1_BIT_STRING *keyUsage = NULL; + uint8_t bitmap; + int keyAgreement; /* boolean flags */ + int keyEncipherment; + + if (rc == 0) { + keyUsage = X509_get_ext_d2i(ekX509Certificate, NID_key_usage, /* freed @1 */ + NULL, NULL); + if (keyUsage == NULL) { + printf("verifyKeyUsage: Cannot find key usage\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + if (keyUsage->length == 0) { + printf("verifyKeyUsage: Key usage length 0 bytes\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + bitmap = keyUsage->data[0]; + keyEncipherment = bitmap & (1<<5); /* bit 2 little endian */ + keyAgreement = bitmap & (1<<3); /* bit 4 little endian */ + if (keyEncipherment) { /* bit 2 little endian */ + if (print) printf("verifyKeyUsage: Key Encipherment\n"); + } + if (keyAgreement) { /* bit 4 little endian */ + if (print) printf("verifyKeyUsage: Key Agreement\n"); + } + if (pkeyType == EVP_PKEY_RSA) { + if (!keyEncipherment) { + printf("ERROR: verifyKeyUsage: RSA Key usage %02x not Key Encipherment\n", + bitmap); + rc = TSS_RC_X509_ERROR; + } + } + else if (pkeyType == EVP_PKEY_EC) { + /* ECC should be key agreement, but some HW TPMs use key encipherment */ + if (!keyEncipherment && !keyAgreement) { + printf("ERROR: verifyKeyUsage: ECC Key usage %02x not " + "Key agreement or key encipherment\n", + bitmap); + rc = TSS_RC_X509_ERROR; + } + } + else { + printf("ERROR: verifyKeyUsage: Public key is not RSA or ECC\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (keyUsage != NULL) { + ASN1_BIT_STRING_free(keyUsage); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifdef TPM_TPM20 + +/* processEKNonce()reads the EK nonce from NV and returns the contents and size */ + +TPM_RC processEKNonce(TSS_CONTEXT *tssContext, + unsigned char **nonce, /* freed by caller */ + uint16_t *nonceSize, + TPMI_RH_NV_INDEX ekNonceIndex, + int print) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = getIndexContents(tssContext, + nonce, + nonceSize, + ekNonceIndex); + } + /* optional tracing */ + if (rc == 0) { + if (print) TSS_PrintAll("EK Nonce: ", *nonce, *nonceSize); + } + return rc; +} + +/* processEKTemplate() reads the EK template from NV and returns the unmarshaled TPMT_PUBLIC */ + +TPM_RC processEKTemplate(TSS_CONTEXT *tssContext, + TPMT_PUBLIC *tpmtPublic, + TPMI_RH_NV_INDEX ekTemplateIndex, + int print) +{ + TPM_RC rc = 0; + uint16_t dataSize; + unsigned char *data = NULL; /* freed @1 */ + uint32_t tmpDataSize; + unsigned char *tmpData = NULL; + + if (rc == 0) { + rc = getIndexContents(tssContext, + &data, + &dataSize, + ekTemplateIndex); + } + /* unmarshal the data stream */ + if (rc == 0) { + tmpData = data; /* temps because unmarshal moves the pointers */ + tmpDataSize = dataSize; + rc = TSS_TPMT_PUBLIC_Unmarshalu(tpmtPublic, &tmpData, &tmpDataSize, YES); + } + /* optional tracing */ + if (rc == 0) { + if (print) TSS_TPMT_PUBLIC_Print(tpmtPublic, 0); + } + free(data); /* @1 */ + return rc; +} + +/* processEKCertificate() reads the EK certificate from NV and returns an X509 certificate + structure. It also extracts and returns the public modulus. + + The return is void because the structure is opaque to the caller. This accomodates other crypto + libraries. + + ekCertificate is an X509 structure. +*/ + +TPM_RC processEKCertificate(TSS_CONTEXT *tssContext, + void **ekCertificate, /* freed by caller */ + uint8_t **modulusBin, /* freed by caller */ + int *modulusBytes, + TPMI_RH_NV_INDEX ekCertIndex, + int print) +{ + TPM_RC rc = 0; + + /* read the EK X509 certificate from NV and convert the DER (binary) to OpenSSL X509 format */ + if (rc == 0) { + rc = getIndexX509Certificate(tssContext, + ekCertificate, /* freed by caller */ + ekCertIndex); + if (rc != 0) { + printf("No EK certificate\n"); + } + } + /* extract the public modulus from the X509 structure */ + if (rc == 0) { + rc = convertCertificatePubKey(modulusBin, /* freed by caller */ + modulusBytes, + *ekCertificate, + ekCertIndex, + print); + } + return rc; +} + +#endif /* TPM20 */ + +/* convertX509ToDer() serializes the openSSL X509 structure to a DER certificate + + */ + +TPM_RC convertX509ToDer(uint32_t *certLength, + unsigned char **certificate, /* output, freed by caller */ + X509 *x509Certificate) /* input */ +{ + TPM_RC rc = 0; /* general return code */ + int irc; + + /* sanity check for memory leak */ + if (rc == 0) { + if (*certificate != NULL) { + printf("ERROR: convertX509ToDer: Error, certificate not NULL at entry\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + irc = i2d_X509(x509Certificate, NULL); + if (irc < 0) { + printf("ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()\n"); + rc = TSS_RC_X509_ERROR; + } + else { + *certLength = irc; + } + } + if (rc == 0) { + rc = TSS_Malloc(certificate, *certLength); + } + /* convert the X509 structure to binary (internal to DER format) */ + if (rc == 0) { + unsigned char *tmpptr = *certificate; + if (tssUtilsVerbose) printf("convertX509ToDer: Serializing certificate\n"); + irc = i2d_X509(x509Certificate, &tmpptr); + if (irc < 0) { + printf("ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()\n"); + rc = TSS_RC_X509_ERROR; + } + } + return rc; +} + +#ifndef TPM_TSS_NOECC + +/* convertX509ToEc extracts the public key from an X509 structure to an openssl EC_KEY structure + + */ + +TPM_RC convertX509ToEc(EC_KEY **ecKey, /* freed by caller */ + X509 *x509) +{ + TPM_RC rc = 0; + EVP_PKEY *evpPkey = NULL; + + if (tssUtilsVerbose) printf("convertX509ToEc: Entry\n\n"); + if (rc == 0) { + evpPkey = X509_get_pubkey(x509); /* freed @1 */ + if (evpPkey == NULL) { + printf("ERROR: convertX509ToEc: X509_get_pubkey failed\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (rc == 0) { + *ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); + if (*ecKey == NULL) { + printf("ERROR: convertX509ToEc: EVP_PKEY_get1_EC_KEY failed\n"); + rc = TSS_RC_EC_KEY_CONVERT; + } + } + if (evpPkey != NULL) { + EVP_PKEY_free(evpPkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* convertCertificatePubKey() returns the public modulus from an openssl X509 certificate + structure. ekCertIndex determines whether the algorithm is RSA or ECC. + + If print is true, prints the EK certificate + + The return is void because the structure is opaque to the caller. This accomodates other crypto + libraries. + + ekCertificate is an X509 structure. +*/ + +TPM_RC convertCertificatePubKey(uint8_t **modulusBin, /* freed by caller */ + int *modulusBytes, + void *ekCertificate, + TPMI_RH_NV_INDEX ekCertIndex, + int print) +{ + TPM_RC rc = 0; + EVP_PKEY *pkey = NULL; + int pkeyType; /* RSA or EC */ + + /* use openssl to print the X509 certificate */ +#ifndef TPM_TSS_NOFILE /* stdout is a file descriptor */ + if (rc == 0) { + if (print) X509_print_fp(stdout, ekCertificate); + } +#endif + /* extract the public key */ + if (rc == 0) { + pkey = X509_get_pubkey(ekCertificate); /* freed @2 */ + if (pkey == NULL) { +#ifndef TPM_TSS_NORSA + if (tssUtilsVerbose) printf("convertCertificatePubKey: " + "Could not extract public key from X509 certificate, " + "may be TPM 1.2\n"); + /* if the conversion failed, this may be a TPM 1.2 certificate with a non-standard TCG + algorithm. Try a different method to get the public modulus. */ + rc = convertCertificatePubKey12(modulusBin, /* freed by caller */ + modulusBytes, + ekCertificate); +#else + printf("convertCertificatePubKey12: Could not extract X509_PUBKEY public key " + "from X509 certificate\n"); + rc = TPM_RC_INTEGRITY; +#endif /* TPM_TSS_NORSA */ + + } + else { + if (rc == 0) { + pkeyType = getRsaPubkeyAlgorithm(pkey); + } + switch (ekCertIndex) { +#ifndef TPM_TSS_NORSA + case EK_CERT_RSA_INDEX: + { + RSA *rsaKey = NULL; + /* check that the public key algorithm matches the ekCertIndex algorithm */ + if (rc == 0) { + if (pkeyType != EVP_PKEY_RSA) { + printf("convertCertificatePubKey: " + "Public key from X509 certificate is not RSA\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* convert the public key to OpenSSL structure */ + if (rc == 0) { + rsaKey = EVP_PKEY_get1_RSA(pkey); /* freed @3 */ + if (rsaKey == NULL) { + printf("convertCertificatePubKey: Could not extract RSA public key " + "from X509 certificate\n"); + rc = TPM_RC_INTEGRITY; + } + } + if (rc == 0) { + rc = convertRsaKeyToPublicKeyBin(modulusBytes, + modulusBin, /* freed by caller */ + rsaKey); + } + if (rc == 0) { + if (print) TSS_PrintAll("Certificate public key:", + *modulusBin, *modulusBytes); + } + RSA_free(rsaKey); /* @3 */ + } + break; +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + case EK_CERT_EC_INDEX: + { + EC_KEY *ecKey = NULL; + /* check that the public key algorithm matches the ekCertIndex algorithm */ + if (rc == 0) { + if (pkeyType != EVP_PKEY_EC) { + printf("convertCertificatePubKey: " + "Public key from X509 certificate is not EC\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* convert the public key to OpenSSL structure */ + if (rc == 0) { + ecKey = EVP_PKEY_get1_EC_KEY(pkey); /* freed @3 */ + if (ecKey == NULL) { + printf("convertCertificatePubKey: Could not extract EC public key " + "from X509 certificate\n"); + rc = TPM_RC_INTEGRITY; + } + } + if (rc == 0) { + rc = convertEcKeyToPublicKeyBin(modulusBytes, + modulusBin, /* freed by caller */ + ecKey); + } + if (rc == 0) { + if (print) TSS_PrintAll("Certificate public key:", + *modulusBin, *modulusBytes); + } + EC_KEY_free(ecKey); /* @3 */ + } + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("convertCertificatePubKey: " + "ekCertIndex %08x (asymmetric algorithm) not supported\n", ekCertIndex); + rc = TPM_RC_INTEGRITY; + break; + } + } + EVP_PKEY_free(pkey); /* @2 */ + } + return rc; +} + +#ifndef TPM_TSS_NORSA + +TPM_RC convertCertificatePubKey12(uint8_t **modulusBin, /* freed by caller */ + int *modulusBytes, + X509 *ekCertificate) +{ + TPM_RC rc = 0; + int irc; + X509_PUBKEY *pubkey = NULL; + ASN1_OBJECT *ppkalg = NULL; /* ignore OID */ + const unsigned char *pk = NULL; /* do not free */ + int ppklen; + X509_ALGOR *palg = NULL; /* algorithm identifier for public key */ + RSA *rsaKey = NULL; + + /* get internal pointer to the public key in the certificate */ + if (rc == 0) { + pubkey = X509_get_X509_PUBKEY(ekCertificate); /* do not free */ + if (pubkey == NULL) { + printf("convertCertificatePubKey12: Could not extract X509_PUBKEY public key " + "from X509 certificate\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* get the public key parameters, as a byte stream pk */ + if (rc == 0) { + irc = X509_PUBKEY_get0_param(&ppkalg, + &pk, &ppklen, /* internal, don't free */ + &palg, pubkey); + if (irc != 1) { + printf("convertCertificatePubKey12: Could not extract public key parameters " + "from X509 certificate\n"); + rc = TPM_RC_INTEGRITY; + } + } + if (rc == 0) { + const unsigned char *tmppk = pk; /* because d2i moves the pointer */ + rsaKey = d2i_RSAPublicKey(NULL, &tmppk, ppklen); /* freed @1 */ + if (rsaKey == NULL) { + printf("convertCertificatePubKey12: Could not convert to RSA structure\n"); + rc = TPM_RC_INTEGRITY; + } + } + if (rc == 0) { + rc = convertRsaKeyToPublicKeyBin(modulusBytes, + modulusBin, /* freed by caller */ + rsaKey); + TSS_PrintAll("convertCertificatePubKey12", *modulusBin, *modulusBytes); + } + if (rsaKey != NULL) { + RSA_free(rsaKey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOFILE /* stdout is a file descriptor */ + +TPM_RC convertX509PemToDer(uint32_t *certLength, + unsigned char **certificate, /* output, freed by caller */ + const char *pemCertificateFilename) +{ + TPM_RC rc = 0; + X509 *x509Certificate = NULL; + + if (rc == 0) { + rc = convertPemToX509(&x509Certificate, /* freed @1 */ + pemCertificateFilename); + } + if (rc == 0) { + rc = convertX509ToDer(certLength, + certificate, /* output, freed by caller */ + x509Certificate); /* input */ + } + if (x509Certificate != NULL) { + X509_free(x509Certificate); /* @1 */ + } + return rc; +} + +#endif + +#ifndef TPM_TSS_NOFILE + +/* convertPemToX509() reads a PEM file and converts it to an OpenSSL X509 structure + + */ + +uint32_t convertPemToX509(X509 **x509, /* freed by caller */ + const char *pemCertificateFilename) +{ + uint32_t rc = 0; + int irc; + FILE *pemCertificateFile = NULL; + + if (tssUtilsVerbose) printf("convertPemToX509: Reading PEM certificate file %s\n", + pemCertificateFilename); + if (rc == 0) { + pemCertificateFile = fopen(pemCertificateFilename, "r"); + if (pemCertificateFile == NULL) { + printf("convertPemToX509: Cannot open PEM file %s\n", pemCertificateFilename); + rc = TSS_RC_FILE_OPEN; + } + } + /* convert the platform certificate from PEM to DER */ + if (rc == 0) { + *x509 = PEM_read_X509(pemCertificateFile , NULL, NULL, NULL); /* freed @1 */ + if (*x509 == NULL) { + printf("convertPemToX509: Cannot parse PEM certificate file %s\n", + pemCertificateFilename); + rc = TSS_RC_FILE_READ; + } + } + /* for debug */ + if ((rc == 0) && tssUtilsVerbose) { + irc = X509_print_fp(stdout, *x509); + if (irc != 1) { + printf("ERROR: convertPemToX509: Error in certificate print X509_print_fp()\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (pemCertificateFile != NULL) { + fclose(pemCertificateFile); /* @1 */ + } + return rc; +} + +#endif + +/* convertDerToX509() converts a DER stream to an OpenSSL X509 structure + + The return is void because the structure is opaque to the caller. This accomodates other crypto + libraries. +*/ + +uint32_t convertDerToX509(void **x509Certificate, /* freed by caller */ + uint16_t readLength, + const unsigned char *readBuffer) +{ + uint32_t rc = 0; + *x509Certificate = d2i_X509(NULL, /* freed by caller */ + &readBuffer, readLength); + if (*x509Certificate == NULL) { + printf("convertDerToX509: Could not parse X509 certificate\n"); + rc = TSS_RC_X509_ERROR; + } + return rc; +} + +/* x509FreeStructure() is the library specific free structure. + + The parameter is void because the structure is opaque to the caller. This accomodates other + crypto libraries. +*/ + +void x509FreeStructure(void *x509) +{ + if (x509 != NULL) { + X509_free(x509); + } + return; +} + +/* x509PrintStructure() prints the structure to stdout + + The parameter is void because the structure is opaque to the caller. This accomodates other + crypto libraries. +*/ + +void x509PrintStructure(void *x509) +{ + X509_print_fp(stdout, x509); + return; +} + +/* convertPemMemToX509() converts an in-memory PEM format X509 certificate to an openssl X509 + structure. + +*/ + +uint32_t convertPemMemToX509(X509 **x509, /* freed by caller */ + const char *pemCertificate) +{ + uint32_t rc = 0; + BIO *bio = NULL; + int pemLength; + int writeLen = 0; + + if (tssUtilsVerbose) printf("convertPemMemToX509: pemCertificate\n%s\n", pemCertificate); + /* create a BIO that uses an in-memory buffer */ + if (rc == 0) { + bio = BIO_new(BIO_s_mem()); /* freed @1 */ + if (bio == NULL) { + printf("convertPemMemToX509: BIO_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* write the PEM from memory to BIO */ + if (rc == 0) { + pemLength = strlen(pemCertificate); + writeLen = BIO_write(bio, pemCertificate, pemLength); + if (writeLen != pemLength) { + printf("convertPemMemToX509: BIO_write failed\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* convert the properly formatted PEM to X509 structure */ + if (rc == 0) { + *x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); + if (*x509 == NULL) { + printf("convertPemMemToX509: PEM_read_bio_X509 failed\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* for debug */ +#ifndef TPM_TSS_NOFILE /* stdout is a file descriptor */ + if (rc == 0) { + if (tssUtilsVerbose) X509_print_fp(stdout, *x509); + } +#endif + if (bio != NULL) { + BIO_free(bio); /* @1 */ + } + return rc; +} + +#ifndef TPM_TSS_NOFILE + +/* convertX509ToPem() writes an OpenSSL X509 structure to a PEM format file + + The return is void because the structure is opaque to the caller. This accomodates other crypto + libraries. + + For OpenSSL, the type is X509* +*/ + +TPM_RC convertX509ToPem(const char *pemFilename, + void *x509) +{ + TPM_RC rc = 0; + int irc; + FILE *pemFile = NULL; + + if (tssUtilsVerbose) printf("convertX509ToPem: Writing PEM certificate file %s\n", + pemFilename); + if (rc == 0) { + pemFile = fopen(pemFilename, "w"); /* close @1 */ + if (pemFile == NULL) { + printf("convertX509ToPem: Cannot open PEM file %s\n", pemFilename); + rc = TSS_RC_FILE_OPEN; + } + } + if (rc == 0) { + irc = PEM_write_X509(pemFile, x509); + if (irc == 0) { + printf("convertX509ToPem: Unable to write PEM file %s\n", pemFilename); + rc = TSS_RC_FILE_WRITE; + } + } + if (pemFile != NULL) { + fclose(pemFile); /* @1 */ + } + return rc; +} + +#endif + +/* convertX509ToPemMem() converts an OpenSSL X509 structure to PEM format in memory */ + +TPM_RC convertX509ToPemMem(char **pemString, /* freed by caller */ + X509 *x509) +{ + TPM_RC rc = 0; /* general return code */ + int irc; + char *data = NULL; + long length; + + /* create a BIO that uses an in-memory buffer */ + BIO *bio = NULL; + if (rc == 0) { + bio = BIO_new(BIO_s_mem()); /* freed @1 */ + if (bio == NULL) { + printf("convertX509ToPemMem: BIO_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* convert X509 to PEM and write the PEM to memory */ + if (rc == 0) { + irc = PEM_write_bio_X509(bio, x509); + if (irc != 1) { + printf("convertX509ToPemMem: PEM_write_bio_X509 failed\n"); + rc = TSS_RC_FILE_WRITE; + } + } + if (rc == 0) { + length = BIO_get_mem_data(bio, &data); + *pemString = malloc(length+1); + if (*pemString == NULL) { + printf("ERROR: convertX509ToPemMem: Cannot malloc %lu\n", length); + rc = TSS_RC_OUT_OF_MEMORY; + } + else { + (*pemString)[length] = '\0'; + } + } + if (rc == 0) { + irc = BIO_read(bio, *pemString, length); + if (irc <= 0) { + printf("ERROR: convertX509ToPemMem: BIO_read failed\n"); + rc = TSS_RC_FILE_READ; + } + } + if (bio != NULL) { + BIO_free(bio); /* @1 */ + } + return rc; +} + +/* convertX509ToString() converts an OpenSSL X509 structure to a human readable string */ + +TPM_RC convertX509ToString(char **x509String, /* freed by caller */ + X509 *x509) +{ + TPM_RC rc = 0; + int irc; + char *data = NULL; + long length; + + /* create a BIO that uses an in-memory buffer */ + BIO *bio = NULL; + if (rc == 0) { + bio = BIO_new(BIO_s_mem()); /* freed @1 */ + if (bio == NULL) { + printf("convertX509ToString: BIO_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* write the string to memory */ + if (rc == 0) { + irc = X509_print(bio, x509); + if (irc != 1) { + printf("convertX509ToString X509_print failed\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + length = BIO_get_mem_data(bio, &data); + *x509String = malloc(length+1); + if (*x509String == NULL) { + printf("convertX509ToString: Cannot malloc %lu\n", length); + rc = TSS_RC_OUT_OF_MEMORY; + } + else { + (*x509String)[length] = '\0'; + } + } + if (rc == 0) { + irc = BIO_read(bio, *x509String, length); + if (irc <= 0) { + printf("convertX509ToString BIO_read failed\n"); + rc = TSS_RC_FILE_READ; + } + } + if (bio != NULL) { + BIO_free(bio); /* @1 */ + } + return rc; +} + +/* + Certificate Creation +*/ + +/* These are the names inserted into the certificates. If changed, the entries also change. At run + time, the mapping from key to nid is done once and used repeatedly. */ + +CertificateName certificateName[] = { + { "countryName", NID_undef}, /* 0 */ + { "stateOrProvinceName", NID_undef}, /* 1 */ + { "localityName", NID_undef}, /* 2 */ + { "organizationName", NID_undef}, /* 3 */ + { "organizationalUnitName", NID_undef}, /* 4 */ + { "commonName", NID_undef}, /* 5 */ + { "emailAddress", NID_undef}, /* 6 */ +}; + +TPM_RC calculateNid(void) +{ + TPM_RC rc = 0; + size_t i; + + for (i=0 ; (i < sizeof(certificateName)/sizeof(CertificateName)) && (rc == 0) ; i++) { + certificateName[i].nid = OBJ_txt2nid(certificateName[i].key); /* look up the NID for the + field */ + if (certificateName[i].nid == NID_undef) { + printf("calculateNid: Error finding nid for %s\n", certificateName[i].key); + rc = TSS_RC_X509_ERROR; + } + } + return rc; +} + +/* createCertificate() constructs a certificate from the issuer and subject. The public key to be + certified is tpmtPublic. + + It signs the certificate using the CA key in caKeyFileName protected by the password + caKeyPassword. The CA signing key algorithm caKeyAlg is RSA or ECC. + + The certificate is returned as a DER encoded array 'certificate', a PEM string, and a formatted + string. + +*/ + +TPM_RC createCertificate(char **x509CertString, /* freed by caller */ + char **pemCertString, /* freed by caller */ + uint32_t *certLength, /* output, certificate length */ + unsigned char **certificate, /* output, freed by caller */ + TPMT_PUBLIC *tpmtPublic, /* key to be certified */ + const char *caKeyFileName, + size_t issuerEntriesSize, + char **issuerEntries, + size_t subjectEntriesSize, + char **subjectEntries, + const char *caKeyPassword) +{ + TPM_RC rc = 0; + X509 *x509Certificate = NULL; + uint16_t publicKeyLength; + const unsigned char *publicKey = NULL; + + /* allocate memory for the X509 structure */ + if (rc == 0) { + x509Certificate = X509_new(); /* freed @2 */ + if (x509Certificate == NULL) { + printf("createCertificate: Error in X509_new\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* hash unique field to create serial number */ + if (rc == 0) { + if (tpmtPublic->type == TPM_ALG_RSA) { + publicKeyLength = tpmtPublic->unique.rsa.t.size; + publicKey = tpmtPublic->unique.rsa.t.buffer; + } + else if (tpmtPublic->type == TPM_ALG_ECC) { + publicKeyLength = tpmtPublic->unique.ecc.x.t.size; + publicKey = tpmtPublic->unique.ecc.x.t.buffer; + } + else { + printf("createCertificate: public key algorithm %04x not supported\n", + tpmtPublic->type); + rc = TSS_RC_BAD_SIGNATURE_ALGORITHM; + } + } + /* fill in basic X509 information - version, serial, validity, issuer, subject */ + if (rc == 0) { + rc = startCertificate(x509Certificate, + publicKeyLength, publicKey, + issuerEntriesSize, issuerEntries, + subjectEntriesSize, subjectEntries); + } + /* If the EK has the decrypt attribute set, the keyEncipherment bit MUST be set for an RSA EK + certificate; the keyAgreement bit MUST be set for an ECC EK certificate. */ + if (rc == 0) { + if (tpmtPublic->type == TPM_ALG_RSA) { + rc = addCertExtension(x509Certificate, NID_key_usage, "critical,keyEncipherment"); + } + if (tpmtPublic->type == TPM_ALG_ECC) { + rc = addCertExtension(x509Certificate, NID_key_usage, "critical,keyAgreement"); + } + } + /* add the TPM public key to be certified */ + if (rc == 0) { + switch (tpmtPublic->type) { +#ifndef TPM_TSS_NORSA + case TPM_ALG_RSA: + rc = addCertKeyRsa(x509Certificate, &tpmtPublic->unique.rsa); + break; +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = addCertKeyEcc(x509Certificate, &tpmtPublic->unique.ecc); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("createCertificate: public key algorithm %04x not supported\n", + tpmtPublic->type); + rc = TSS_RC_BAD_SIGNATURE_ALGORITHM; + } + } + /* sign the certificate with the root CA key */ + if (rc == 0) { + rc = addCertSignatureRoot(x509Certificate, caKeyFileName, caKeyPassword); + } + if (rc == 0) { + rc = convertX509ToDer(certLength, certificate, /* freed by caller */ + x509Certificate); /* in */ + } + if (rc == 0) { + rc = convertX509ToPemMem(pemCertString, /* freed by caller */ + x509Certificate); + } + if (rc == 0) { + rc = convertX509ToString(x509CertString, /* freed by caller */ + x509Certificate); + } + X509_free(x509Certificate); /* @2 */ + return rc; +} + +/* Certificate duration period is hard coded to 20 years */ + +#define CERT_DURATION (60 * 60 * 24 * ((365 * 20) + 2)) /* +2 for leap years */ + +/* startCertificate() fills in basic X509 information, such as: + version + serial number + issuer + validity + subject +*/ + +TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generated */ + uint16_t keyLength, + const unsigned char *keyBuffer, /* key to be certified */ + size_t issuerEntriesSize, + char **issuerEntries, /* certificate issuer */ + size_t subjectEntriesSize, + char **subjectEntries) /* certificate subject */ +{ + TPM_RC rc = 0; /* general return code */ + int irc; /* integer return code */ + ASN1_TIME *arc; /* return code */ + ASN1_INTEGER *x509Serial; /* certificate serial number in ASN1 */ + BIGNUM *x509SerialBN; /* certificate serial number as a BIGNUM */ + unsigned char x509Serialbin[SHA1_DIGEST_SIZE]; /* certificate serial number in binary */ + X509_NAME *x509IssuerName; /* composite issuer name, key/value pairs */ + X509_NAME *x509SubjectName; /* composite subject name, key/value pairs */ + + x509IssuerName = NULL; /* freed @1 */ + x509SubjectName = NULL; /* freed @2 */ + x509SerialBN = NULL; /* freed @3 */ + + /* add certificate version X509 v3 */ + if (rc == 0) { + irc = X509_set_version(x509Certificate, 2L); /* value 2 == v3 */ + if (irc != 1) { + printf("startCertificate: Error in X509_set_version\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* + add certificate serial number + */ + if (rc == 0) { + if (tssUtilsVerbose) printf("startCertificate: Adding certificate serial number\n"); + /* to create a unique serial number, hash the key to be certified */ + SHA1(keyBuffer, keyLength, x509Serialbin); + /* convert the SHA1 digest to a BIGNUM */ + x509SerialBN = BN_bin2bn(x509Serialbin, SHA1_DIGEST_SIZE, x509SerialBN); + if (x509SerialBN == NULL) { + printf("startCertificate: Error in serial number BN_bin2bn\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + /* get the serial number structure member, can't fail */ + x509Serial = X509_get_serialNumber(x509Certificate); + /* convert the BIGNUM to ASN1 and add to X509 certificate */ + x509Serial = BN_to_ASN1_INTEGER(x509SerialBN, x509Serial); + if (x509Serial == NULL) { + printf("startCertificate: Error setting certificate serial number\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add issuer */ + if (rc == 0) { + if (tssUtilsVerbose) printf("startCertificate: Adding certificate issuer\n"); + rc = createX509Name(&x509IssuerName, + issuerEntriesSize, + issuerEntries); + } + if (rc == 0) { + irc = X509_set_issuer_name(x509Certificate, x509IssuerName); + if (irc != 1) { + printf("startCertificate: Error setting certificate issuer\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add validity */ + if (rc == 0) { + if (tssUtilsVerbose) printf("startCertificate: Adding certificate validity\n"); + } + if (rc == 0) { + /* can't fail, just returns a structure member */ + ASN1_TIME *notBefore = X509_get_notBefore(x509Certificate); + arc = X509_gmtime_adj(notBefore ,0L); /* set to today */ + if (arc == NULL) { + printf("startCertificate: Error setting notBefore time\n"); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + /* can't fail, just returns a structure member */ + ASN1_TIME *notAfter = X509_get_notAfter(x509Certificate); + arc = X509_gmtime_adj(notAfter, CERT_DURATION); /* set to duration */ + if (arc == NULL) { + printf("startCertificate: Error setting notAfter time\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* add subject */ + if (rc == 0) { + if (tssUtilsVerbose) printf("startCertificate: Adding certificate subject\n"); + rc = createX509Name(&x509SubjectName, + subjectEntriesSize, + subjectEntries); + } + if (rc == 0) { + irc = X509_set_subject_name(x509Certificate, x509SubjectName); + if (irc != 1) { + printf("startCertificate: Error setting certificate subject\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* cleanup */ + X509_NAME_free(x509IssuerName); /* @1 */ + X509_NAME_free(x509SubjectName); /* @2 */ + BN_free(x509SerialBN); /* @3 */ + return rc; +} + +/* createX509Name() create an X509 name (issuer or subject) from a pointer to issuer or subject + entries + +*/ + +TPM_RC createX509Name(X509_NAME **x509Name, + size_t entriesSize, + char **entries) +{ + TPM_RC rc = 0; /* general return code */ + int irc; /* integer return code */ + size_t i; + X509_NAME_ENTRY *nameEntry; /* single field of the name */ + + nameEntry = NULL; + + /* Precalculate the openssl nids, into global table */ + if (rc == 0) { + rc = calculateNid(); + } + if (rc == 0) { + *x509Name = X509_NAME_new(); + if (*x509Name == NULL) { + printf("createX509Name: Error in X509_NAME_new()\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + for (i=0 ; (i < entriesSize) && (rc == 0) ; i++) { + if ((rc == 0) && (entries[i] != NULL)) { + nameEntry = + X509_NAME_ENTRY_create_by_NID(NULL, /* caller creates object */ + certificateName[i].nid, + MBSTRING_ASC, /* character encoding */ + (unsigned char *)entries[i], /* to add */ + -1); /* length, -1 is C string */ + + if (nameEntry == NULL) { + printf("createX509Name: Error creating entry for %s\n", + certificateName[i].key); + rc = TSS_RC_X509_ERROR; + } + } + if ((rc == 0) && (entries[i] != NULL)) { + irc = X509_NAME_add_entry(*x509Name, /* add to issuer */ + nameEntry, /* add the entry */ + -1, /* location - append */ + 0); /* set - not multivalued */ + if (irc != 1) { + printf("createX509Name: Error adding entry for %s\n", + certificateName[i].key); + rc = TSS_RC_X509_ERROR; + } + } + X509_NAME_ENTRY_free(nameEntry); /* callee checks for NULL */ + nameEntry = NULL; + } + return rc; +} + +/* addCertExtension() adds the extension type 'nid' to the X509 certificate + + */ + +TPM_RC addCertExtension(X509 *x509Certificate, int nid, const char *value) +{ + TPM_RC rc = 0; + X509_EXTENSION *extension = NULL; /* freed @1 */ + + if (rc == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 + /* the cast is required for the older openssl 1.0 API */ + extension = X509V3_EXT_conf_nid(NULL, NULL, /* freed @1 */ + nid, (char *)value); +#else + extension = X509V3_EXT_conf_nid(NULL, NULL, /* freed @1 */ + nid, value); +#endif + if (extension == NULL) { + printf("addCertExtension: Error creating nid %i extension %s\n", + nid, value); + rc = TSS_RC_X509_ERROR; + } + } + if (rc == 0) { + int irc = X509_add_ext(x509Certificate, /* the certificate */ + extension, /* the extension to add */ + -1); /* location - append */ + if (irc != 1) { + printf("addCertExtension: Error adding nid %i extension %s\n", + nid, value); + } + } + if (extension != NULL) { + X509_EXTENSION_free(extension); /* @1 */ + } + return rc; +} + +#ifndef TPM_TSS_NORSA + +/* addCertKeyRsa() adds the TPM RSA public key (the key to be certified) to the openssl X509 + certificate + +*/ + +TPM_RC addCertKeyRsa(X509 *x509Certificate, + const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa) /* key to be certified */ +{ + TPM_RC rc = 0; /* general return code */ + int irc; /* integer return code */ + EVP_PKEY *evpPubkey = NULL; /* EVP format public key to be certified */ + + if (tssUtilsVerbose) printf("addCertKeyRsa: add public key to certificate\n"); + /* convert from TPM key data format to openSSL RSA type */ + if (rc == 0) { + rc = convertRsaPublicToEvpPubKey(&evpPubkey, /* freed @1 */ + tpm2bRsa); + } + /* add the public key to the certificate */ + if (rc == 0) { + irc = X509_set_pubkey(x509Certificate, evpPubkey); + if (irc != 1) { + printf("addCertKeyRsa: Error adding public key to certificate\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* cleanup */ + if (evpPubkey != NULL) { + EVP_PKEY_free(evpPubkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOECC + +/* addCertKeyEcc() adds the TPM ECC public key (the key to be certified) to the openssl X509 + certificate + +*/ + +TPM_RC addCertKeyEcc(X509 *x509Certificate, + const TPMS_ECC_POINT *tpmsEccPoint) +{ + TPM_RC rc = 0; /* general return code */ + int irc; + EVP_PKEY *evpPubkey = NULL; /* EVP format public key to be certified */ + + /* convert EC TPMS_ECC_POINT to an EVP_PKEY */ + if (rc == 0) { + rc = convertEcPublicToEvpPubKey(&evpPubkey, /* freed @1 */ + tpmsEccPoint); + } + /* add the public key to the certificate */ + if (rc == 0) { + irc = X509_set_pubkey(x509Certificate, evpPubkey); + if (irc != 1) { + printf("addCertKeyEcc: Error adding public key to certificate\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* cleanup */ + if (evpPubkey != NULL) { + EVP_PKEY_free(evpPubkey); /* @1 */ + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +/* addCertSignatureRoot() uses the openSSL root key to sign the X509 certificate. + + As a sanity check, it verifies the certificate. +*/ + +TPM_RC addCertSignatureRoot(X509 *x509Certificate, /* certificate to be signed */ + const char *caKeyFileName, /* openSSL root CA key password */ + const char *caKeyPassword) +{ + TPM_RC rc = 0; /* general return code */ + int irc; /* integer return code */ + FILE *fp = NULL; + /* signing key */ + const EVP_MD *digest = NULL; /* signature digest algorithm */ + EVP_PKEY *evpSignkey; /* EVP format */ + + evpSignkey = NULL; /* freed @1 */ + + /* open the CA signing key file */ + if (rc == 0) { + fp = fopen(caKeyFileName,"r"); + if (fp == NULL) { + printf("addCertSignatureRoot: Error, Cannot open %s\n", caKeyFileName); + rc = TSS_RC_FILE_OPEN; + } + } + /* convert the CA signing key from PEM to EVP_PKEY format */ + if (rc == 0) { + evpSignkey = PEM_read_PrivateKey(fp, NULL, NULL, (void *)caKeyPassword); + if (evpSignkey == NULL) { + printf("addCertSignatureRoot: Error calling PEM_read_PrivateKey() from %s\n", + caKeyFileName); + rc = TSS_RC_FILE_READ; + } + } + /* close the CA signing key file */ + if (fp != NULL) { + fclose(fp); + } + /* set the certificate signature digest algorithm */ + if (rc == 0) { + digest = EVP_sha256(); /* no error return */ + } + /* sign the certificate with the root CA signing key */ + if (rc == 0) { + if (tssUtilsVerbose) printf("addCertSignatureRoot: Signing the certificate\n"); + irc = X509_sign(x509Certificate, evpSignkey, digest); + if (irc == 0) { /* returns signature size, 0 on error */ + printf("addCertSignature: Error signing certificate\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* verify the signature */ + if (rc == 0) { + if (tssUtilsVerbose) printf("addCertSignatureRoot: Verifying the certificate\n"); + irc = X509_verify(x509Certificate, evpSignkey); + if (irc != 1) { + printf("addCertSignatureRoot: Error verifying certificate\n"); + rc = TSS_RC_X509_ERROR; + } + } + /* cleanup */ + if (evpSignkey != NULL) { + EVP_PKEY_free(evpSignkey); /* @1 */ + } + return rc; +} + +#ifdef TPM_TPM20 + +/* processRoot() validates the certificate at ekCertIndex against the root CA certificates at + rootFilename. + */ + +#ifndef TPM_TSS_NOFILE + +TPM_RC processRoot(TSS_CONTEXT *tssContext, + TPMI_RH_NV_INDEX ekCertIndex, + const char *rootFilename[], + unsigned int rootFileCount, + int print) +{ + TPM_RC rc = 0; + void *ekCertificate = NULL; /* freed @1 */ + + /* read the EK X509 certificate from NV */ + if (rc == 0) { + rc = getIndexX509Certificate(tssContext, + &ekCertificate, /* freed @1 */ + ekCertIndex); + if (rc != 0) { + printf("processRoot: No EK certificate\n"); + } + } + if (rc == 0) { + rc = verifyCertificate(ekCertificate, + rootFilename, + rootFileCount, + print); + if (rc != 0) { + printf("processRoot: EK certificate did not verify\n"); + } + } + if (ekCertificate != NULL) { + X509_free(ekCertificate); /* @1 */ + } + return rc; +} + +#endif + +/* processCreatePrimary() combines the EK nonce and EK template from NV to form the + createprimary input. It creates the primary key. + + ekCertIndex determines whether an RSA or ECC key is created. + + If nonce is NULL, the default IWG templates are used. If nonce is non-NULL, the nonce and + tpmtPublicIn are used. + + After returning the TPMT_PUBLIC, flushes the primary key unless noFlush is TRUE. If noFlush is + FALSE, returns the loaded handle, else returns TPM_RH_NULL. +*/ + +TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext, + TPM_HANDLE *keyHandle, /* primary key handle */ + TPMI_RH_NV_INDEX ekCertIndex, + unsigned char *nonce, + uint16_t nonceSize, + TPMT_PUBLIC *tpmtPublicIn, /* template */ + TPMT_PUBLIC *tpmtPublicOut, /* primary key */ + unsigned int noFlush, /* TRUE - don't flush the primary key */ + int print) +{ + TPM_RC rc = 0; + CreatePrimary_In inCreatePrimary; + CreatePrimary_Out outCreatePrimary; + + /* sanity check nonce size (should never happen on HW TPM) */ + if ((rc == 0) && (nonce != NULL)) { + if (ekCertIndex == EK_CERT_RSA_INDEX) { /* RSA primary key */ + if (nonceSize > 256) { + printf("processCreatePrimary: RSA NV nonce size %u > 256\n", nonceSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + else { /* EC primary key */ + if (nonceSize > 32) { + printf("processCreatePrimary: EC NV nonce size %u > 32\n", nonceSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* set up the createprimary in parameters */ + if (rc == 0) { + inCreatePrimary.primaryHandle = TPM_RH_ENDORSEMENT; + inCreatePrimary.inSensitive.sensitive.userAuth.t.size = 0; + inCreatePrimary.inSensitive.sensitive.data.t.size = 0; + /* creation data */ + inCreatePrimary.outsideInfo.t.size = 0; + inCreatePrimary.creationPCR.count = 0; + } + /* construct the template from the NV template and nonce */ + if ((rc == 0) && (nonce != NULL)) { + inCreatePrimary.inPublic.publicArea = *tpmtPublicIn; + if (ekCertIndex == EK_CERT_RSA_INDEX) { /* RSA primary key */ + /* unique field is 256 bytes */ + inCreatePrimary.inPublic.publicArea.unique.rsa.t.size = 256; + /* first part is nonce */ + memcpy(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer, nonce, nonceSize); + /* padded with zeros */ + memset(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer + nonceSize, 0, + 256 - nonceSize); + } + else { /* EC primary key */ + /* unique field is X and Y points */ + /* X gets nonce and pad */ + inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.size = 32; + memcpy(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer, nonce, nonceSize); + memset(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer + nonceSize, 0, + 32 - nonceSize); + /* Y gets zeros */ + inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.size = 32; + memset(inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.buffer, 0, 32); + } + } + /* construct the template from the default IWG template */ + if ((rc == 0) && (nonce == NULL)) { + if (ekCertIndex == EK_CERT_RSA_INDEX) { /* RSA primary key */ + getRsaTemplate(&inCreatePrimary.inPublic.publicArea); + } + else { /* EC primary key */ + getEccTemplate(&inCreatePrimary.inPublic.publicArea); + } + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&outCreatePrimary, + (COMMAND_PARAMETERS *)&inCreatePrimary, + NULL, + TPM_CC_CreatePrimary, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("createprimary: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + } + } + /* return the primary key */ + if (rc == 0) { + *tpmtPublicOut = outCreatePrimary.outPublic.publicArea; + } + /* flush the primary key */ + if (rc == 0) { + if (!noFlush) { /* flush the primary key */ + FlushContext_In inFlushContext; + *keyHandle = TPM_RH_NULL; + inFlushContext.flushHandle = outCreatePrimary.objectHandle; + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&inFlushContext, + NULL, + TPM_CC_FlushContext, + TPM_RH_NULL, NULL, 0); + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("flushcontext: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + } + } + else { /* not flushed, return the handle */ + *keyHandle = outCreatePrimary.objectHandle; + } + } + /* trace the public key */ + if (rc == 0) { + if (ekCertIndex == EK_CERT_RSA_INDEX) { + if (print) TSS_PrintAll("createprimary: RSA public key", + outCreatePrimary.outPublic.publicArea.unique.rsa.t.buffer, + outCreatePrimary.outPublic.publicArea.unique.rsa.t.size); + } + else { + if (print) TSS_PrintAll("createprimary: ECC public key x", + outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.buffer, + outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.size); + if (print) TSS_PrintAll("createprimary: ECC public key y", + outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.buffer, + outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.size); + } + } + return rc; +} + +/* processValidatePrimary() compares the public key in the EK certificate to the public key output + of createprimary. */ + +TPM_RC processValidatePrimary(uint8_t *publicKeyBin, /* from certificate */ + int publicKeyBytes, + TPMT_PUBLIC *tpmtPublic, /* primary key */ + TPMI_RH_NV_INDEX ekCertIndex, + int print) +{ + TPM_RC rc = 0; + + print = print; + /* compare the X509 certificate public key to the createprimary public key */ + switch (ekCertIndex) { +#ifndef TPM_TSS_NORSA + case EK_CERT_RSA_INDEX: + { + int irc; + /* RSA just has a public modulus */ + if (rc == 0) { + if (tpmtPublic->unique.rsa.t.size != publicKeyBytes) { + printf("processValidatePrimary: " + "X509 certificate key length %u does not match output of createprimary %u\n", + publicKeyBytes, + tpmtPublic->unique.rsa.t.size); + rc = TPM_RC_INTEGRITY; + } + } + if (rc == 0) { + irc = memcmp(publicKeyBin, + tpmtPublic->unique.rsa.t.buffer, + publicKeyBytes); + if (irc != 0) { + printf("processValidatePrimary: " + "Public key from X509 certificate does not match output of createprimary\n"); + rc = TPM_RC_INTEGRITY; + } + } + } + break; +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + case EK_CERT_EC_INDEX: + { + int irc; + /* ECC has X and Y points */ + /* compression algorithm is the extra byte at the beginning of the certificate */ + if (rc == 0) { + if (tpmtPublic->unique.ecc.x.t.size + + tpmtPublic->unique.ecc.y.t.size + 1 + != publicKeyBytes) { + printf("processValidatePrimary: " + "X509 certificate key length %u does not match " + "output of createprimary x %u +y %u\n", + publicKeyBytes, + tpmtPublic->unique.ecc.x.t.size, + tpmtPublic->unique.ecc.y.t.size); + rc = TPM_RC_INTEGRITY; + } + } + /* check X */ + if (rc == 0) { + irc = memcmp(publicKeyBin +1, + tpmtPublic->unique.ecc.x.t.buffer, + tpmtPublic->unique.ecc.x.t.size); + if (irc != 0) { + printf("processValidatePrimary: " + "Public key X from X509 certificate does not match " + "output of createprimary\n"); + rc = TPM_RC_INTEGRITY; + } + } + /* check Y */ + if (rc == 0) { + irc = memcmp(publicKeyBin + 1 + tpmtPublic->unique.ecc.x.t.size, + tpmtPublic->unique.ecc.y.t.buffer, + tpmtPublic->unique.ecc.y.t.size); + if (irc != 0) { + printf("processValidatePrimary: " + "Public key Y from X509 certificate does not match " + "output of createprimary\n"); + rc = TPM_RC_INTEGRITY; + } + } + } + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("processValidatePrimary: " + "ekCertIndex %08x (asymmetric algorithm) not supported\n", ekCertIndex); + rc = TPM_RC_INTEGRITY; + break; + } + if (rc == 0) { + if (print) printf("processValidatePrimary: " + "Public key from X509 certificate matches output of createprimary\n"); + } + return rc; +} + +/* processPrimary() reads the EK nonce and EK template from NV. It combines them to form the + createprimary input. It creates the primary key. + + It reads the EK certificate from NV. It extracts the public key. + + Finally, it compares the public key in the certificate to the public key output of createprimary. +*/ + +TPM_RC processPrimary(TSS_CONTEXT *tssContext, + TPM_HANDLE *keyHandle, /* primary key handle */ + TPMI_RH_NV_INDEX ekCertIndex, + TPMI_RH_NV_INDEX ekNonceIndex, + TPMI_RH_NV_INDEX ekTemplateIndex, + unsigned int noFlush, /* TRUE - don't flush the primary key */ + int print) +{ + TPM_RC rc = 0; + void *ekCertificate = NULL; + unsigned char *nonce = NULL; + uint16_t nonceSize; + TPMT_PUBLIC tpmtPublicIn; /* template */ + TPMT_PUBLIC tpmtPublicOut; /* primary key */ + uint8_t *publicKeyBin = NULL; /* from certificate */ + int publicKeyBytes; + int validate = FALSE; /* validate the certificate */ + + /* get the EK nonce */ + if (rc == 0) { + rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, print); /* freed @1 */ + if ((rc & 0xff) == TPM_RC_HANDLE) { + if (print) printf("processPrimary: EK nonce not found, use default template\n"); + rc = 0; + } + } + if (rc == 0) { + /* if the nonce was found, get the EK template */ + if (nonce != NULL) { + rc = processEKTemplate(tssContext, &tpmtPublicIn, ekTemplateIndex, print); + } + } + /* create the primary key */ + if (rc == 0) { + rc = processCreatePrimary(tssContext, + keyHandle, + ekCertIndex, + nonce, nonceSize, /* EK nonce, can be NULL */ + &tpmtPublicIn, /* template */ + &tpmtPublicOut, /* primary key */ + noFlush, + print); + } + /* validate against the certificate if the algorithm is compiled in */ + if (rc == 0) { +#ifndef TPM_TSS_NORSA + if (ekCertIndex == EK_CERT_RSA_INDEX) { + validate = TRUE; + } +#endif /* TPM_TSS_NORSA */ +#ifndef TPM_TSS_NOECC + if (ekCertIndex == EK_CERT_EC_INDEX) { + validate = TRUE; + } +#endif /* TPM_TSS_NOECC */ + } + /* get the EK certificate */ + if ((rc == 0) && validate) { + rc = processEKCertificate(tssContext, + &ekCertificate, /* freed @2 */ + &publicKeyBin, &publicKeyBytes, /* freed @3 */ + ekCertIndex, + print); + } + /* compare the public key in the EK certificate to the public key output */ + if ((rc == 0) && validate) { + rc = processValidatePrimary(publicKeyBin, /* certificate */ + publicKeyBytes, + &tpmtPublicOut, /* primary key */ + ekCertIndex, + print); + } + if ((rc == 0) && validate) { + if (print) printf("Public key from X509 certificate matches output of createprimary\n"); + } + free(nonce); /* @1 */ + if (ekCertificate != NULL) { + X509_free(ekCertificate); /* @2 */ + } + free(publicKeyBin); /* @3 */ + return rc; +} + +#endif /* TPM20 */ + diff --git a/libstb/tss2/ibmtpm20tss/utils/ekutils.h b/libstb/tss2/ibmtpm20tss/utils/ekutils.h new file mode 100644 index 000000000000..bffde5371468 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ekutils.h @@ -0,0 +1,258 @@ +/********************************************************************************/ +/* */ +/* IWG EK Index Parsing Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef EKUTILS_H +#define EKUTILS_H + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#ifndef TPM_TSS_NO_OPENSSL +#include +#include +#include +#endif /* TPM_TSS_NO_OPENSSL */ + +#include + +/* legacy TCG IWG NV indexes */ + +#define EK_CERT_RSA_INDEX 0x01c00002 +#define EK_NONCE_RSA_INDEX 0x01c00003 +#define EK_TEMPLATE_RSA_INDEX 0x01c00004 + +#define EK_CERT_EC_INDEX 0x01c0000a +#define EK_NONCE_EC_INDEX 0x01c0000b +#define EK_TEMPLATE_EC_INDEX 0x01c0000c + +#define MAX_ROOTS 100 /* 100 should be more than enough */ + +#ifdef __cplusplus +extern "C" { +#endif + + /* + crypto library independent functions + */ + + TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext, + uint32_t *nvBufferMax); + TPM_RC getIndexSize(TSS_CONTEXT *tssContext, + uint16_t *dataSize, + TPMI_RH_NV_INDEX nvIndex); + TPM_RC getIndexData(TSS_CONTEXT *tssContext, + unsigned char **buffer, + TPMI_RH_NV_INDEX nvIndex, + uint16_t dataSize); + TPM_RC getIndexContents(TSS_CONTEXT *tssContext, + unsigned char **buffer, + uint16_t *bufferSize, + TPMI_RH_NV_INDEX nvIndex); + void getRsaTemplate(TPMT_PUBLIC *tpmtPublic); + void getEccTemplate(TPMT_PUBLIC *tpmtPublic); + TPM_RC getRootCertificateFilenames(char *rootFilename[], + unsigned int *rootFileCount, + const char *listFilename, + int print); + TPM_RC processEKNonce(TSS_CONTEXT *tssContext, + unsigned char **nonce, + uint16_t *nonceSize, + TPMI_RH_NV_INDEX ekNonceIndex, + int print); + TPM_RC processEKTemplate(TSS_CONTEXT *tssContext, + TPMT_PUBLIC *tpmtPublic, + TPMI_RH_NV_INDEX ekTemplateIndex, + int print); + TPM_RC convertDerToX509(void **x509Certificate, + uint16_t readLength, + const unsigned char *readBuffer); + TPM_RC convertX509PemToDer(uint32_t *certLength, + unsigned char **certificate, + const char *pemCertificateFilename); + TPM_RC convertX509ToPem(const char *pemFilename, + void *x509); + void x509FreeStructure(void *x509); + void x509PrintStructure(void *x509); + TPM_RC processEKCertificate(TSS_CONTEXT *tssContext, + void **ekCertificate, + uint8_t **modulusBin, + int *modulusBytes, + TPMI_RH_NV_INDEX ekCertIndex, + int print); + TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext, + void **certificate, + TPMI_RH_NV_INDEX nvIndex); + TPM_RC convertCertificatePubKey(uint8_t **modulusBin, + int *modulusBytes, + void *ekCertificate, + TPMI_RH_NV_INDEX ekCertIndex, + int print); + TPM_RC createCertificate(char **x509CertString, + char **pemCertString, + uint32_t *certLength, + unsigned char **certificate, + TPMT_PUBLIC *tpmtPublic, + const char *caKeyFileName, + size_t issuerEntriesSize, + char **issuerEntries, + size_t subjectEntriesSize, + char **subjectEntries, + const char *caKeyPassword); + TPM_RC processRoot(TSS_CONTEXT *tssContext, + TPMI_RH_NV_INDEX ekCertIndex, + const char *rootFilename[], + unsigned int rootFileCount, + int print); + TPM_RC verifyCertificate(void *x509Certificate, + const char *rootFilename[], + unsigned int rootFileCount, + int print); + TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext, + TPM_HANDLE *keyHandle, + TPMI_RH_NV_INDEX ekCertIndex, + unsigned char *nonce, + uint16_t nonceSize, + TPMT_PUBLIC *tpmtPublicIn, + TPMT_PUBLIC *tpmtPublicOut, + unsigned int noFlush, + int print); + TPM_RC processValidatePrimary(uint8_t *publicKeyBin, + int publicKeyBytes, + TPMT_PUBLIC *tpmtPublic, + TPMI_RH_NV_INDEX ekCertIndex, + int print); + TPM_RC processPrimary(TSS_CONTEXT *tssContext, + TPM_HANDLE *keyHandle, + TPMI_RH_NV_INDEX ekCertIndex, + TPMI_RH_NV_INDEX ekNonceIndex, + TPMI_RH_NV_INDEX ekTemplateIndex, + unsigned int noFlush, + int print); + + /* + deprecated OpenSSL specific functions + */ + +#ifndef TPM_TSS_NO_OPENSSL + + + uint32_t getPubkeyFromDerCertFile(RSA **rsaPkey, + X509 **x509, + const char *derCertificateFileName); + uint32_t getPubKeyFromX509Cert(RSA **rsaPkey, + X509 *x509); + TPM_RC getCaStore(X509_STORE **caStore, + X509 *caCert[], + const char *rootFilename[], + unsigned int rootFileCount); + TPM_RC verifyKeyUsage(X509 *ekX509Certificate, + int pkeyType, + int print); + TPM_RC convertX509ToDer(uint32_t *certLength, + unsigned char **certificate, + X509 *x509Certificate); +#ifndef TPM_TSS_NOECC + TPM_RC convertX509ToEc(EC_KEY **ecKey, + X509 *x509); +#endif /* TPM_TSS_NOECC */ + TPM_RC convertX509ToDer(uint32_t *certLength, + unsigned char **certificate, + X509 *x509Certificate); + TPM_RC convertPemToX509(X509 **x509, + const char *pemCertificateFilename); + TPM_RC convertPemMemToX509(X509 **x509, + const char *pemCertificate); + TPM_RC convertX509ToPemMem(char **pemString, + X509 *x509); + TPM_RC convertX509ToString(char **x509String, + X509 *x509); + TPM_RC convertCertificatePubKey12(uint8_t **modulusBin, + int *modulusBytes, + X509 *ekCertificate); + + /* certificate key to nid mapping array */ + + TPM_RC startCertificate(X509 *x509Certificate, + uint16_t keyLength, + const unsigned char *keyBuffer, + size_t issuerEntriesSize, + char **issuerEntries, + size_t subjectEntriesSize, + char **subjectEntries); + + typedef struct tdCertificateName + { + const char *key; + int nid; + } CertificateName; + + TPM_RC calculateNid(void); + TPM_RC createX509Name(X509_NAME **x509Name, + size_t entriesSize, + char **entries); + TPM_RC addCertExtension(X509 *x509Certificate, int nid, const char *value); + TPM_RC addCertKeyRsa(X509 *x509Certificate, + const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa); +#ifndef TPM_TSS_NOECC + TPM_RC addCertKeyEcc(X509 *x509Certificate, + const TPMS_ECC_POINT *tpmsEccPoint); +#endif /* TPM_TSS_NOECC */ + TPM_RC addCertSignatureRoot(X509 *x509Certificate, + const char *caKeyFileName, + const char *caKeyPassword); + TPM_RC TSS_RSAGetKey(const BIGNUM **n, + const BIGNUM **e, + const BIGNUM **d, + const BIGNUM **p, + const BIGNUM **q, + const RSA *rsaKey); + + int TSS_Pubkey_GetAlgorithm(EVP_PKEY *pkey); + + +#endif /* TPM_TSS_NO_OPENSSL */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/encryptdecrypt.c b/libstb/tss2/ibmtpm20tss/utils/encryptdecrypt.c new file mode 100644 index 000000000000..cd958a3b056f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/encryptdecrypt.c @@ -0,0 +1,363 @@ +/********************************************************************************/ +/* */ +/* EncryptDecrypt */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + + +static void printDecrypt(EncryptDecrypt_Out *out); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + EncryptDecrypt_In in; + EncryptDecrypt_Out out; + EncryptDecrypt2_In in2; + TPMI_DH_OBJECT keyHandle = 0; + const char *inFilename = NULL; + const char *outFilename = NULL; + TPMI_YES_NO decrypt = NO; + int two = FALSE; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + uint16_t written; + size_t length; + uint8_t *buffer = NULL; /* for the free */ + uint8_t *buffer1 = NULL; /* for marshaling */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (inFilename == NULL) { + printf("Missing encrypted message -if\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + inFilename); + } + if (rc == 0) { + if (length > sizeof(in.inData.t.buffer)) { + printf("Input data too long %u\n", (uint32_t)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + if (!two) { /* use TPM_CC_EncryptDecrypt */ + /* the symmetric key used for the operation */ + in.keyHandle = keyHandle; + /* if YES, then the operation is decryption; if NO, the operation is encryption */ + in.decrypt = decrypt; + /* symmetric mode */ + in.mode = TPM_ALG_NULL; + /* an initial value as required by the algorithm */ + in.ivIn.t.size = MAX_SYM_BLOCK_SIZE; + memset(in.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE); + /* the data to be encrypted/decrypted */ + in.inData.t.size = (uint16_t)length; + if (length > 0) { /* if length is 0, buffer is NULL */ + memcpy(in.inData.t.buffer, buffer, length); + } + } + else { + /* the symmetric key used for the operation */ + in2.keyHandle = keyHandle; + /* if YES, then the operation is decryption; if NO, the operation is encryption */ + in2.decrypt = decrypt; + /* symmetric mode */ + in2.mode = TPM_ALG_NULL; + /* an initial value as required by the algorithm */ + in2.ivIn.t.size = MAX_SYM_BLOCK_SIZE; + memset(in2.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE); + /* the data to be encrypted/decrypted */ + in2.inData.t.size = (uint16_t)length; + if (length > 0) { /* if length is 0, buffer is NULL */ + memcpy(in2.inData.t.buffer, buffer, length); + } + } + } + free (buffer); /* @1 */ + buffer = NULL; + + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + if (!two) { /* use TPM_CC_EncryptDecrypt */ + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_EncryptDecrypt, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + else { /* use TPM_CC_EncryptDecrypt2 */ + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in2, + NULL, + TPM_CC_EncryptDecrypt2, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (outFilename != NULL)) { + written = 0; + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&out.outData, &written, NULL, NULL); + } + if ((rc == 0) && (outFilename != NULL)) { + buffer = realloc(buffer, written); /* freed @2 */ + buffer1 = buffer; + written = 0; + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&out.outData, &written, &buffer1, NULL); + } + if ((rc == 0) && (outFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), + written - sizeof(uint16_t), + outFilename); + } + free(buffer); /* @2 */ + if (rc == 0) { + if (tssUtilsVerbose) printDecrypt(&out); + if (tssUtilsVerbose) printf("encryptdecrypt: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("encryptdecrypt: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printDecrypt(EncryptDecrypt_Out *out) +{ + TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("encryptdecrypt\n"); + printf("\n"); + printf("Runs TPM2_EncryptDecrypt\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t-pwdk\tpassword for key (default empty)\n"); + printf("\t-d\tdecrypt (default encrypt)\n"); + printf("\t-if\tinput file name\n"); + printf("\t[-of\toutput file name (default do not save)]\n"); + printf("\t[-2\tuse TPM2_EncryptDecrypt2]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/eventextend.c b/libstb/tss2/ibmtpm20tss/utils/eventextend.c new file mode 100644 index 000000000000..31b49d167782 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/eventextend.c @@ -0,0 +1,390 @@ +/********************************************************************************/ +/* */ +/* Extend an EVENT measurement file into PCRs */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* eventextend is test/demo code. It parses a TPM2 event log file and extends the measurements into + TPM PCRs or simulated PCRs. This simulates the actions that would be performed by BIOS / + firmware in a hardware platform. */ + +#include +#include +#include + +#include +#include +#include + +#include "eventlib.h" + +/* local prototypes */ + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char * argv[]) +{ + TPM_RC rc = 0; + int i = 0; + TSS_CONTEXT *tssContext = NULL; + const char *infilename = NULL; + FILE *infile = NULL; + int tpm = FALSE; /* extend into TPM */ + int sim = FALSE; /* extend into simulated PCRs */ + int nospec = FALSE; /* event log does not start with spec file */ + int noSpace = FALSE; + uint32_t bankNum = 0; /* PCR hash bank */ + unsigned int pcrNum = 0; /* PCR number iterator */ + TPMI_DH_PCR pcrMax = 7; + TPMT_HA simPcrs[HASH_COUNT][IMPLEMENTATION_PCR]; + TPMT_HA bootAggregates[HASH_COUNT]; + TCG_PCR_EVENT2 event2; /* TPM 2.0 event log entry */ + TCG_PCR_EVENT event; /* TPM 1.2 event log entry */ + TCG_EfiSpecIDEvent specIdEvent; + unsigned int lineNum; + int endOfFile = FALSE; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; i HASH_COUNT) { + printf("specIdEvent.numberOfAlgorithms %u greater than %u\n", + specIdEvent.numberOfAlgorithms, HASH_COUNT); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* trace the specIdEvent event */ + if ((rc == 0) && !nospec && !endOfFile && tssUtilsVerbose) { + TSS_SpecIdEvent_Trace(&specIdEvent); + } + /* Start a TSS context */ + if ((rc == 0) && tpm) { + rc = TSS_Create(&tssContext); + } + /* initialize simulated PCRs */ + if ((rc == 0) && sim) { + if (specIdEvent.numberOfAlgorithms > HASH_COUNT) { + printf("specIdEvent.numberOfAlgorithms %u greater than %u\n", + specIdEvent.numberOfAlgorithms, HASH_COUNT); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* simulated BIOS PCRs start at zero at boot */ + if ((rc == 0) && sim) { + for (bankNum = 0 ; bankNum < specIdEvent.numberOfAlgorithms ; bankNum++) { + bootAggregates[bankNum].hashAlg = specIdEvent.digestSizes[bankNum].algorithmId; + for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) { + /* initialize each algorithm ID based on the specIdEvent */ + simPcrs[bankNum][pcrNum].hashAlg = specIdEvent.digestSizes[bankNum].algorithmId; + memset(&simPcrs[bankNum][pcrNum].digest.tssmax, 0, sizeof(TPMU_HA)); + } + } + } + /* scan each measurement 'line' in the binary */ + for (lineNum = 1 ; (rc == 0) && !endOfFile ; lineNum++) { + + /* read a TPM 2.0 hash agile event line */ + if (rc == 0) { + rc = TSS_EVENT2_Line_Read(&event2, &endOfFile, infile); + } + /* debug tracing */ + if ((rc == 0) && !endOfFile && tssUtilsVerbose) { + printf("\neventextend: line %u\n", lineNum); + TSS_EVENT2_Line_Trace(&event2); + } + /* don't extend no action events */ + if ((rc == 0) && !endOfFile) { + if (event2.eventType == EV_NO_ACTION) { + continue; + } + } + if ((rc == 0) && !endOfFile && tpm) { /* extend TPM */ + PCR_Extend_In in; + PCR_Read_In pcrReadIn; + PCR_Read_Out pcrReadOut; + + if (rc == 0) { + in.pcrHandle = event2.pcrIndex; + in.digests = event2.digests; + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + } + /* for debug, read back and trace the PCR value after the extend */ + if ((rc == 0) && tssUtilsVerbose) { + pcrReadIn.pcrSelectionIn.count = 1; + pcrReadIn.pcrSelectionIn.pcrSelections[0].hash = + event2.digests.digests[0].hashAlg; + pcrReadIn.pcrSelectionIn.pcrSelections[0].sizeofSelect = 3; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[0] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[1] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[2] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[event2.pcrIndex / 8] = + 1 << (event2.pcrIndex % 8); + + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&pcrReadOut, + (COMMAND_PARAMETERS *)&pcrReadIn, + NULL, + TPM_CC_PCR_Read, + TPM_RH_NULL, NULL, 0); + } + if ((rc == 0) && tssUtilsVerbose) { + TSS_PrintAll("PCR digest", + pcrReadOut.pcrValues.digests[0].t.buffer, + pcrReadOut.pcrValues.digests[0].t.size); + } + } + if ((rc == 0) && !endOfFile && sim) { /* extend simulated PCRs */ + rc = TSS_EVENT2_PCR_Extend(simPcrs, &event2); + } + } + { + if (tpm) { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + } + if ((rc == 0) && sim) { + for (bankNum = 0 ; (rc == 0) && (bankNum < specIdEvent.numberOfAlgorithms) ; bankNum++) { + /* trace the virtual PCRs */ + if (rc == 0) { + char pcrString[9]; /* PCR number */ + + printf("\n"); + TSS_TPM_ALG_ID_Print("algorithmId", specIdEvent.digestSizes[bankNum].algorithmId, 0); + for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) { + sprintf(pcrString, "PCR %02u:", pcrNum); + if (!noSpace) { + /* TSS_PrintAllLogLevel() with a log level of LOGLEVEL_INFO to print the byte + array on one line with no length */ + TSS_PrintAllLogLevel(LOGLEVEL_INFO, pcrString, 1, + simPcrs[bankNum][pcrNum].digest.tssmax, + specIdEvent.digestSizes[bankNum].digestSize); + } + else { /* print with no spaces */ + uint32_t bp; + printf("PCR %02u: ", pcrNum); + for (bp = 0 ; bp < specIdEvent.digestSizes[bankNum].digestSize ; bp++) { + printf("%02x", simPcrs[bankNum][pcrNum].digest.tssmax[bp]); + } + printf("\n"); + } + } + } + /* calculate the boot aggregate, hash of PCR 0-7 */ + if (rc == 0) { + int length[IMPLEMENTATION_PCR]; + size_t j; + for (j = 0 ; j < IMPLEMENTATION_PCR ; j++) { + if (j <= pcrMax) { /* include PCRs up to here */ + length[j] = specIdEvent.digestSizes[bankNum].digestSize; + } + else { + length[j] = 0; /* exclude PCRs after to here */ + } + } + rc = TSS_Hash_Generate(&bootAggregates[bankNum], + length[0], &simPcrs[bankNum][0].digest.tssmax, + length[1], &simPcrs[bankNum][1].digest.tssmax, + length[2], &simPcrs[bankNum][2].digest.tssmax, + length[3], &simPcrs[bankNum][3].digest.tssmax, + length[4], &simPcrs[bankNum][4].digest.tssmax, + length[5], &simPcrs[bankNum][5].digest.tssmax, + length[6], &simPcrs[bankNum][6].digest.tssmax, + length[7], &simPcrs[bankNum][7].digest.tssmax, + length[8], &simPcrs[bankNum][8].digest.tssmax, + length[9], &simPcrs[bankNum][9].digest.tssmax, + length[10], &simPcrs[bankNum][10].digest.tssmax, + length[11], &simPcrs[bankNum][11].digest.tssmax, + length[12], &simPcrs[bankNum][12].digest.tssmax, + length[13], &simPcrs[bankNum][13].digest.tssmax, + length[14], &simPcrs[bankNum][14].digest.tssmax, + length[15], &simPcrs[bankNum][15].digest.tssmax, + length[16], &simPcrs[bankNum][16].digest.tssmax, + length[17], &simPcrs[bankNum][17].digest.tssmax, + length[18], &simPcrs[bankNum][18].digest.tssmax, + length[19], &simPcrs[bankNum][19].digest.tssmax, + length[20], &simPcrs[bankNum][20].digest.tssmax, + length[21], &simPcrs[bankNum][21].digest.tssmax, + length[22], &simPcrs[bankNum][22].digest.tssmax, + length[23], &simPcrs[bankNum][23].digest.tssmax, + 0, NULL); + } + /* trace the boot aggregate */ + if (rc == 0) { + if (!noSpace) { + TSS_PrintAllLogLevel(LOGLEVEL_INFO, "\nboot aggregate:", 1, + bootAggregates[bankNum].digest.tssmax, + specIdEvent.digestSizes[bankNum].digestSize); + } + else { /* print with no spaces */ + uint32_t bp; + printf("\nboot aggregate: "); + for (bp = 0 ; bp < specIdEvent.digestSizes[bankNum].digestSize ; bp++) { + printf("%02x", bootAggregates[bankNum].digest.tssmax[bp]); + } + printf("\n"); + } + } + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("eventextend: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("eventextend: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + if (infile != NULL) { + fclose(infile); + } + return rc; +} + +static void printUsage(void) +{ + printf("Usage: eventextend -if [-v]\n"); + printf("\n"); + printf("Extends a measurement file (binary) into a TPM or simulated PCRs\n"); + printf("\n"); + printf("\t-if\tfile containing the data to be extended\n"); + printf("\t[-nospec\tfile does not contain spec ID header (useful for incremental test)]\n"); + printf("\t[-tpm\textend TPM PCRs]\n"); + printf("\t[-sim\tcalculate simulated PCRs and boot aggregate]\n"); + printf("\t[-pcrmax\twith -sim, sets the highest PCR number to be used to calculate the\n" + "\t\tboot aggregate (default 7)]\n"); + printf("\t[-ns\tno space, no text, no newlines]\n"); + printf("\n"); + exit(-1); +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/eventlib.c b/libstb/tss2/ibmtpm20tss/utils/eventlib.c new file mode 100644 index 000000000000..b887e1122bac --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/eventlib.c @@ -0,0 +1,1095 @@ +/********************************************************************************/ +/* */ +/* TPM2 Measurement Log Common Routines */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include +#include +#include +#include +#ifndef TPM_TSS_NOCRYPTO +#include +#include +#endif /* TPM_TSS_NOCRYPTO */ +#include + +#include "eventlib.h" + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 +static uint16_t Uint16_Convert(uint16_t in); +#endif +static uint32_t Uint32_Convert(uint32_t in); +#endif /* TPM_TSS_NOFILE */ +static TPM_RC UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, uint32_t *size); +static TPM_RC UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, uint32_t *size); + +static void TSS_EVENT_EventType_Trace(uint32_t eventType); +static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize, + uint8_t **buffer, + uint32_t *size); +static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize); +static TPM_RC TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(TPML_DIGEST_VALUES *target, + BYTE **buffer, + uint32_t *size); +static TPM_RC TSS_TPMT_HA_LE_Unmarshalu(TPMT_HA *target, BYTE **buffer, + uint32_t *size, BOOL allowNull); +static TPM_RC TSS_TPMI_ALG_HASH_LE_Unmarshalu(TPMI_ALG_HASH *target, + BYTE **buffer, uint32_t *size, + BOOL allowNull); +static TPM_RC TSS_TPM_ALG_ID_LE_Unmarshalu(TPM_ALG_ID *target, + BYTE **buffer, uint32_t *size); +static TPM_RC TSS_TPMT_HA_LE_Marshalu(const TPMT_HA *source, uint16_t *written, + BYTE **buffer, uint32_t *size); +static TPM_RC TSS_TPML_DIGEST_VALUES_LE_Marshalu(const TPML_DIGEST_VALUES *source, + uint16_t *written, BYTE **buffer, + uint32_t *size); + +/* TSS_EVENT_Line_Read() reads a TPM 1.2 SHA-1 event line from a binary file inFile. + + */ + +#ifndef TPM_TSS_NOFILE +int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event, + int *endOfFile, + FILE *inFile) +{ + int rc = 0; + size_t readSize; + *endOfFile = FALSE; + + /* read the PCR index */ + if (rc == 0) { + readSize = fread(&(event->pcrIndex), + sizeof(((TCG_PCR_EVENT *)NULL)->pcrIndex), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("TSS_EVENT_Line_Read: Error, could not read pcrIndex, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->pcrIndex = Uint32_Convert(event->pcrIndex); + } + /* read the event type */ + if (!*endOfFile && (rc == 0)) { + readSize = fread(&(event->eventType), + sizeof(((TCG_PCR_EVENT *)NULL)->eventType), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT_Line_Read: Error, could not read eventType, returned %lu\n", + (unsigned long) readSize); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->eventType = Uint32_Convert(event->eventType); + } + /* read the digest */ + if (!*endOfFile && (rc == 0)) { + readSize = fread(&(event->digest), + sizeof(((TCG_PCR_EVENT *)NULL)->digest), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT_Line_Read: Error, could not read digest, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read the event data size */ + if (!*endOfFile && (rc == 0)) { + readSize = fread(&(event->eventDataSize), + sizeof(((TCG_PCR_EVENT *)NULL)->eventDataSize), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT_Line_Read: Error, could not read event data size, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->eventDataSize = Uint32_Convert(event->eventDataSize); + } + /* bounds check the event data length */ + if (!*endOfFile && (rc == 0)) { + if (event->eventDataSize > sizeof(((TCG_PCR_EVENT *)NULL)->event)) { + printf("TSS_EVENT_Line_Read: Error, event data length too big: %u\n", + event->eventDataSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read the event */ + if (!*endOfFile && (rc == 0)) { + memset(event->event , 0, sizeof(((TCG_PCR_EVENT *)NULL)->event)); + readSize = fread(&(event->event), + event->eventDataSize, 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT_Line_Read: Error, could not read event, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +/* TSS_EVENT_Line_Marshal() marshals a TCG_PCR_EVENT structure */ + +TPM_RC TSS_EVENT_Line_Marshal(TCG_PCR_EVENT *source, + uint16_t *written, uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->eventType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->digest, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->eventDataSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->event, source->eventDataSize, written, buffer, size); + } + return rc; +} + +/* TSS_EVENT_Line_Unmarshal() unmarshals a TCG_PCR_EVENT2 structure + + */ + +TPM_RC TSS_EVENT_Line_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->pcrIndex, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->eventType, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->digest, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->eventDataSize, buffer, size); + } + if (rc == 0) { + if (target->eventDataSize > sizeof(target->event)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventDataSize, buffer, size); + } + return rc; +} + +/* + * TSS_EVENT_Line_LE_Unmarshal() Unmarshal LE buffer into a target TCG_PCR_EVENT +*/ +TPM_RC TSS_EVENT_Line_LE_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->pcrIndex, buffer, size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->eventType, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->digest, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->eventDataSize, buffer, size); + } + if (rc == 0) { + if (target->eventDataSize > sizeof(target->event)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventDataSize, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO +/* TSS_EVENT_PCR_Extend() extends PCR digest with the digest from the TCG_PCR_EVENT event log + entry. +*/ + +TPM_RC TSS_EVENT_PCR_Extend(TPMT_HA pcrs[IMPLEMENTATION_PCR], + TCG_PCR_EVENT *event) +{ + TPM_RC rc = 0; + + /* validate PCR number */ + if (rc == 0) { + if (event->pcrIndex >= IMPLEMENTATION_PCR) { + printf("ERROR: TSS_EVENT_PCR_Extend: PCR number %u out of range\n", event->pcrIndex); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* process each event hash algorithm */ + if (rc == 0) { + pcrs[event->pcrIndex].hashAlg = TPM_ALG_SHA1; /* should already be initialized */ + if (rc == 0) { + rc = TSS_Hash_Generate(&pcrs[event->pcrIndex], + SHA1_DIGEST_SIZE, (uint8_t *)&pcrs[event->pcrIndex].digest, + SHA1_DIGEST_SIZE, &event->digest, + 0, NULL); + } + } + return rc; +} +#endif /* TPM_TSS_NOCRYPTO */ + +void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event) +{ + printf("TSS_EVENT_Line_Trace: PCR index %u\n", event->pcrIndex); + TSS_EVENT_EventType_Trace(event->eventType); + TSS_PrintAll("TSS_EVENT_Line_Trace: PCR", + event->digest, sizeof(((TCG_PCR_EVENT *)NULL)->digest)); + TSS_PrintAll("TSS_EVENT_Line_Trace: event", + event->event, event->eventDataSize); + if (event->eventType == EV_IPL) { /* this event appears to be printable strings */ + printf(" %.*s\n", event->eventDataSize, event->event); + } + return; +} + +/* TSS_SpecIdEvent_Unmarshal() unmarshals the TCG_EfiSpecIDEvent structure. + + The size and buffer are not moved, since this is the only structure in the event. +*/ + +TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent, + uint32_t eventSize, + uint8_t *event) +{ + TPM_RC rc = 0; + uint32_t size = eventSize; /* copy, because size and buffer are not moved */ + uint8_t *buffer = event; + uint32_t i; + + if (rc == 0) { + rc = TSS_Array_Unmarshalu(specIdEvent->signature, sizeof(specIdEvent->signature), + &buffer, &size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&(specIdEvent->platformClass), &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specVersionMinor), &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specVersionMajor), &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specErrata), &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&(specIdEvent->uintnSize), &buffer, &size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&(specIdEvent->numberOfAlgorithms), &buffer, &size); + } + for (i = 0 ; (rc == 0) && (i < specIdEvent->numberOfAlgorithms) ; i++) { + rc = TSS_SpecIdEventAlgorithmSize_Unmarshal(&(specIdEvent->digestSizes[i]), + &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&(specIdEvent->vendorInfoSize), &buffer, &size); + } +#if 0 /* NOTE: Can never fail because vendorInfoSize is uint8_t and vendorInfo is 0xff bytes */ + if (rc == 0) { + if (specIdEvent->vendorInfoSize > sizeof(specIdEvent->vendorInfo)) { + rc = TPM_RC_SIZE; + } + } +#endif + if (rc == 0) { + rc = TSS_Array_Unmarshalu(specIdEvent->vendorInfo, specIdEvent->vendorInfoSize, + &buffer, &size); + } + return rc; +} + +/* TSS_SpecIdEventAlgorithmSize_Unmarshal() unmarshals the TCG_EfiSpecIdEventAlgorithmSize + structure */ + +static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize, + uint8_t **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = UINT16LE_Unmarshal(&(algSize->algorithmId), buffer, size); + } + if (rc == 0) { + rc = UINT16LE_Unmarshal(&(algSize->digestSize), buffer, size); + } + if (rc == 0) { + uint16_t mappedDigestSize = TSS_GetDigestSize(algSize->algorithmId); + if (mappedDigestSize != 0) { + if (mappedDigestSize != algSize->digestSize) { + printf("TSS_SpecIdEventAlgorithmSize_Unmarshal: " + "Error, inconsistent digest size, algorithm %04x size %u\n", + algSize->algorithmId, algSize->digestSize); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + } + return rc; +} + +void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent) +{ + uint32_t i; + + /* normal case */ + if (specIdEvent->signature[15] == '\0') { + printf("TSS_SpecIdEvent_Trace: signature: %s\n", specIdEvent->signature); + } + /* error case */ + else { + TSS_PrintAll("TSS_SpecIdEvent_Trace: signature", + specIdEvent->signature, sizeof(specIdEvent->signature)); + } + printf("TSS_SpecIdEvent_Trace: platformClass %08x\n", specIdEvent->platformClass); + printf("TSS_SpecIdEvent_Trace: specVersionMinor %02x\n", specIdEvent->specVersionMinor); + printf("TSS_SpecIdEvent_Trace: specVersionMajor %02x\n", specIdEvent->specVersionMajor); + printf("TSS_SpecIdEvent_Trace: specErrata %02x\n", specIdEvent->specErrata); + printf("TSS_SpecIdEvent_Trace: uintnSize %02x\n", specIdEvent->uintnSize); + printf("TSS_SpecIdEvent_Trace: numberOfAlgorithms %u\n", specIdEvent->numberOfAlgorithms); + for (i = 0 ; (i < specIdEvent->numberOfAlgorithms) ; i++) { + TSS_SpecIdEventAlgorithmSize_Trace(&(specIdEvent->digestSizes[i])); + } + /* try for a printable string */ + if (specIdEvent->vendorInfo[specIdEvent->vendorInfoSize-1] == '\0') { + printf("TSS_SpecIdEvent_Trace: vendorInfo: %s\n", specIdEvent->vendorInfo); + } + /* if not, trace the bytes */ + else { + TSS_PrintAll("TSS_SpecIdEvent_Trace: vendorInfo", + specIdEvent->vendorInfo, specIdEvent->vendorInfoSize); + } + return; +} + +static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize) +{ + printf("TSS_SpecIdEventAlgorithmSize_Trace: algorithmId %04x\n", algSize->algorithmId); + printf("TSS_SpecIdEventAlgorithmSize_Trace: digestSize %u\n", algSize->digestSize); + return; +} + +#ifdef TPM_TPM20 +#ifndef TPM_TSS_NOFILE + +/* TSS_EVENT2_Line_Read() reads a TPM2 event line from a binary file inFile. + +*/ + +int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event, + int *endOfFile, + FILE *inFile) +{ + int rc = 0; + size_t readSize; + uint32_t maxCount; + uint32_t count; + + *endOfFile = FALSE; + /* read the PCR index */ + if (rc == 0) { + readSize = fread(&(event->pcrIndex), + sizeof(((TCG_PCR_EVENT2 *)NULL)->pcrIndex), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("TSS_EVENT2_Line_Read: Error, could not read pcrIndex, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->pcrIndex = Uint32_Convert(event->pcrIndex); + } + /* read the event type */ + if (!*endOfFile && (rc == 0)) { + readSize = fread(&(event->eventType), + sizeof(((TCG_PCR_EVENT2 *)NULL)->eventType), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: Error, could not read eventType, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->eventType = Uint32_Convert(event->eventType); + } + /* read the TPML_DIGEST_VALUES count */ + if (!*endOfFile && (rc == 0)) { + maxCount = sizeof((TPML_DIGEST_VALUES *)NULL)->digests / sizeof(TPMT_HA); + readSize = fread(&(event->digests.count), + sizeof(((TPML_DIGEST_VALUES *)NULL)->count), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: Error, could not read digest count, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->digests.count = Uint32_Convert(event->digests.count); + } + /* range check the digest count */ + if (!*endOfFile && (rc == 0)) { + if (event->digests.count > maxCount) { + printf("TSS_EVENT2_Line_Read: Error, digest count %u is greater than structure %u\n", + event->digests.count, maxCount); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (event->digests.count == 0) { + printf("TSS_EVENT2_Line_Read: Error, digest count is zero\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read all the TPMT_HA, loop through all the digest algorithms */ + for (count = 0 ; !*endOfFile && (count < event->digests.count) ; count++) { + uint16_t digestSize; + /* read the digest algorithm */ + if (rc == 0) { + readSize = fread(&(event->digests.digests[count].hashAlg), + sizeof((TPMT_HA *)NULL)->hashAlg, 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: " + "Error, could not read digest algorithm, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* do the endian conversion of the hash algorithm from stream to uint16_t */ + if (rc == 0) { + event->digests.digests[count].hashAlg = + Uint16_Convert(event->digests.digests[count].hashAlg); + } + /* map from the digest algorithm to the digest length */ + if (rc == 0) { + digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg); + if (digestSize == 0) { + printf("TSS_EVENT2_Line_Read: Error, unknown digest algorithm %04x*\n", + event->digests.digests[count].hashAlg); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read the digest */ + if (rc == 0) { + readSize = fread((uint8_t *)&(event->digests.digests[count].digest), + digestSize, 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: Error, could not read digest, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* read the event size */ + if (!*endOfFile && (rc == 0)) { + readSize = fread(&(event->eventSize), + sizeof(((TCG_PCR_EVENT2 *)NULL)->eventSize), 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: Error, could not read event size, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* do the endian conversion from stream to uint32_t */ + if (!*endOfFile && (rc == 0)) { + event->eventSize = Uint32_Convert(event->eventSize); + } + /* bounds check the event size */ + if (!*endOfFile && (rc == 0)) { + if (event->eventSize > sizeof(((TCG_PCR_EVENT2 *)NULL)->event)) { + printf("TSS_EVENT2_Line_Read: Error, event size too big: %u\n", + event->eventSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read the event */ + if (!*endOfFile && (event->eventSize > 0) && (rc == 0)) { + memset(event->event , 0, sizeof(((TCG_PCR_EVENT2 *)NULL)->event)); + readSize = fread(&(event->event), + event->eventSize, 1, inFile); + if (readSize != 1) { + printf("TSS_EVENT2_Line_Read: Error, could not read event, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + return rc; +} +#endif /* TPM_TSS_NOFILE */ + +/* TSS_EVENT2_Line_Marshal() marshals a TCG_PCR_EVENT2 structure */ + +TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source, + uint16_t *written, uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->eventType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_VALUES_Marshalu(&source->digests, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->eventSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu((uint8_t *)source->event, source->eventSize, written, buffer, size); + } + return rc; +} + +/* + * TSS_EVENT2_Line_LE_Marshal() Marshals a TSS_EVENT2 structure from HBO into LE + * and saves to buffer. + */ +TPM_RC TSS_EVENT2_Line_LE_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written, + uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32LE_Marshal(&source->pcrIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32LE_Marshal(&source->eventType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_VALUES_LE_Marshalu(&source->digests, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32LE_Marshal(&source->eventSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu((uint8_t *)source->event, source->eventSize, written, buffer, size); + } + return rc; +} + +/* TSS_EVENT2_Line_Unmarshal() unmarshals a TCG_PCR_EVENT2 structure */ + + +TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->pcrIndex, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->eventType, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->eventSize, buffer, size); + } + if (rc == 0) { + if (target->eventSize > sizeof(target->event)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventSize, buffer, size); + } + return rc; +} + +/* + * TSS_EVENT2_Line_LE_Unmarshal() Unmarshals an LE eventlog buffer and save to + * the target TCG_PCR_EVENT2 + */ +TPM_RC TSS_EVENT2_Line_LE_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->pcrIndex, buffer, size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->eventType, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(&target->digests, buffer, size); + } + if (rc == 0) { + rc = UINT32LE_Unmarshal(&target->eventSize, buffer, size); + } + if (rc == 0) { + if (target->eventSize > sizeof(target->event)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventSize, buffer, size); + } + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO +/* TSS_EVENT2_PCR_Extend() extends PCR digests with the digest from the TCG_PCR_EVENT2 event log + entry. +*/ + +TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[HASH_COUNT][IMPLEMENTATION_PCR], + TCG_PCR_EVENT2 *event2) +{ + TPM_RC rc = 0; + uint32_t i; /* iterator though hash algorithms */ + uint32_t bankNum = 0; /* iterator though PCR hash banks */ + + /* validate PCR number */ + if (rc == 0) { + if (event2->pcrIndex >= IMPLEMENTATION_PCR) { + printf("ERROR: TSS_EVENT2_PCR_Extend: PCR number %u out of range\n", event2->pcrIndex); + rc = 1; + } + } + /* validate event count */ + if (rc == 0) { + uint32_t maxCount = sizeof(((TPML_DIGEST_VALUES *)NULL)->digests) / sizeof(TPMT_HA); + if (event2->digests.count > maxCount) { + printf("ERROR: TSS_EVENT2_PCR_Extend: PCR count %u out of range, max %u\n", + event2->digests.count, maxCount); + rc = 1; + } + } + /* process each event hash algorithm */ + for (i = 0; (rc == 0) && (i < event2->digests.count) ; i++) { + /* find the matching PCR bank */ + for (bankNum = 0 ; (rc == 0) && (bankNum < event2->digests.count) ; bankNum++) { + if (pcrs[bankNum][0].hashAlg == event2->digests.digests[i].hashAlg) { + + uint16_t digestSize; + if (rc == 0) { + digestSize = TSS_GetDigestSize(event2->digests.digests[i].hashAlg); + if (digestSize == 0) { + printf("ERROR: TSS_EVENT2_PCR_Extend: hash algorithm %04hx unknown\n", + event2->digests.digests[i].hashAlg); + rc = 1; + } + } + if (rc == 0) { + rc = TSS_Hash_Generate(&pcrs[bankNum][event2->pcrIndex], + digestSize, + (uint8_t *)&pcrs[bankNum][event2->pcrIndex].digest, + digestSize, + &event2->digests.digests[i].digest, + 0, NULL); + } + } + } + } + return rc; +} +#endif /* TPM_TSS_NOCRYPTO */ +#endif /* TPM_TPM20 */ + +#ifndef TPM_TSS_NOFILE +#ifdef TPM_TPM20 + +/* Uint16_Convert() converts a little endian uint16_t (from an input stream) to host byte order + */ + +static uint16_t Uint16_Convert(uint16_t in) +{ + uint16_t out = 0; + unsigned char *inb = (unsigned char *)∈ + + /* little endian input */ + out = (inb[0] << 0) | + (inb[1] << 8); + return out; +} + +#endif + +/* Uint32_Convert() converts a little endian uint32_t (from an input stream) to host byte order + */ + +static uint32_t Uint32_Convert(uint32_t in) +{ + uint32_t out = 0; + unsigned char *inb = (unsigned char *)∈ + + /* little endian input */ + out = (inb[0] << 0) | + (inb[1] << 8) | + (inb[2] << 16) | + (inb[3] << 24); + return out; +} +#endif /* TPM_TSS_NOFILE */ + +/* UINT16LE_Unmarshal() unmarshals a little endian 2-byte array from buffer into a HBO uint16_t */ + +static TPM_RC +UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(uint16_t)) { + return TPM_RC_INSUFFICIENT; + } + *target = ((uint16_t)((*buffer)[0]) << 0) | + ((uint16_t)((*buffer)[1]) << 8); + *buffer += sizeof(uint16_t); + *size -= sizeof(uint16_t); + return TPM_RC_SUCCESS; +} + +/* UINT32LE_Unmarshal() unmarshals a little endian 4-byte array from buffer into a HBO uint32_t */ + +static TPM_RC +UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, uint32_t *size) +{ + if (*size < sizeof(uint32_t)) { + return TPM_RC_INSUFFICIENT; + } + *target = ((uint32_t)((*buffer)[0]) << 0) | + ((uint32_t)((*buffer)[1]) << 8) | + ((uint32_t)((*buffer)[2]) << 16) | + ((uint32_t)((*buffer)[3]) << 24); + *buffer += sizeof(uint32_t); + *size -= sizeof(uint32_t); + return TPM_RC_SUCCESS; +} + + +void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event) +{ + uint32_t count; + uint16_t digestSize; + printf("TSS_EVENT2_Line_Trace: PCR index %u\n", event->pcrIndex); + TSS_EVENT_EventType_Trace(event->eventType); + printf("TSS_EVENT2_Line_Trace: digest count %u\n", event->digests.count); + for (count = 0 ; count < event->digests.count ; count++) { + printf("TSS_EVENT2_Line_Trace: digest %u algorithm %04x\n", + count, event->digests.digests[count].hashAlg); + digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg); + TSS_PrintAll("TSS_EVENT2_Line_Trace: PCR", + (uint8_t *)&event->digests.digests[count].digest, digestSize); + } + TSS_PrintAll("TSS_EVENT2_Line_Trace: event", + event->event, event->eventSize); + return; +} + +/* tables to map eventType to text */ + +typedef struct { + uint32_t eventType; + const char *text; +} EVENT_TYPE_TABLE; + +const EVENT_TYPE_TABLE eventTypeTable [] = { + {EV_PREBOOT_CERT, "EV_PREBOOT_CERT"}, + {EV_POST_CODE, "EV_POST_CODE"}, + {EV_UNUSED, "EV_UNUSED"}, + {EV_NO_ACTION, "EV_NO_ACTION"}, + {EV_SEPARATOR, "EV_SEPARATOR"}, + {EV_ACTION, "EV_ACTION"}, + {EV_EVENT_TAG, "EV_EVENT_TAG"}, + {EV_S_CRTM_CONTENTS, "EV_S_CRTM_CONTENTS"}, + {EV_S_CRTM_VERSION, "EV_S_CRTM_VERSION"}, + {EV_CPU_MICROCODE, "EV_CPU_MICROCODE"}, + {EV_PLATFORM_CONFIG_FLAGS, "EV_PLATFORM_CONFIG_FLAGS"}, + {EV_TABLE_OF_DEVICES, "EV_TABLE_OF_DEVICES"}, + {EV_COMPACT_HASH, "EV_COMPACT_HASH"}, + {EV_IPL, "EV_IPL"}, + {EV_IPL_PARTITION_DATA, "EV_IPL_PARTITION_DATA"}, + {EV_NONHOST_CODE, "EV_NONHOST_CODE"}, + {EV_NONHOST_CONFIG, "EV_NONHOST_CONFIG"}, + {EV_NONHOST_INFO, "EV_NONHOST_INFO"}, + {EV_OMIT_BOOT_DEVICE_EVENTS, "EV_OMIT_BOOT_DEVICE_EVENTS"}, + {EV_EFI_EVENT_BASE, "EV_EFI_EVENT_BASE"}, + {EV_EFI_VARIABLE_DRIVER_CONFIG, "EV_EFI_VARIABLE_DRIVER_CONFIG"}, + {EV_EFI_VARIABLE_BOOT, "EV_EFI_VARIABLE_BOOT"}, + {EV_EFI_BOOT_SERVICES_APPLICATION, "EV_EFI_BOOT_SERVICES_APPLICATION"}, + {EV_EFI_BOOT_SERVICES_DRIVER, "EV_EFI_BOOT_SERVICES_DRIVER"}, + {EV_EFI_RUNTIME_SERVICES_DRIVER, "EV_EFI_RUNTIME_SERVICES_DRIVER"}, + {EV_EFI_GPT_EVENT, "EV_EFI_GPT_EVENT"}, + {EV_EFI_ACTION, "EV_EFI_ACTION"}, + {EV_EFI_PLATFORM_FIRMWARE_BLOB, "EV_EFI_PLATFORM_FIRMWARE_BLOB"}, + {EV_EFI_HANDOFF_TABLES, "EV_EFI_HANDOFF_TABLES"}, + {EV_EFI_HCRTM_EVENT, "EV_EFI_HCRTM_EVENT"}, + {EV_EFI_VARIABLE_AUTHORITY, "EV_EFI_VARIABLE_AUTHORITY"} +}; + +static void TSS_EVENT_EventType_Trace(uint32_t eventType) +{ + size_t i; + + for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) { + if (eventTypeTable[i].eventType == eventType) { + printf("TSS_EVENT_EventType_Trace: %08x %s\n", + eventTypeTable[i].eventType, eventTypeTable[i].text); + return; + } + } + printf("TSS_EVENT_EventType_Trace: %08x Unknown\n", eventType); + return; +} + +const char *TSS_EVENT_EventTypeToString(uint32_t eventType) +{ + const char *crc = NULL; + size_t i; + + for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) { + if (eventTypeTable[i].eventType == eventType) { + crc = eventTypeTable[i].text; + } + } + if (crc == NULL) { + crc = "Unknown event type"; + } + return crc; +} + +/* + * TSS_TPML_DIGEST_VALUES_LE_Unmarshalu() Unmarshals TPML_DIGEST_VALUES struct + * from a LE buffer into HBO data structure. This is similar to + * TSS_TPML_DIGEST_VALUES_Unmarshalu but it unrmarshals TPML_DIGEST_VALUES's + * count and the digests array members from LE instead of HBO. + */ + +static TPM_RC +TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t i; + if (rc == TPM_RC_SUCCESS) { + rc = UINT32LE_Unmarshal(&target->count, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > HASH_COUNT) { + rc = TPM_RC_SIZE; + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { + rc = TSS_TPMT_HA_LE_Unmarshalu(&target->digests[i], buffer, size, NO); + } + return rc; +} + +/* + * TSS_TPMT_HA_LE_Unmarshalu() Unmarshals a TPMT_HA data from LE to HBO. This is + * similar to TSS_TPMT_HA_Unmarshalu but differs specificaly for unmarshalling + * hashAlg member from LE instead of from HBO. + */ +static TPM_RC +TSS_TPMT_HA_LE_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_ALG_HASH_LE_Unmarshalu(&target->hashAlg, buffer, size, allowNull); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMU_HA_Unmarshalu(&target->digest, buffer, size, target->hashAlg); + } + return rc; +} + +/* + * TSS_TPMI_ALG_HASH_LE_Unmarshalu() Unmarshals TPMI_ALG_HASH from a LE buffer + * into HBO data structure. This is similar to TSS_TPMI_ALG_HASH_Unmarshalu but + * unmarshals TPMI_ALG_HASH from LE instead of HBO. + */ +static TPM_RC +TSS_TPMI_ALG_HASH_LE_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull) +{ + TPM_RC rc = TPM_RC_SUCCESS; + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_ALG_ID_LE_Unmarshalu(target, buffer, size); + } + return rc; +} + +/* + * TSS_TPM_ALG_ID_LE_Unmarshalu() Unrmarshals TPM_ALG_ID from LE buffer. This is + * simlar to TSS_TPM_ALG_ID_Unmarshalu but unmarshals from LE instead of HBO. + */ +static TPM_RC +TSS_TPM_ALG_ID_LE_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer, + uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + if (rc == TPM_RC_SUCCESS) { + rc = UINT16LE_Unmarshal(target, buffer, size); + } + return rc; +} + +/* TSS_TPML_DIGEST_VALUES_LE_Marshalu() Similar to TSS_TPML_DIGEST_VALUES_Marshalu + * for TSS EVENT2 this marshals count to buffer in LE endianess. + */ +static TPM_RC +TSS_TPML_DIGEST_VALUES_LE_Marshalu(const TPML_DIGEST_VALUES *source, + uint16_t *written, BYTE **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32LE_Marshal(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMT_HA_LE_Marshalu(&source->digests[i], written, buffer, size); + } + } + return rc; +} + +/* TSS_TPMT_HA_LE_Marshalu() Similar to TSS_TPMT_HA_Marshalu for TSS EVENT2, + * this saves hashAlg attr as little endian into buffer. + */ +static TPM_RC +TSS_TPMT_HA_LE_Marshalu(const TPMT_HA *source, uint16_t *written, + BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16LE_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_HA_Marshalu(&source->digest, written, buffer, size, + source->hashAlg); + } + return rc; +} + +/* + * TSS_UINT32LE_Marshal() Marshals uint32_t from HBO into LE in the given buffer. + */ +TPM_RC +TSS_UINT32LE_Marshal(const UINT32 *source, uint16_t *written, BYTE **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sizeof(uint32_t))) { + (*buffer)[0] = (BYTE)((*source >> 0) & 0xff); + (*buffer)[1] = (BYTE)((*source >> 8) & 0xff); + (*buffer)[2] = (BYTE)((*source >> 16) & 0xff); + (*buffer)[3] = (BYTE)((*source >> 24) & 0xff); + + *buffer += sizeof(uint32_t); + if (size != NULL) { + *size -= sizeof(uint32_t); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(uint32_t); + return rc; +} + +/* + * UINT16LE_Marshal() Marshals uint16_t from HBO into LE in the given buffer. + */ + +TPM_RC +TSS_UINT16LE_Marshalu(const UINT16 *source, uint16_t *written, BYTE **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sizeof(uint16_t))) { + (*buffer)[0] = (BYTE)((*source >> 0) & 0xff); + (*buffer)[1] = (BYTE)((*source >> 8) & 0xff); + + *buffer += sizeof(uint16_t); + + if (size != NULL) { + *size -= sizeof(uint16_t); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(uint16_t); + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/eventlib.h b/libstb/tss2/ibmtpm20tss/utils/eventlib.h new file mode 100644 index 000000000000..fc69ef9d43a6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/eventlib.h @@ -0,0 +1,212 @@ +/********************************************************************************/ +/* */ +/* TPM2 Measurement Log Common Routines */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef EVENTLIB_H +#define EVENTLIB_H + +#include +#include +#include +#include + +#include + +#define TCG_EVENT_LEN_MAX 0x10000 + +#define EV_PREBOOT_CERT 0x00 +#define EV_POST_CODE 0x01 +#define EV_UNUSED 0x02 +#define EV_NO_ACTION 0x03 +#define EV_SEPARATOR 0x04 +#define EV_ACTION 0x05 +#define EV_EVENT_TAG 0x06 +#define EV_S_CRTM_CONTENTS 0x07 +#define EV_S_CRTM_VERSION 0x08 +#define EV_CPU_MICROCODE 0x09 +#define EV_PLATFORM_CONFIG_FLAGS 0x0A +#define EV_TABLE_OF_DEVICES 0x0B +#define EV_COMPACT_HASH 0x0C +#define EV_IPL 0x0D +#define EV_IPL_PARTITION_DATA 0x0E +#define EV_NONHOST_CODE 0x0F +#define EV_NONHOST_CONFIG 0x10 +#define EV_NONHOST_INFO 0x11 +#define EV_OMIT_BOOT_DEVICE_EVENTS 0x12 +#define EV_EFI_EVENT_BASE 0x80000000 +#define EV_EFI_VARIABLE_DRIVER_CONFIG 0x80000001 +#define EV_EFI_VARIABLE_BOOT 0x80000002 +#define EV_EFI_BOOT_SERVICES_APPLICATION 0x80000003 +#define EV_EFI_BOOT_SERVICES_DRIVER 0x80000004 +#define EV_EFI_RUNTIME_SERVICES_DRIVER 0x80000005 +#define EV_EFI_GPT_EVENT 0x80000006 +#define EV_EFI_ACTION 0x80000007 +#define EV_EFI_PLATFORM_FIRMWARE_BLOB 0x80000008 +#define EV_EFI_HANDOFF_TABLES 0x80000009 +#define EV_EFI_HCRTM_EVENT 0x80000010 +#define EV_EFI_VARIABLE_AUTHORITY 0x800000E0 + +/* PCR 0-7 are the BIOS / UEFI / firmware / pre-OS PCRs, set to 10 because a Lenovo TPM 1.2 firmware + extends PCR 0-9 */ +#define TPM_BIOS_PCR 10 + +/* TCG_PCR_EVENT is the TPM 1.2 SHA-1 event log entry format. It is defined in the TCG PC Client + Specific Implementation Specification for Conventional BIOS, where it is called + TCG_PCClientPCREventStruc. In the PFP, it's called TCG_PCClientPCREvent. + + I renamed it to be consistent with the TPM 2.0 naming. + */ + +typedef struct tdTCG_PCR_EVENT { + uint32_t pcrIndex; + uint32_t eventType; + uint8_t digest[SHA1_DIGEST_SIZE]; + uint32_t eventDataSize; + uint8_t event[TCG_EVENT_LEN_MAX]; +} TCG_PCR_EVENT; + +/* TCG_PCR_EVENT2 is the TPM 2.0 hash agile event log entry format. It is defined in the PFP - TCG + PC Client Platform Firmware Profile Specification. + + */ + +typedef struct tdTCG_PCR_EVENT2 { + uint32_t pcrIndex; + uint32_t eventType; + TPML_DIGEST_VALUES digests; + uint32_t eventSize; + uint8_t event[TCG_EVENT_LEN_MAX]; +} TCG_PCR_EVENT2; + +/* TCG_EfiSpecIdEventAlgorithmSize is a hash agile mapping of algorithmId to digestSize. It is part + of the first event log entry. It permits a parser to unmarshal an event log that contains hash + algorithms that are unknown to the parser. */ + +typedef struct tdTCG_EfiSpecIdEventAlgorithmSize { + uint16_t algorithmId; + uint16_t digestSize; +} TCG_EfiSpecIdEventAlgorithmSize; + +/* TCG_EfiSpecIDEvent is the event field of the first TCG_PCR_EVENT entry in a hash agile TPM 2.0 + format log. + + NOTE: If vendorInfo is ever changed to less than 0xff, unmarshal needs a range check on + vendorInfoSize. +*/ + +typedef struct tdTCG_EfiSpecIdEvent { + uint8_t signature[16]; + uint32_t platformClass; + uint8_t specVersionMinor; + uint8_t specVersionMajor; + uint8_t specErrata; + uint8_t uintnSize; + uint32_t numberOfAlgorithms; + TCG_EfiSpecIdEventAlgorithmSize digestSizes[HASH_COUNT]; + uint8_t vendorInfoSize; + uint8_t vendorInfo[0xff]; +} TCG_EfiSpecIDEvent; + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef TPM_TSS_NOFILE + int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event, + int *endOfFile, + FILE *inFile); + +#endif /* TPM_TSS_NOFILE */ + TPM_RC TSS_EVENT_Line_Marshal(TCG_PCR_EVENT *source, + uint16_t *written, uint8_t **buffer, uint32_t *size); + + TPM_RC TSS_EVENT_Line_Unmarshal(TCG_PCR_EVENT *event, BYTE **buffer, uint32_t *size); + + TPM_RC TSS_EVENT_Line_LE_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size); + +#ifndef TPM_TSS_NOCRYPTO + + TPM_RC TSS_EVENT_PCR_Extend(TPMT_HA pcrs[IMPLEMENTATION_PCR], + TCG_PCR_EVENT *event); +#endif /* TPM_TSS_NOCRYPTO */ + + void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event); + +#ifndef TPM_TSS_NOFILE + int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event2, + int *endOfFile, + FILE *inFile); + +#endif /* TPM_TSS_NOFILE */ + TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written, + uint8_t **buffer, uint32_t *size); + + TPM_RC TSS_EVENT2_Line_LE_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written, + uint8_t **buffer, uint32_t *size); + + + TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size); + + TPM_RC TSS_EVENT2_Line_LE_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size); + + +#ifndef TPM_TSS_NOCRYPTO + TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[HASH_COUNT][IMPLEMENTATION_PCR], + TCG_PCR_EVENT2 *event2); +#endif + + void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event); + + TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent, + uint32_t eventSize, + uint8_t *event); + + void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent); + + const char *TSS_EVENT_EventTypeToString(uint32_t eventType); + + TPM_RC TSS_UINT32LE_Marshal(const UINT32 *source, uint16_t *written, + BYTE **buffer, uint32_t *size); + + TPM_RC TSS_UINT16LE_Marshalu(const UINT16 *source, uint16_t *written, + BYTE **buffer, uint32_t *size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/eventsequencecomplete.c b/libstb/tss2/ibmtpm20tss/utils/eventsequencecomplete.c new file mode 100644 index 000000000000..a78bb96820a1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/eventsequencecomplete.c @@ -0,0 +1,399 @@ +/********************************************************************************/ +/* */ +/* EventSequenceComplete */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + EventSequenceComplete_In in; + EventSequenceComplete_Out out; + TPMI_DH_PCR pcrHandle = TPM_RH_NULL; + TPMI_DH_OBJECT sequenceHandle = 0; + const char *inFilename = NULL; + const char *outFilename1 = NULL; /* for sha1 */ + const char *outFilename2 = NULL; /* for sha256 */ + const char *outFilename3 = NULL; /* for sha384 */ + const char *outFilename5 = NULL; /* for sha512 */ + int process1 = FALSE; /* these catch the case */ + int process2 = FALSE; /* where an output file was */ + int process3 = FALSE; /* specified but the TPM did */ + int process5 = FALSE; /* not return the algorithm */ + const char *sequencePassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (sequenceHandle == 0) { + printf("Missing sequence handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + if (inFilename != NULL) { + rc = TSS_File_Read2B(&in.buffer.b, + sizeof(in.buffer.t.buffer), + inFilename); + } + else { + in.buffer.b.size = 0; + } + } + if (rc == 0) { + in.pcrHandle = pcrHandle; + in.sequenceHandle = sequenceHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_EventSequenceComplete, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, sequencePassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint32_t c; + printf("eventsequencecomplete: success\n"); + /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ + /* Table 71 - Definition of TPMT_HA Structure digests[] */ + /* Table 70 - Definition of TPMU_HA Union digests */ + printf("eventsequencecomplete: count %u\n", out.results.count); + + for (c = 0 ; c < out.results.count ;c++) { + switch (out.results.digests[c].hashAlg) { + case TPM_ALG_SHA1: + if (tssUtilsVerbose) printf("Hash algorithm SHA-1\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.results.digests[c].digest.sha1, + SHA1_DIGEST_SIZE); + if (outFilename1 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha1, + SHA1_DIGEST_SIZE, + outFilename1); + process1 = FALSE; + } + break; + case TPM_ALG_SHA256: + if (tssUtilsVerbose) printf("Hash algorithm SHA-256\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.results.digests[c].digest.sha256, + SHA256_DIGEST_SIZE); + if (outFilename2 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha256, + SHA256_DIGEST_SIZE, + outFilename2); + process2 = FALSE; + } + break; + case TPM_ALG_SHA384: + if (tssUtilsVerbose) printf("Hash algorithm SHA-384\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.results.digests[c].digest.sha384, + SHA384_DIGEST_SIZE); + if (outFilename3 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha384, + SHA384_DIGEST_SIZE, + outFilename3); + process3 = FALSE; + } + break; + case TPM_ALG_SHA512: + if (tssUtilsVerbose) printf("Hash algorithm SHA-512\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.results.digests[c].digest.sha512, + SHA512_DIGEST_SIZE); + if (outFilename5 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha512, + SHA512_DIGEST_SIZE, + outFilename5); + process5 = FALSE; + } + break; + default: + printf("Hash algorithm %04x unknown\n", out.results.digests[c].hashAlg); + break; + } + } + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("eventsequencecomplete: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + if (rc == 0) { + if (process1) { + printf("-of1 specified but TPM did not return SHA-1\n"); + rc = EXIT_FAILURE; + } + if (process2) { + printf("-of2 specified but TPM did not return SHA-256\n"); + rc = EXIT_FAILURE; + } + if (process3) { + printf("-of3 specified but TPM did not return SHA-384\n"); + rc = EXIT_FAILURE; + } + if (process5) { + printf("-of5 specified but TPM did not return SHA-512\n"); + rc = EXIT_FAILURE; + } + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("eventsequencecomplete\n"); + printf("\n"); + printf("Runs TPM2_EventSequenceComplete\n"); + printf("\n"); + printf("\t[-ha\tpcr handle (default NULL)]\n"); + printf("\t-hs\tsequence handle\n"); + printf("\t[-pwds\tpassword for sequence (default empty)]\n"); + printf("\t[-if\tinput file to be added (default no data)]\n"); + printf("\t[-of1\tsha1 output digest file (default do not save)]\n"); + printf("\t[-of2\tsha256 output digest file (default do not save)]\n"); + printf("\t[-of3\tsha384 output digest file (default do not save)]\n"); + printf("\t[-of5\tsha512 output digest file (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/evictcontrol.c b/libstb/tss2/ibmtpm20tss/utils/evictcontrol.c new file mode 100644 index 000000000000..fb43f9a293e5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/evictcontrol.c @@ -0,0 +1,279 @@ +/********************************************************************************/ +/* */ +/* EvictControl */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + TPMI_DH_OBJECT objectHandle = 0; + TPMI_DH_PERSISTENT persistentHandle = 0; + EvictControl_In in; + char authHandleChar = 0; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == 0) { + printf("Missing handle parameter -ho\n"); + printUsage(); + } + if (persistentHandle == 0) { + printf("Missing handle parameter -hp\n"); + printUsage(); + } + if (rc == 0) { + if (authHandleChar == 'o') { + in.auth = TPM_RH_OWNER; + } + else if (authHandleChar == 'p') { + in.auth = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + in.objectHandle = objectHandle; + in.persistentHandle = persistentHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_EvictControl, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("evictcontrol: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("evictcontrol: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("evictcontrol\n"); + printf("\n"); + printf("Runs TPM2_EvictControl\n"); + printf("\n"); + printf("\t-hi\tauthhandle hierarchy (o, p)\n"); + printf("\t\to owner, p platform\n"); + printf("\t-ho\tobject handle\n"); + printf("\t\tif transient: make persistent, if persistent: flush\n"); + printf("\t-hp\tpersistent handle\n"); + printf("\t\towner 81000000 to 817FFFFF\n"); + printf("\t\tplatform 81800000 to 81FFFFFF\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/flushcontext.c b/libstb/tss2/ibmtpm20tss/utils/flushcontext.c new file mode 100644 index 000000000000..bede6b745ecb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/flushcontext.c @@ -0,0 +1,143 @@ +/********************************************************************************/ +/* */ +/* Flush Context */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + uint32_t handle = 0; + FlushContext_In in; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include + +static void printUsage(TPM_CAP capability); +static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + TPM_CAP capability = TPM_CAP_LAST + 1; /* invalid */ + uint32_t property = 0; /* default, start at first one */ + uint32_t propertyCount = 64; /* default, return 64 values */ + GetCapability_In in; + GetCapability_Out out; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(capability); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(capability); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(capability); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(capability); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(capability); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(capability); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(capability); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(capability); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(capability); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(capability); + } + } + if (capability > TPM_CAP_LAST) { + printf("Missing or illegal parameter -cap\n"); + printUsage(capability); + } + if (rc == 0) { + in.capability = capability; + in.property = property; + in.propertyCount = propertyCount; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetCapability, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (out.moreData > 0) { + printf("moreData: %u\n", out.moreData); + } + rc = printResponse(&out.capabilityData, property); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("getcapability: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("getcapability: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +typedef void (* USAGE_FUNCTION)(void); +typedef TPM_RC (* RESPONSE_FUNCTION)(TPMS_CAPABILITY_DATA *out, uint32_t property); + +typedef struct { + TPM_CAP capability; + USAGE_FUNCTION usageFunction; + RESPONSE_FUNCTION responseFunction; +} CAPABILITY_TABLE; + +static void usageCapability(void); +static void usageAlgs(void); +static void usageHandles(void); +static void usageCommands(void); +static void usagePpCommands(void); +static void usageAuditCommands(void); +static void usagePcrs(void); +static void usageTpmProperties(void); +static void usagePcrProperties(void); +static void usageEccCurves(void); +static void usageAuthPolicies(void); + +static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); +static TPM_RC responseAuthPolicies(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); + +static const CAPABILITY_TABLE capabilityTable [] = { + {TPM_CAP_LAST + 1, usageCapability, responseCapability}, + {TPM_CAP_ALGS, usageAlgs, responseAlgs} , + {TPM_CAP_HANDLES, usageHandles, responseHandles} , + {TPM_CAP_COMMANDS, usageCommands, responseCommands} , + {TPM_CAP_PP_COMMANDS, usagePpCommands, responsePpCommands} , + {TPM_CAP_AUDIT_COMMANDS, usageAuditCommands, responseAuditCommands}, + {TPM_CAP_PCRS, usagePcrs, responsePcrs} , + {TPM_CAP_TPM_PROPERTIES, usageTpmProperties, responseTpmProperties}, + {TPM_CAP_PCR_PROPERTIES, usagePcrProperties, responsePcrProperties}, + {TPM_CAP_ECC_CURVES, usageEccCurves, responseEccCurves}, + {TPM_CAP_AUTH_POLICIES, usageAuthPolicies, responseAuthPolicies} +}; + +static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + size_t i; + + /* call the response function in the capability table */ + for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) { + if (capabilityTable[i].capability == capabilityData->capability) { + rc = capabilityTable[i].responseFunction(capabilityData, property); + } + } + return rc; +} + +static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + property = property; + printf("Cannot parse illegal response capability %08x\n", capabilityData->capability); + rc = TPM_RC_VALUE; + return rc; +} + +static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_ALG_PROPERTY *algorithms = (TPML_ALG_PROPERTY *)&(capabilityData->data); + property = property; + + printf("%u algorithms \n", algorithms->count); + for (count = 0 ; count < algorithms->count ; count++) { + TPMS_ALG_PROPERTY *algProperties = &(algorithms->algProperties[count]); + TSS_TPM_ALG_ID_Print("", algProperties->alg, 2); + TSS_TPM_TPMA_ALGORITHM_Print(algProperties->algProperties, 4); + } + return rc; +} + +static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_HANDLE *handles = (TPML_HANDLE *)&(capabilityData->data); + property = property; + + printf("%u handles\n", handles->count); + for (count = 0 ; count < handles->count ; count++) { + printf("\t%08x\n", handles->handle[count]); + } + return rc; +} + +static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_CCA *command = (TPML_CCA *)&(capabilityData->data); + property = property; + + printf("%u commands\n", command->count); + for (count = 0 ; count < command->count ; count++) { + printf("\tcommand Attributes %08x\n", command->commandAttributes[count].val); + } + return rc; +} + +static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_CC *command = (TPML_CC *)&(capabilityData->data); + property = property; + + printf("%u commands\n", command->count); + for (count = 0 ; count < command->count ; count++) { + printf("\tPP command %08x\n", command->commandCodes[count]); + } + return rc; +} + +static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_CC *command = (TPML_CC *)&(capabilityData->data); + property = property; + + printf("%u commands\n", command->count); + for (count = 0 ; count < command->count ; count++) { + printf("\tAudit command %08x\n", command->commandCodes[count]); + } + return rc; +} + +static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_PCR_SELECTION *pcrSelection = (TPML_PCR_SELECTION *)&(capabilityData->data); + property = property; + + printf("%u PCR selections\n", pcrSelection->count); + for (count = 0 ; count < pcrSelection->count ; count++) { + TSS_TPMS_PCR_SELECTION_Print(&pcrSelection->pcrSelections[count], 2); + } + return rc; +} + +typedef struct { + TPM_PT pt; + const char *ptText; +} PT_TABLE; + +static PT_TABLE ptTable [] = { + {(PT_FIXED + 0),"TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)"}, + {(PT_FIXED + 1), "TPM_PT_LEVEL - the level of the specification"}, + {(PT_FIXED + 2), "TPM_PT_REVISION - the specification Revision times 100"}, + {(PT_FIXED + 3), "TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar"}, + {(PT_FIXED + 4), "TPM_PT_YEAR - the specification year using the CE"}, + {(PT_FIXED + 5), "TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer "}, + {(PT_FIXED + 6), "TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string"}, + {(PT_FIXED + 7), "TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string "}, + {(PT_FIXED + 8), "TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string "}, + {(PT_FIXED + 9), "TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting "}, + {(PT_FIXED + 10), "TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model "}, + {(PT_FIXED + 11), "TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"}, + {(PT_FIXED + 12), "TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"}, + {(PT_FIXED + 13), "TPM_PT_INPUT_BUFFER - the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)"}, + {(PT_FIXED + 14), "TPM_PT_HR_TRANSIENT_MIN - the minimum number of transient objects that can be held in TPM RAM"}, + {(PT_FIXED + 15), "TPM_PT_HR_PERSISTENT_MIN - the minimum number of persistent objects that can be held in TPM NV memory"}, + {(PT_FIXED + 16), "TPM_PT_HR_LOADED_MIN - the minimum number of authorization sessions that can be held in TPM RAM"}, + {(PT_FIXED + 17), "TPM_PT_ACTIVE_SESSIONS_MAX - the number of authorization sessions that may be active at a time"}, + {(PT_FIXED + 18), "TPM_PT_PCR_COUNT - the number of PCR implemented"}, + {(PT_FIXED + 19), "TPM_PT_PCR_SELECT_MIN - the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect"}, + {(PT_FIXED + 20), "TPM_PT_CONTEXT_GAP_MAX - the maximum allowed difference (unsigned) between the contextID values of two saved session contexts"}, + {(PT_FIXED + 22), "TPM_PT_NV_COUNTERS_MAX - the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET"}, + {(PT_FIXED + 23), "TPM_PT_NV_INDEX_MAX - the maximum size of an NV Index data area"}, + {(PT_FIXED + 24), "TPM_PT_MEMORY - a TPMA_MEMORY indicating the memory management method for the TPM"}, + {(PT_FIXED + 25), "TPM_PT_CLOCK_UPDATE - interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV"}, + {(PT_FIXED + 26), "TPM_PT_CONTEXT_HASH - the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead()"}, + {(PT_FIXED + 27), "TPM_PT_CONTEXT_SYM - TPM_ALG_ID, the algorithm used for encryption of saved contexts"}, + {(PT_FIXED + 28), "TPM_PT_CONTEXT_SYM_SIZE - TPM_KEY_BITS, the size of the key used for encryption of saved contexts"}, + {(PT_FIXED + 29), "TPM_PT_ORDERLY_COUNT - the modulus - 1 of the count for NV update of an orderly counter"}, + {(PT_FIXED + 30), "TPM_PT_MAX_COMMAND_SIZE - the maximum value for commandSize in a command"}, + {(PT_FIXED + 31), "TPM_PT_MAX_RESPONSE_SIZE - the maximum value for responseSize in a response"}, + {(PT_FIXED + 32), "TPM_PT_MAX_DIGEST - the maximum size of a digest that can be produced by the TPM"}, + {(PT_FIXED + 33), "TPM_PT_MAX_OBJECT_CONTEXT - the maximum size of an object context that will be returned by TPM2_ContextSave"}, + {(PT_FIXED + 34), "TPM_PT_MAX_SESSION_CONTEXT - the maximum size of a session context that will be returned by TPM2_ContextSave"}, + {(PT_FIXED + 35), "TPM_PT_PS_FAMILY_INDICATOR - platform-specific family (a TPM_PS value)(see Table 24)"}, + {(PT_FIXED + 36), "TPM_PT_PS_LEVEL - the level of the platform-specific specification"}, + {(PT_FIXED + 37), "TPM_PT_PS_REVISION - the specification Revision times 100 for the platform-specific specification"}, + {(PT_FIXED + 38), "TPM_PT_PS_DAY_OF_YEAR - the platform-specific specification day of year using TCG calendar"}, + {(PT_FIXED + 39), "TPM_PT_PS_YEAR - the platform-specific specification year using the CE"}, + {(PT_FIXED + 40), "TPM_PT_SPLIT_MAX - the number of split signing operations supported by the TPM"}, + {(PT_FIXED + 41), "TPM_PT_TOTAL_COMMANDS - total number of commands implemented in the TPM"}, + {(PT_FIXED + 42), "TPM_PT_LIBRARY_COMMANDS - number of commands from the TPM library that are implemented"}, + {(PT_FIXED + 43), "TPM_PT_VENDOR_COMMANDS - number of vendor commands that are implemented"}, + {(PT_FIXED + 44), "TPM_PT_NV_BUFFER_MAX - the maximum data size in one NV write command"}, + {(PT_FIXED + 45) ,"TPM_PT_MODES - a TPMA_MODES value, indicating that the TPM is designed for these modes"}, + {(PT_FIXED + 46) ,"TPM_PT_MAX_CAP_BUFFER - the maximum size of a TPMS_CAPABILITY_DATA structure returned in TPM2_GetCapability"}, + {(PT_VAR + 0), "TPM_PT_PERMANENT - TPMA_PERMANENT "}, + {(PT_VAR + 1), "TPM_PT_STARTUP_CLEAR - TPMA_STARTUP_CLEAR "}, + {(PT_VAR + 2), "TPM_PT_HR_NV_INDEX - the number of NV Indexes currently defined "}, + {(PT_VAR + 3), "TPM_PT_HR_LOADED - the number of authorization sessions currently loaded into TPM RAM"}, + {(PT_VAR + 4), "TPM_PT_HR_LOADED_AVAIL - the number of additional authorization sessions, of any type, that could be loaded into TPM RAM"}, + {(PT_VAR + 5), "TPM_PT_HR_ACTIVE - the number of active authorization sessions currently being tracked by the TPM"}, + {(PT_VAR + 6), "TPM_PT_HR_ACTIVE_AVAIL - the number of additional authorization sessions, of any type, that could be created"}, + {(PT_VAR + 7), "TPM_PT_HR_TRANSIENT_AVAIL - estimate of the number of additional transient objects that could be loaded into TPM RAM"}, + {(PT_VAR + 8), "TPM_PT_HR_PERSISTENT - the number of persistent objects currently loaded into TPM NV memory"}, + {(PT_VAR + 9), "TPM_PT_HR_PERSISTENT_AVAIL - the number of additional persistent objects that could be loaded into NV memory"}, + {(PT_VAR + 10), "TPM_PT_NV_COUNTERS - the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET"}, + {(PT_VAR + 11), "TPM_PT_NV_COUNTERS_AVAIL - the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET"}, + {(PT_VAR + 12), "TPM_PT_ALGORITHM_SET - code that limits the algorithms that may be used with the TPM"}, + {(PT_VAR + 13), "TPM_PT_LOADED_CURVES - the number of loaded ECC curves "}, + {(PT_VAR + 14), "TPM_PT_LOCKOUT_COUNTER - the current value of the lockout counter (failedTries) "}, + {(PT_VAR + 15), "TPM_PT_MAX_AUTH_FAIL - the number of authorization failures before DA lockout is invoked"}, + {(PT_VAR + 16), "TPM_PT_LOCKOUT_INTERVAL - the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented"}, + {(PT_VAR + 17), "TPM_PT_LOCKOUT_RECOVERY - the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again"}, + {(PT_VAR + 18), "TPM_PT_NV_WRITE_RECOVERY - number of milliseconds before the TPM will accept another command that will modify NV"}, + {(PT_VAR + 19), "TPM_PT_AUDIT_COUNTER_0 - the high-order 32 bits of the command audit counter "}, + {(PT_VAR + 20), "TPM_PT_AUDIT_COUNTER_1 - the low-order 32 bits of the command audit counter"}, +}; + +static char get8(uint32_t value32, size_t offset); +static uint16_t get16(uint32_t value32, size_t offset); + +/* get8() gets a char from a uint32_t at offset */ + +static char get8(uint32_t value32, size_t offset) +{ + char value8 = (uint8_t)((value32 >> ((3 - offset) * 8)) & 0xff); + return value8; +} + +/* get16() gets a uint16_t from a uint32_t at offset */ + +static uint16_t get16(uint32_t value32, size_t offset) +{ + uint16_t value16 = (uint16_t)((value32 >> ((1 - offset) * 16)) & 0xffff); + return value16; +} + +static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_TAGGED_TPM_PROPERTY *tpmProperties = (TPML_TAGGED_TPM_PROPERTY *)&(capabilityData->data); + property = property; + + printf("%u properties\n", tpmProperties->count); + for (count = 0 ; count < tpmProperties->count ; count++) { + TPMS_TAGGED_PROPERTY *tpmProperty = &(tpmProperties->tpmProperty[count]); + const char *ptText = NULL; + size_t i; + for (i = 0 ; i < (sizeof(ptTable) / sizeof(PT_TABLE)) ; i++) { + if (tpmProperty->property == ptTable[i].pt) { + ptText = ptTable[i].ptText; + break; + } + } + if (ptText == NULL) { + ptText = "PT unknown"; + } + printf("TPM_PT %08x value %08x %s\n", tpmProperty->property, tpmProperty->value, ptText); + switch (tpmProperty->property) { + char c; + case TPM_PT_FAMILY_INDICATOR: + printf("\tTPM "); + for (i = 0 ; i < sizeof(uint32_t) ; i++) { + c = get8(tpmProperty->value, i); + printf("%c", c); + } + printf("\n"); + break; + case TPM_PT_REVISION: + printf("\trev %u\n", tpmProperty->value); + break; + case TPM_PT_DAY_OF_YEAR: + case TPM_PT_YEAR: + case TPM_PT_INPUT_BUFFER: + case TPM_PT_ACTIVE_SESSIONS_MAX: + case TPM_PT_PCR_COUNT: + case TPM_PT_NV_INDEX_MAX: + case TPM_PT_CLOCK_UPDATE: + case TPM_PT_CONTEXT_SYM_SIZE: + case TPM_PT_MAX_COMMAND_SIZE: + case TPM_PT_MAX_RESPONSE_SIZE: + case TPM_PT_MAX_DIGEST: + case TPM_PT_MAX_OBJECT_CONTEXT: + case TPM_PT_MAX_SESSION_CONTEXT: + case TPM_PT_PS_DAY_OF_YEAR: + case TPM_PT_PS_YEAR: + case TPM_PT_SPLIT_MAX: + case TPM_PT_TOTAL_COMMANDS: + case TPM_PT_LIBRARY_COMMANDS: + case TPM_PT_VENDOR_COMMANDS: + case TPM_PT_NV_BUFFER_MAX: + case TPM_PT_MAX_CAP_BUFFER: + + case TPM_PT_HR_ACTIVE_AVAIL: + case TPM_PT_HR_PERSISTENT_AVAIL: + case TPM_PT_NV_COUNTERS_AVAIL: + printf("\t%u\n", tpmProperty->value); + break; + case TPM_PT_MANUFACTURER: + case TPM_PT_VENDOR_STRING_1: + case TPM_PT_VENDOR_STRING_2: + case TPM_PT_VENDOR_STRING_3: + case TPM_PT_VENDOR_STRING_4: + printf("\t"); + for (i = 0 ; i < sizeof(uint32_t) ; i++) { + c = get8(tpmProperty->value, i); + printf("%c", c); + } + printf("\n"); + break; + case TPM_PT_FIRMWARE_VERSION_1: + case TPM_PT_FIRMWARE_VERSION_2: + printf("\t%u.%u\n", get16(tpmProperty->value, 0), get16(tpmProperty->value, 1)); + break; + case TPM_PT_PS_REVISION: + printf("\t%u.%u.%u.%u\n", + get8(tpmProperty->value, 0), get8(tpmProperty->value, 1), + get8(tpmProperty->value, 2), get8(tpmProperty->value, 3)); + break; + case TPM_PT_CONTEXT_HASH: + case TPM_PT_CONTEXT_SYM: + TSS_TPM_ALG_ID_Print("algorithm", tpmProperty->value, 4); + break; + case TPM_PT_MEMORY: + { + TPMA_MEMORY tmp; + tmp.val = tpmProperty->value; + TSS_TPMA_MEMORY_Print(tmp, 4); + } + break; + case TPM_PT_MODES : + { + TPMA_MODES tmp; + tmp.val = tpmProperty->value; + TSS_TPMA_MODES_Print(tmp, 4); + } + break; + case TPM_PT_PERMANENT: + { + TPMA_PERMANENT tmp; + tmp.val = tpmProperty->value; + TSS_TPMA_PERMANENT_Print(tmp, 4); + } + break; + case TPM_PT_STARTUP_CLEAR: + { + TPMA_STARTUP_CLEAR tmp; + tmp.val = tpmProperty->value; + TSS_TPMA_STARTUP_CLEAR_Print(tmp, 4); + } + break; + } + } + return rc; +} + +typedef struct { + TPM_PT_PCR ptPcr; + const char *ptPcrText; +} PT_PCR_TABLE; + +static PT_PCR_TABLE ptPcrTable [] = { + {TPM_PT_PCR_SAVE, "TPM_PT_PCR_SAVE - PCR is saved and restored by TPM_SU_STATE"}, + {TPM_PT_PCR_EXTEND_L0, "TPM_PT_PCR_EXTEND_L0 - PCR may be extended from locality 0"}, + {TPM_PT_PCR_RESET_L0, "TPM_PT_PCR_RESET_L0 - PCR may be reset by TPM2_PCR_Reset() from locality 0"}, + {TPM_PT_PCR_EXTEND_L1, "TPM_PT_PCR_EXTEND_L1 - PCR may be extended from locality 1"}, + {TPM_PT_PCR_RESET_L1, "TPM_PT_PCR_RESET_L1 - PCR may be reset by TPM2_PCR_Reset() from locality 1"}, + {TPM_PT_PCR_EXTEND_L2, "TPM_PT_PCR_EXTEND_L2 - PCR may be extended from locality 2"}, + {TPM_PT_PCR_RESET_L2, "TPM_PT_PCR_RESET_L2 - PCR may be reset by TPM2_PCR_Reset() from locality 2"}, + {TPM_PT_PCR_EXTEND_L3, "TPM_PT_PCR_EXTEND_L3 - PCR may be extended from locality 3"}, + {TPM_PT_PCR_RESET_L3, "TPM_PT_PCR_RESET_L3 - PCR may be reset by TPM2_PCR_Reset() from locality 3"}, + {TPM_PT_PCR_EXTEND_L4, "TPM_PT_PCR_EXTEND_L4 - PCR may be extended from locality 4"}, + {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"}, + {TPM_PT_PCR_NO_INCREMENT, "TPM_PT_PCR_NO_INCREMENT - modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter"}, + {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"}, + {TPM_PT_PCR_DRTM_RESET, "TPM_PT_PCR_DRTM_RESET - PCR is reset by a DRTM event"}, + {TPM_PT_PCR_POLICY, "TPM_PT_PCR_POLICY - PCR is controlled by policy"}, + {TPM_PT_PCR_AUTH, "TPM_PT_PCR_AUTH - PCR is controlled by an authorization value"} +}; + +static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_TAGGED_PCR_PROPERTY *pcrProperties = (TPML_TAGGED_PCR_PROPERTY *)&(capabilityData->data); + property = property; + + printf("%u properties\n", pcrProperties->count); + for (count = 0 ; count < pcrProperties->count ; count++) { + + + TPMS_TAGGED_PCR_SELECT *pcrProperty = &(pcrProperties->pcrProperty[count]); + const char *ptPcrText = NULL; + size_t i; + for (i = 0 ; i < (sizeof(ptPcrTable) / sizeof(PT_PCR_TABLE)) ; i++) { + if (pcrProperty->tag == ptPcrTable[i].ptPcr) { /* the property identifier */ + ptPcrText = ptPcrTable[i].ptPcrText; + break; + } + } + if (ptPcrText == NULL) { + ptPcrText = "PT unknown"; + } + printf("TPM_PT_PCR %08x %s\n", pcrProperty->tag, ptPcrText); + for (i = 0 ; i < pcrProperty->sizeofSelect ; i++) { /* the size in octets of the + pcrSelect array */ + printf("PCR %u-%u \tpcrSelect\t%02x\n", + (unsigned int)i*8, (unsigned int)(i*8) + 7, + pcrProperty->pcrSelect[i]); + } + } + return rc; +} + +static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_ECC_CURVE *eccCurves = (TPML_ECC_CURVE *)&(capabilityData->data); + TPM_ECC_CURVE curve; + property = property; + + printf("%u curves\n", eccCurves->count); + for (count = 0 ; count < eccCurves->count ; count++) { + curve = eccCurves->eccCurves[count]; + TSS_TPM_ECC_CURVE_Print("", curve, 4); + } + return rc; +} + +static TPM_RC responseAuthPolicies(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) +{ + TPM_RC rc = 0; + uint32_t count; + TPML_TAGGED_POLICY *authPolicies = (TPML_TAGGED_POLICY *)&(capabilityData->data); + property = property; + + printf("%u authPolicies\n", authPolicies->count); + for (count = 0 ; count < authPolicies->count ; count++) { + TSS_TPMS_TAGGED_POLICY_Print(&authPolicies->policies[count], 4); + } + return rc; +} + +static void printUsage(TPM_CAP capability) +{ + size_t i; + + printf("\n"); + printf("getcapability\n"); + printf("\n"); + printf("Runs TPM2_GetCapability\n"); + printf("\n"); + printf("\t-cap\tcapability\n"); + printf("\t-pr\tproperty (defaults to 0)\n"); + printf("\t-pc\tpropertyCount (defaults to 64)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t\t01\tcontinue\n"); + printf("\t\t80\tcommand audit\n"); + printf("\n"); + + /* call the usage function in the capability table */ + for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) { + if (capabilityTable[i].capability == capability) { + capabilityTable[i].usageFunction(); + exit(1); + } + } + printf("unknown -cap %08x\n", capability); + usageCapability(); + exit(1); +} + +static void usageCapability(void) +{ + printf("\t-cap\tvalues\n" + "\n" + "\t\tTPM_CAP_ALGS 0\n" + "\t\tTPM_CAP_HANDLES 1\n" + "\t\tTPM_CAP_COMMANDS 2\n" + "\t\tTPM_CAP_PP_COMMANDS 3\n" + "\t\tTPM_CAP_AUDIT_COMMANDS 4\n" + "\t\tTPM_CAP_PCRS 5\n" + "\t\tTPM_CAP_TPM_PROPERTIES 6\n" + "\t\tTPM_CAP_PCR_PROPERTIES 7\n" + "\t\tTPM_CAP_ECC_CURVES 8\n" + "\t\tTPM_CAP_AUTH_POLICIES 9\n" + ); + return; +} + +static void usageAlgs(void) +{ + printf("TPM_CAP_ALGS -pr not used\n"); + return; +} + +static void usageHandles(void) +{ + printf("TPM_CAP_HANDLES -pr values\n" + "\n" + "TPM_HT_PCR 00000000\n" + "TPM_HT_NV_INDEX 01000000\n" + "TPM_HT_LOADED_SESSION 02000000\n" + "TPM_HT_SAVED_SESSION 03000000\n" + "TPM_HT_PERMANENT 40000000\n" + "TPM_HT_TRANSIENT 80000000\n" + "TPM_HT_PERSISTENT 81000000\n" + ); + return; +} + +static void usageCommands(void) +{ + printf("TPM_CAP_COMMANDS -pr is first command\n"); + return; +} + +; +static void usagePpCommands(void) +{ + printf("TPM_CAP_PP_COMMANDS -pr is first command\n"); + return; +} + +static void usageAuditCommands(void) +{ + printf("TPM_CAP_AUDIT_COMMANDS -pr is first command\n"); + return; +} + +static void usagePcrs(void) +{ + printf("TPM_CAP_PCRS -pr is not used\n"); + return; +} + +static void usageTpmProperties(void) +{ + printf("TPM_CAP_TPM_PROPERTIES -pr is first property\n"); + printf("\tPT_FIXED starts at %08x\n", PT_FIXED); + printf("\tPT_VAR starts at %08x\n", PT_VAR); + return; +} + +static void usagePcrProperties(void) +{ + printf("TPM_CAP_PCR_PROPERTIES -pr is the first property\n"); + return; +} + +static void usageEccCurves(void) +{ + printf("TPM_CAP_ECC_CURVES -pr is the first curve\n"); + return; +} + +static void usageAuthPolicies(void) +{ + printf("TPM_CAP_AUTH_POLICIES -pr is the first handle in range 40000000\n"); + return; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/getcommandauditdigest.c b/libstb/tss2/ibmtpm20tss/utils/getcommandauditdigest.c new file mode 100644 index 000000000000..a2197852db18 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/getcommandauditdigest.c @@ -0,0 +1,395 @@ +/********************************************************************************/ +/* */ +/* GetCommandAuditDigest */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + GetCommandAuditDigest_In in; + GetCommandAuditDigest_Out out; + const char *privacyAdminPassword = NULL; + TPMI_DH_OBJECT signHandle = 0; + const char *signPassword = NULL; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + TPM_ALG_ID sigAlg = TPM_ALG_RSA; + TPMS_ATTEST tpmsAttest; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that authorized the audit */ + in.privacyHandle = TPM_RH_ENDORSEMENT; + in.signHandle = signHandle; + if (sigAlg == TPM_ALG_RSA) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (sigAlg == TPM_ALG_ECDSA) { + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + else { /* HMAC */ + in.inScheme.scheme = TPM_ALG_HMAC; + in.inScheme.details.hmac.hashAlg = halg; + } + } + /* data supplied by the caller */ + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetCommandAuditDigest, + sessionHandle0, privacyAdminPassword, sessionAttributes0, + sessionHandle1, signPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.auditInfo.t.attestationData; + uint32_t tmpSize = out.auditInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("getcommandauditdigest: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + + + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData, + out.auditInfo.t.size, + attestInfoFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("getcommandauditdigest: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("getcommandauditdigest: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("getcommandauditdigest\n"); + printf("\n"); + printf("Runs TPM2_GetCommandAuditDigest\n"); + printf("\n"); + printf("\t[-pwde\tendorsement hierarchy password (default empty)]\n"); + printf("\t-hk\tsigning key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/getcryptolibrary.c b/libstb/tss2/ibmtpm20tss/utils/getcryptolibrary.c new file mode 100644 index 000000000000..a42acde99d4e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/getcryptolibrary.c @@ -0,0 +1,76 @@ +/********************************************************************************/ +/* */ +/* Get Crypto Library Name */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019 - 2020 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + const char *name = NULL; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + GetRandom_In in; + GetRandom_Out out; + uint32_t bytesRequested = 0; + uint32_t bytesCopied; + const char *outFilename = NULL; + unsigned char *randomBuffer = NULL; + int noZeros = FALSE; + int noSpace = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((bytesRequested == 0) || + (bytesRequested > 0xffff)) { + printf("Missing or bad parameter -by\n"); + printUsage(); + } + /* allocate a buffer for the bytes requested, add 1 for optional nul terminator */ + if (rc == 0) { + rc = TSS_Malloc(&randomBuffer, bytesRequested + 1); /* freed @1 */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* This is somewhat optimized, but if a zero byte is obtained in the last pass, an extra pass is + needed. The trade-off is that, in general, asking for more random numbers than needed may slow + down the TPM. In any case, needing non-zero values for random auth should not happen very + often. + */ + for (bytesCopied = 0 ; (rc == 0) && (bytesCopied < bytesRequested) ; ) { + /* Request whatever is left */ + if (rc == 0) { + in.bytesRequested = bytesRequested - bytesCopied; + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetRandom, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + size_t br; + if (tssUtilsVerbose) TSS_PrintAll("randomBytes in pass", + out.randomBytes.t.buffer, out.randomBytes.t.size); + /* copy as many bytes as were received or until bytes requested */ + for (br = 0 ; (br < out.randomBytes.t.size) && (bytesCopied < bytesRequested) ; br++) { + + if (!noZeros || (out.randomBytes.t.buffer[br] != 0)) { + randomBuffer[bytesCopied] = out.randomBytes.t.buffer[br]; + bytesCopied++; + } + } + } + if (rc == 0) { + if (noZeros) { + randomBuffer[bytesCopied] = 0x00; + } + } + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (outFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(randomBuffer, bytesRequested + (noZeros ? 1 : 0), + outFilename); + } + if (rc == 0) { + /* machine readable format */ + if (noSpace) { + uint32_t bp; + for (bp = 0 ; bp < bytesRequested ; bp++) { + printf("%02x", randomBuffer[bp]); + } + printf("\n"); + } + /* human readable format */ + else { + TSS_PrintAll("randomBytes", randomBuffer, bytesRequested); + } + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("getrandom: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(randomBuffer); /* @1 */ + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("getrandom\n"); + printf("\n"); + printf("Runs TPM2_GetRandom\n"); + printf("\n"); + printf("\t-by\tbytes requested\n"); + printf("\t[-of\toutput file, with -nz, appends nul terminator (default do not save)]\n"); + printf("\t[-nz\tget random number with no zero bytes (for authorization value)]\n"); + printf("\t[-ns\tno space, no text, no newlines]\n"); + printf("\t\tjust a string of hexascii suitable for a symmetric key\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/getsessionauditdigest.c b/libstb/tss2/ibmtpm20tss/utils/getsessionauditdigest.c new file mode 100644 index 000000000000..61b12e6868d0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/getsessionauditdigest.c @@ -0,0 +1,391 @@ +/********************************************************************************/ +/* */ +/* GetSessionAuditDigest */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + GetSessionAuditDigest_In in; + GetSessionAuditDigest_Out out; + const char *privacyAdminPassword = NULL; + TPMI_DH_OBJECT signHandle = TPM_RH_NULL; + const char *signPassword = NULL; + TPMI_SH_HMAC sessionHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + TPMS_ATTEST tpmsAttest; + const char *sessionDigestFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (sessionHandle == 0) { + printf("Missing session handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that authorizes the audit */ + in.privacyAdminHandle = TPM_RH_ENDORSEMENT; + in.signHandle = signHandle; + in.sessionHandle = sessionHandle; + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + /* data supplied by the caller */ + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetSessionAuditDigest, + sessionHandle0, privacyAdminPassword, sessionAttributes0, + sessionHandle1, signPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.auditInfo.t.attestationData; + uint32_t tmpSize = out.auditInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("getsessionauditdigest: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + + + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData, + out.auditInfo.t.size, + attestInfoFilename); + } + if ((rc == 0) && (sessionDigestFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.sessionAudit.sessionDigest.t.buffer, + tpmsAttest.attested.sessionAudit.sessionDigest.t.size, + sessionDigestFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("getsessionauditdigest: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("getsessionauditdigest: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("getsessionauditdigest\n"); + printf("\n"); + printf("Runs TPM2_GetSessionAuditDigest\n"); + printf("\n"); + printf("\t[-pwde\tendorsement hierarchy password (default empty)]\n"); + printf("\t[-hk\tsigning key handle]\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t-hs\taudit session handle\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\t[-od\tsession digest file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/gettestresult.c b/libstb/tss2/ibmtpm20tss/utils/gettestresult.c new file mode 100644 index 000000000000..de1284575e71 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/gettestresult.c @@ -0,0 +1,206 @@ +/********************************************************************************/ +/* */ +/* GetTestResult */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +/* #include */ + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + GetTestResult_Out out; + const char *msg; + const char *submsg; + const char *num; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + NULL, + NULL, + TPM_CC_GetTestResult, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + TSS_ResponseCode_toString(&msg, &submsg, &num, out.testResult); + printf("testResult %s%s%s\n", msg, submsg, num); + + if (tssUtilsVerbose) TSS_PrintAll("outData", + out.outData.t.buffer, out.outData.t.size); + } + else { + printf("gettestresult: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("gettestresult\n"); + printf("\n"); + printf("Runs TPM2_GetTestResult\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/gettime.c b/libstb/tss2/ibmtpm20tss/utils/gettime.c new file mode 100644 index 000000000000..b07baf1668e5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/gettime.c @@ -0,0 +1,395 @@ +/********************************************************************************/ +/* */ +/* GetTime */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + GetTime_In in; + GetTime_Out out; + TPMI_DH_OBJECT signHandle = 0; + const char *keyPassword = NULL; + const char *endorsementPassword = NULL; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + TPM_ALG_ID sigAlg = TPM_ALG_RSA; + TPMS_ATTEST tpmsAttest; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + /* handle of the privacy administrator */ + in.privacyAdminHandle = TPM_RH_ENDORSEMENT; + /* Handle of key that will perform signing */ + in.signHandle = signHandle; + if (sigAlg == TPM_ALG_RSA) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (sigAlg == TPM_ALG_ECDSA) { + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + else { /* HMAC */ + in.inScheme.scheme = TPM_ALG_HMAC; + in.inScheme.details.hmac.hashAlg = halg; + } + } + /* data supplied by the caller */ + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_GetTime, + sessionHandle0, endorsementPassword, sessionAttributes0, + sessionHandle1, keyPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.timeInfo.t.attestationData; + uint32_t tmpSize = out.timeInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("quote: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.timeInfo.t.attestationData, + out.timeInfo.t.size, + attestInfoFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("gettime: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("gettime: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("gettime\n"); + printf("\n"); + printf("Runs TPM2_GetTime\n"); + printf("\n"); + printf("\t-hk\tsigning key handle\n"); + printf("\t[-pwdk\tpassword for signing key (default empty)]\n"); + printf("\t[-pwde\tpassword for endorsement hierarchy (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hash.c b/libstb/tss2/ibmtpm20tss/utils/hash.c new file mode 100644 index 000000000000..71b8a7c8862e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hash.c @@ -0,0 +1,310 @@ +/********************************************************************************/ +/* */ +/* Hash */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); +static void printHash(Hash_Out *out); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Hash_In in; + Hash_Out out; + char hierarchyChar = 'n'; + TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *inFilename = NULL; + const char *inString = NULL; + const char *hashFilename = NULL; + const char *ticketFilename = NULL; + int noSpace = FALSE; + + size_t length = 0; + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i sizeof(in.data.t.buffer)) { + printf("Input data too long %lu\n", (unsigned long)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* data to be hashed */ + in.data.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.data.t.buffer, buffer, length); + } + } + if (inString != NULL) { + if (rc == 0) { + length = strlen(inString); + if (length > sizeof(in.data.t.buffer)) { + printf("Input data too long %lu\n", (unsigned long)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* data to be hashed */ + in.data.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.data.t.buffer, inString, length); + } + } + if (rc == 0) { + in.hashAlg = halg; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Hash, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (hashFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outHash.t.buffer, + out.outHash.t.size, + hashFilename); + } + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.validation, + (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshalu, + ticketFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printHash(&out); + if (noSpace) { + uint32_t bp; + for (bp = 0 ; bp < out.outHash.t.size ; bp++) { + printf("%02x", out.outHash.t.buffer[bp]); + } + printf("\n"); + } + if (tssUtilsVerbose) printf("hash: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hash: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + return rc; +} + +static void printHash(Hash_Out *out) +{ + TSS_PrintAll("Hash", out->outHash.t.buffer, out->outHash.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("hash\n"); + printf("\n"); + printf("Runs TPM2_Hash\n"); + printf("\n"); + printf("\t[-hi\thierarchy (e, o, p, n) (default null)]\n"); + printf("\t\te endorsement, o owner, p platform, n null\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t-if\tinput file to be hashed\n"); + printf("\t-ic\tdata string to be hashed\n"); + printf("\t[-ns\tno space, no text, no newlines]\n"); + printf("\t[-oh\thash file name (default do not save)]\n"); + printf("\t[-tk\tticket file name (default do not save)]\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hashsequencestart.c b/libstb/tss2/ibmtpm20tss/utils/hashsequencestart.c new file mode 100644 index 000000000000..d54fadd4eb47 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hashsequencestart.c @@ -0,0 +1,253 @@ +/********************************************************************************/ +/* */ +/* HashSequenceStart */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + HashSequenceStart_In in; + HashSequenceStart_Out out; + const char *authPassword = NULL; + TPMI_ALG_HASH hashAlg = TPM_ALG_SHA256; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (rc == 0) { + /* auth value for sequence */ + rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(in.auth.t.buffer)); + } + if (rc == 0) { + in.hashAlg = hashAlg; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_HashSequenceStart, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + printf("hashsequencestart: handle %08x\n", out.sequenceHandle); + if (tssUtilsVerbose) printf("hashsequencestart: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hashsequencestart: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("hashsequencestart\n"); + printf("\n"); + printf("Runs TPM2_HashSequenceStart\n"); + printf("\n"); + printf("\t[-pwda\tpassword for sequence (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default sha256)]\n"); + printf("\t\tnull is an event sequence\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hierarchychangeauth.c b/libstb/tss2/ibmtpm20tss/utils/hierarchychangeauth.c new file mode 100644 index 000000000000..c184cc4838ff --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hierarchychangeauth.c @@ -0,0 +1,358 @@ +/********************************************************************************/ +/* */ +/* HierarchyChangeAuth */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + HierarchyChangeAuth_In in; + char hierarchyChar = 0; + const char *newPassword = NULL; + const char *newPasswordFilename = NULL; + const char *authPassword = NULL; + const char *authPasswordFilename = NULL; + /* authPasswordPtr is used as the command auth value. It is either the supplied authPassword + string, the password read from the authPasswordFilename file, or NULL */ + const char *authPasswordPtr = NULL; + uint8_t *authPasswordBuffer = NULL; /* for the free */ + size_t authPasswordLength = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (hierarchyChar == 'l') { + in.authHandle = TPM_RH_LOCKOUT; + } + else if (hierarchyChar == 'e') { + in.authHandle = TPM_RH_ENDORSEMENT; + } + else if (hierarchyChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + if ((newPassword != NULL) && (newPasswordFilename != NULL)) { + printf("Cannot specify both -pwdn and -pwdni\n"); + printUsage(); + } + } + if (rc == 0) { + if ((authPassword != NULL) && (authPasswordFilename != NULL)) { + printf("Cannot specify both -pwda and -pwdai\n"); + printUsage(); + } + } + if (rc == 0) { + /* new auth from string */ + if (newPassword != NULL) { + /* convert password string to TPM2B */ + rc = TSS_TPM2B_StringCopy(&in.newAuth.b, + newPassword, sizeof(in.newAuth.t.buffer)); + } + /* new auth from file */ + else if (newPasswordFilename != NULL) { + uint8_t *buffer = NULL; /* for the free */ + size_t length = 0; + /* read new auth value from the file */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + newPasswordFilename); + } + /* convert password file string to TPM2B */ + if (rc == 0) { + rc = TSS_TPM2B_StringCopy(&in.newAuth.b, + (const char *)buffer, sizeof(in.newAuth.t.buffer)); + } + free(buffer); /* @1 */ + buffer = NULL; + } + /* no new auth specified */ + else { + in.newAuth.t.size = 0; + } + } + if (rc == 0) { + /* command auth from string */ + if (authPassword != NULL) { + authPasswordPtr = authPassword; + } + /* command auth from file */ + else if (authPasswordFilename != NULL) { + if (rc == 0) { + /* must be freed by caller */ + rc = TSS_File_ReadBinaryFile(&authPasswordBuffer, + &authPasswordLength, + authPasswordFilename); + } + if (rc == 0) { + if (authPasswordLength > sizeof(TPMU_HA)) { + printf("Password too long %u\n", (unsigned int)authPasswordLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + authPasswordPtr = (const char *)authPasswordBuffer; + } + } + /* no command auth specified */ + else { + authPasswordPtr = NULL; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_HierarchyChangeAuth, + sessionHandle0, authPasswordPtr, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("hierarchychangeauth: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hierarchychangeauth: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(authPasswordBuffer); + authPasswordBuffer = NULL; + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("hierarchychangeauth\n"); + printf("\n"); + printf("Runs TPM2_HierarchyChangeAuth\n"); + printf("\n"); + printf("\t-hi\thierarchy (l, e, o, p)\n"); + printf("\t\tl lockout, e endorsement, o owner, p platform\n"); + printf("\t-pwdn\tnew authorization password (default empty)\n"); + printf("\t-pwdni\tnew authorization password file name (default empty)\n"); + printf("\t-pwda\tauthorization password (default empty)\n"); + printf("\t-pwdai\tauthorization password file name (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hierarchycontrol.c b/libstb/tss2/ibmtpm20tss/utils/hierarchycontrol.c new file mode 100644 index 000000000000..662e97934fce --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hierarchycontrol.c @@ -0,0 +1,291 @@ +/********************************************************************************/ +/* */ +/* HierarchyControl */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + HierarchyControl_In in; + char authHandleChar = 0; + char enableHandleChar = 0; + int state = 1; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (authHandleChar == 'e') { + in.authHandle = TPM_RH_ENDORSEMENT; + } + else if (authHandleChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (authHandleChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + if (enableHandleChar == 'e') { + in.enable = TPM_RH_ENDORSEMENT; + } + else if (enableHandleChar == 'o') { + in.enable = TPM_RH_OWNER; + } + else if (enableHandleChar == 'p') { + in.enable = TPM_RH_PLATFORM; + } + else if (enableHandleChar == 'n') { + in.enable = TPM_RH_PLATFORM_NV; + } + else { + printf("Missing or illegal -he\n"); + printUsage(); + } + } + if (rc == 0) { + if (state != 0) { + in.state = YES; + } + else { + in.state = NO; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_HierarchyControl, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("hierarchycontrol: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hierarchycontrol: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("hierarchycontrol\n"); + printf("\n"); + printf("Runs TPM2_HierarchyControl\n"); + printf("\n"); + printf("\t-hi\tauthhandle hierarchy (e, o, p)\n"); + printf("\t-he\tenable hierarchy (e, o, p, n)\n"); + printf("\t\te\tendorsement, o owner, p platform, n null\n"); + printf("\t[-pwda\tauthorization password (default empty)]\n"); + printf("\t[-state\t(0 to disable, 1 to enable) (default enable)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hmac.c b/libstb/tss2/ibmtpm20tss/utils/hmac.c new file mode 100644 index 000000000000..be63e1b0a53f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hmac.c @@ -0,0 +1,356 @@ +/********************************************************************************/ +/* */ +/* Hmac */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); +static void printHmac(HMAC_Out *out); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + HMAC_In in; + HMAC_Out out; + TPMI_DH_OBJECT keyHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + const char *inFilename = NULL; + const char *inString = NULL; + const char *hmacFilename = NULL; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + size_t length = 0; + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if ((inFilename == NULL) && (inString == NULL)) { + printf("Input file -if or input string -ic must be specified\n"); + printUsage(); + } + if ((inFilename != NULL) && (inString != NULL)) { + printf("Input file -if and input string -ic cannot both be specified\n"); + printUsage(); + } + if (inFilename != NULL) { + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + inFilename); + } + if (rc == 0) { + if (length > sizeof(in.buffer.t.buffer)) { + printf("Input data too long %lu\n", (unsigned long)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* data to be HMACed */ + in.buffer.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.buffer.t.buffer, buffer, length); + } + } + if (inString != NULL) { + if (rc == 0) { + length = strlen(inString); + if (length > sizeof(in.buffer.t.buffer)) { + printf("Input data too long %lu\n", (unsigned long)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* data to be hashed */ + in.buffer.t.size =(uint16_t) length; /* cast safe, range tested above */ + memcpy(in.buffer.t.buffer, inString, length); + } + } + if (rc == 0) { + /* Handle of key that will perform hmac */ + in.handle = keyHandle; + /* use key's hash algorithm */ + in.hashAlg = halg; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_HMAC, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (hmacFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outHMAC.t.buffer, + out.outHMAC.t.size, + hmacFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printHmac(&out); + if (tssUtilsVerbose) printf("hmac: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hmac: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + return rc; +} + +static void printHmac(HMAC_Out *out) +{ + TSS_PrintAll("HMAC", out->outHMAC.t.buffer, out->outHMAC.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("hmac\n"); + printf("\n"); + printf("Runs TPM2_HMAC\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t-if\tinput file to be HMACed\n"); + printf("\t-ic\tdata string to be HMACed\n"); + printf("\t[-os\thmac file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/hmacstart.c b/libstb/tss2/ibmtpm20tss/utils/hmacstart.c new file mode 100644 index 000000000000..3fdd0f9fa3f5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/hmacstart.c @@ -0,0 +1,278 @@ +/********************************************************************************/ +/* */ +/* HmacStart */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + HMAC_Start_In in; + HMAC_Start_Out out; + TPMI_DH_OBJECT keyHandle = 0; + const char *keyPassword = NULL; + const char *authPassword = NULL; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that will perform hmac */ + in.handle = keyHandle; + /* auth value for sequence */ + rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(in.auth.t.buffer)); + } + if (rc == 0) { + in.hashAlg = halg; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_HMAC_Start, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + printf("hmacstart: handle %08x\n", out.sequenceHandle); + if (tssUtilsVerbose) printf("hmacstart: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("hmacstart: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("hmacstart\n"); + printf("\n"); + printf("Runs TPM2_Hmac_Start\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t-pwdk\tpassword for key (default empty)\n"); + printf("\t-pwda\tpassword for sequence (default empty)\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateCredential_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateCredential_fp.h new file mode 100644 index 000000000000..e2b6083cb086 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateCredential_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ActivateCredential_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef ACTIVATECREDENTIAL_FP_H +#define ACTIVATECREDENTIAL_FP_H + +typedef struct { + TPMI_DH_OBJECT activateHandle; + TPMI_DH_OBJECT keyHandle; + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; +} ActivateCredential_In; + +#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) +#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) +#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) +#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_DIGEST certInfo; +} ActivateCredential_Out; + +TPM_RC +TPM2_ActivateCredential( + ActivateCredential_In *in, // IN: input parameter list + ActivateCredential_Out *out // OUT: output parameter list + ); +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateIdentity_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateIdentity_fp.h new file mode 100644 index 000000000000..84b97b62e054 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ActivateIdentity_fp.h @@ -0,0 +1,64 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 ActivateIdentity */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ActivateIdentity_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef ACTIVATEIDENTITY_FP_H +#define ACTIVATEIDENTITY_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE idKeyHandle; + UINT32 blobSize; + BYTE blob[MAX_RSA_KEY_BYTES]; +} ActivateIdentity_In; + +typedef struct { + TPM_SYMMETRIC_KEY symmetricKey; +} ActivateIdentity_Out; + +TPM_RC +TPM2_ActivateIdentity( + ActivateIdentity_In *in, // IN: input parameter buffer + ActivateIdentity_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/BaseTypes.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/BaseTypes.h new file mode 100644 index 000000000000..c87663c6b530 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/BaseTypes.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: BaseTypes.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 */ +/* */ +/********************************************************************************/ + +/* 5.2 BaseTypes.h */ + +#ifndef BASETYPES_H +#define BASETYPES_H + +#include + +/* NULL definition */ + +#ifndef NULL +#define NULL (0) +#endif +typedef uint8_t UINT8; +typedef uint8_t BYTE; +typedef int8_t INT8; +typedef int BOOL; +typedef uint16_t UINT16; +typedef int16_t INT16; +typedef uint32_t UINT32; +typedef int32_t INT32; +typedef uint64_t UINT64; +typedef int64_t INT64; + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyCreation_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyCreation_fp.h new file mode 100644 index 000000000000..98c336b95afb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyCreation_fp.h @@ -0,0 +1,95 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CertifyCreation_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CERTIFYCREATION_FP_H +#define CERTIFYCREATION_FP_H + +typedef struct { + TPMI_DH_OBJECT signHandle; + TPMI_DH_OBJECT objectHandle; + TPM2B_DATA qualifyingData; + TPM2B_DIGEST creationHash; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_CREATION creationTicket; +} CertifyCreation_In; + +#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) +#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) +#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) +#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} CertifyCreation_Out; + +TPM_RC +TPM2_CertifyCreation( + CertifyCreation_In *in, // IN: input parameter list + CertifyCreation_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyX509_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyX509_fp.h new file mode 100644 index 000000000000..1fb36fe7f421 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CertifyX509_fp.h @@ -0,0 +1,91 @@ +/********************************************************************************/ +/* */ +/* TPM2_CertifyX509 Command Header */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2019 */ +/* */ +/********************************************************************************/ + +#ifndef CERTIFYX509_FP_H +#define CERTIFYX509_FP_H + +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA reserved; + TPMT_SIG_SCHEME inScheme; + TPM2B_MAX_BUFFER partialCertificate; +} CertifyX509_In; + +#define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_CertifyX509_reserved (TPM_RC_P + TPM_RC_1) +#define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_MAX_BUFFER addedToCertificate; + TPM2B_DIGEST tbsDigest; + TPMT_SIGNATURE signature; +} CertifyX509_Out; + +TPM_RC +TPM2_CertifyX509( + CertifyX509_In *in, // IN: input parameter list + CertifyX509_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Certify_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Certify_fp.h new file mode 100644 index 000000000000..dc186e4eb7f0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Certify_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Certify_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CERTIFY_FP_H +#define CERTIFY_FP_H + +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} Certify_In; + +#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} Certify_Out; + + + +TPM_RC +TPM2_Certify( + Certify_In *in, // IN: input parameter list + Certify_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangeEPS_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangeEPS_fp.h new file mode 100644 index 000000000000..085473021efd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangeEPS_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ChangeEPS_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CHANGEEPS_FP_H +#define CHANGEEPS_FP_H + +typedef struct { + TPMI_RH_PLATFORM authHandle; +} ChangeEPS_In; + +#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_ChangeEPS( + ChangeEPS_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangePPS_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangePPS_fp.h new file mode 100644 index 000000000000..566cfe748d4d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ChangePPS_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ChangePPS_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CHANGEPPS_FP_H +#define CHANGEPPS_FP_H + +typedef struct { + TPMI_RH_PLATFORM authHandle; +} ChangePPS_In; + +#define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_ChangePPS( + ChangePPS_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClearControl_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClearControl_fp.h new file mode 100644 index 000000000000..4ecd727e6016 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClearControl_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ClearControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CLEARCONTROL_FP_H +#define CLEARCONTROL_FP_H + +typedef struct { + TPMI_RH_CLEAR auth; + TPMI_YES_NO disable; +} ClearControl_In; + +#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_ClearControl( + ClearControl_In *in // IN: input parameter list + ); +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Clear_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Clear_fp.h new file mode 100644 index 000000000000..f12e6bc8eaba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Clear_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Clear_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CLEAR_FP_H +#define CLEAR_FP_H + +typedef struct { + TPMI_RH_CLEAR authHandle; +} Clear_In; + +#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_Clear( + Clear_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockRateAdjust_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockRateAdjust_fp.h new file mode 100644 index 000000000000..e66d153aea71 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockRateAdjust_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ClockRateAdjust_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CLOCKRATEADJUST_FP_H +#define CLOCKRATEADJUST_FP_H + +typedef struct { + TPMI_RH_PROVISION auth; + TPM_CLOCK_ADJUST rateAdjust; +} ClockRateAdjust_In; + +#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) + + +TPM_RC +TPM2_ClockRateAdjust( + ClockRateAdjust_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockSet_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockSet_fp.h new file mode 100644 index 000000000000..c62ea974fd34 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ClockSet_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ClockSet_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CLOCKSET_FP_H +#define CLOCKSET_FP_H + +typedef struct { + TPMI_RH_PROVISION auth; + UINT64 newTime; +} ClockSet_In; + +#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) +#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_ClockSet( + ClockSet_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Commit_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Commit_fp.h new file mode 100644 index 000000000000..653dd53e0b48 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Commit_fp.h @@ -0,0 +1,94 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Commit_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef COMMIT_FP_H +#define COMMIT_FP_H + +typedef struct { + TPMI_DH_OBJECT signHandle; + TPM2B_ECC_POINT P1; + TPM2B_SENSITIVE_DATA s2; + TPM2B_ECC_PARAMETER y2; +} Commit_In; + +#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) +#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) +#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_ECC_POINT K; + TPM2B_ECC_POINT L; + TPM2B_ECC_POINT E; + UINT16 counter; +} Commit_Out; + +TPM_RC +TPM2_Commit( + Commit_In *in, // IN: input parameter list + Commit_Out *out // OUT: output parameter list + ); + + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextLoad_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextLoad_fp.h new file mode 100644 index 000000000000..5742f7f3f4a5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextLoad_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ContextLoad_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CONTEXTLOAD_FP_H +#define CONTEXTLOAD_FP_H + +typedef struct { + TPMS_CONTEXT context; +} ContextLoad_In; + +#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPMI_DH_CONTEXT loadedHandle; +} ContextLoad_Out; + +TPM_RC +TPM2_ContextLoad( + ContextLoad_In *in, // IN: input parameter list + ContextLoad_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextSave_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextSave_fp.h new file mode 100644 index 000000000000..bfb17119e1c1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ContextSave_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ContextSave_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CONTEXTSAVE_FP_H +#define CONTEXTSAVE_FP_H + +typedef struct { + TPMI_DH_CONTEXT saveHandle; +} ContextSave_In; + +#define RC_ContextSave_saveHandle (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPMS_CONTEXT context; +} ContextSave_Out; + +TPM_RC +TPM2_ContextSave( + ContextSave_In *in, // IN: input parameter list + ContextSave_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateEndorsementKeyPair_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateEndorsementKeyPair_fp.h new file mode 100644 index 000000000000..a183ba028624 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateEndorsementKeyPair_fp.h @@ -0,0 +1,64 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 CreateEndorsementKeyPair */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CreateEndorsementKeyPair_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef CREATEENDORSEMENTKEYPAIR_FP_H +#define CREATEENDORSEMENTKEYPAIR_FP_H + +#include +#include + +#include + +typedef struct { + TPM_NONCE antiReplay; + TPM_KEY_PARMS keyInfo; +} CreateEndorsementKeyPair_In; + +typedef struct { + TPM_PUBKEY pubEndorsementKey; + TPM_DIGEST checksum; +} CreateEndorsementKeyPair_Out; + +TPM_RC +TPM2_CreateEndorsementKeyPair( + CreateEndorsementKeyPair_In *in, // IN: input parameter buffer + CreateEndorsementKeyPair_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateLoaded_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateLoaded_fp.h new file mode 100644 index 000000000000..a6792c155986 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateLoaded_fp.h @@ -0,0 +1,90 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CreateLoaded_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +#ifndef CREATELOADED_FP_H +#define CREATELOADED_FP_H + +/* rev 136 */ + +typedef struct { + TPMI_DH_PARENT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_TEMPLATE inPublic; +} CreateLoaded_In; + +#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; +} CreateLoaded_Out; + +TPM_RC +TPM2_CreateLoaded( + CreateLoaded_In *in, // IN: input parameter list + CreateLoaded_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreatePrimary_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreatePrimary_fp.h new file mode 100644 index 000000000000..958293b101b4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreatePrimary_fp.h @@ -0,0 +1,96 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CreatePrimary_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef CREATEPRIMARY_FP_H +#define CREATEPRIMARY_FP_H + +typedef struct { + TPMI_RH_HIERARCHY primaryHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; +} CreatePrimary_In; + +#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) +#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) +#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; + TPM2B_NAME name; +} CreatePrimary_Out; + +TPM_RC +TPM2_CreatePrimary( + CreatePrimary_In *in, // IN: input parameter list + CreatePrimary_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateWrapKey_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateWrapKey_fp.h new file mode 100644 index 000000000000..a078d22d3290 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/CreateWrapKey_fp.h @@ -0,0 +1,65 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 CreateWrapKey */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: CreateWrapKey_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef CREATEWRAPKEY_FP_H +#define CREATEWRAPKEY_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE parentHandle; + TPM_ENCAUTH dataUsageAuth; + TPM_ENCAUTH dataMigrationAuth; + TPM_KEY12 keyInfo; +} CreateWrapKey_In; + +typedef struct { + TPM_KEY12 wrappedKey; +} CreateWrapKey_Out; + +TPM_RC +TPM2_CreateWrapKey( + CreateWrapKey_In *in, // IN: input parameter buffer + CreateWrapKey_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Create_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Create_fp.h new file mode 100644 index 000000000000..95eca6159bfb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Create_fp.h @@ -0,0 +1,96 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Create_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 137 */ + +#ifndef CREATE_FP_H +#define CREATE_FP_H + +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; +} Create_In; + +#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) +#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) +#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; +} Create_Out; + +TPM_RC +TPM2_Create( + Create_In *in, // IN: input parameter list + Create_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackLockReset_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackLockReset_fp.h new file mode 100644 index 000000000000..6ef8ea2bf185 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackLockReset_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: DictionaryAttackLockReset_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef DICTIONARYATTACKLOCKRESET_FP_H +#define DICTIONARYATTACKLOCKRESET_FP_H + +typedef struct { + TPMI_RH_LOCKOUT lockHandle; +} DictionaryAttackLockReset_In; + +#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_DictionaryAttackLockReset( + DictionaryAttackLockReset_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackParameters_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackParameters_fp.h new file mode 100644 index 000000000000..86903c323a5d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/DictionaryAttackParameters_fp.h @@ -0,0 +1,86 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: DictionaryAttackParameters_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef DICTIONARYATTACKPARAMETERS_FP_H +#define DICTIONARYATTACKPARAMETERS_FP_H + + +typedef struct { + TPMI_RH_LOCKOUT lockHandle; + UINT32 newMaxTries; + UINT32 newRecoveryTime; + UINT32 lockoutRecovery; +} DictionaryAttackParameters_In; + +#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) +#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) +#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) +#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_DictionaryAttackParameters( + DictionaryAttackParameters_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Duplicate_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Duplicate_fp.h new file mode 100644 index 000000000000..97693be533e1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Duplicate_fp.h @@ -0,0 +1,91 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Duplicate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef DUPLICATE_FP_H +#define DUPLICATE_FP_H + +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT newParentHandle; + TPM2B_DATA encryptionKeyIn; + TPMT_SYM_DEF_OBJECT symmetricAlg; +} Duplicate_In; + +typedef struct { + TPM2B_DATA encryptionKeyOut; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; +} Duplicate_Out; + +#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) +#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) +#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_Duplicate( + Duplicate_In *in, // IN: input parameter list + Duplicate_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECC_Parameters_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECC_Parameters_fp.h new file mode 100644 index 000000000000..18bc2a391f4e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECC_Parameters_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ECC_Parameters_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef ECC_PARAMETERS_FP_H +#define ECC_PARAMETERS_FP_H + +typedef struct { + TPMI_ECC_CURVE curveID; +} ECC_Parameters_In; + +#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPMS_ALGORITHM_DETAIL_ECC parameters; +} ECC_Parameters_Out; + +TPM_RC +TPM2_ECC_Parameters( + ECC_Parameters_In *in, // IN: input parameter list + ECC_Parameters_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_KeyGen_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_KeyGen_fp.h new file mode 100644 index 000000000000..9ff523f14c54 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_KeyGen_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ECDH_KeyGen_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef ECDH_KEYGEN_FP_H +#define ECDH_KEYGEN_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; +} ECDH_KeyGen_In; + +#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) + +typedef struct { + TPM2B_ECC_POINT zPoint; + TPM2B_ECC_POINT pubPoint; +} ECDH_KeyGen_Out; + +TPM_RC +TPM2_ECDH_KeyGen( + ECDH_KeyGen_In *in, // IN: input parameter list + ECDH_KeyGen_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_ZGen_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_ZGen_fp.h new file mode 100644 index 000000000000..f93fe15dcb3c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ECDH_ZGen_fp.h @@ -0,0 +1,86 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ECDH_ZGen_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef ECDH_ZGEN_FP_H +#define ECDH_ZGEN_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_ECC_POINT inPoint; +} ECDH_ZGen_In; + +#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_ECC_POINT outPoint; +} ECDH_ZGen_Out; + +TPM_RC +TPM2_ECDH_ZGen( + ECDH_ZGen_In *in, // IN: input parameter list + ECDH_ZGen_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/EC_Ephemeral_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EC_Ephemeral_fp.h new file mode 100644 index 000000000000..67976232410f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EC_Ephemeral_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: EC_Ephemeral_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef EC_EPHEMERAL_FP_H +#define EC_EPHEMERAL_FP_H + +typedef struct { + TPMI_ECC_CURVE curveID; +} EC_Ephemeral_In; + +#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_ECC_POINT Q; + UINT16 counter; +} EC_Ephemeral_Out; + +TPM_RC +TPM2_EC_Ephemeral( + EC_Ephemeral_In *in, // IN: input parameter list + EC_Ephemeral_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt2_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt2_fp.h new file mode 100644 index 000000000000..cff3a6445e0d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt2_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: EncryptDecrypt2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ +/* */ +/********************************************************************************/ + +/* rev 146*/ + +#ifndef ENCRYPTDECRYPT2_FP_H +#define ENCRYPTDECRYPT2_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_MAX_BUFFER inData; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; +} EncryptDecrypt2_In; + +#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) +#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) +#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) +#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; +} EncryptDecrypt2_Out; + +TPM_RC +TPM2_EncryptDecrypt2( + EncryptDecrypt2_In *in, // IN: input parameter list + EncryptDecrypt2_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt_fp.h new file mode 100644 index 000000000000..57b0872f1251 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EncryptDecrypt_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: EncryptDecrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 146 */ + +#ifndef ENCRYPTDECRYPT_FP_H +#define ENCRYPTDECRYPT_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; + TPM2B_MAX_BUFFER inData; +} EncryptDecrypt_In; + +#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) +#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) +#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) +#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; +} EncryptDecrypt_Out; + +TPM_RC +TPM2_EncryptDecrypt( + EncryptDecrypt_In *in, // IN: input parameter list + EncryptDecrypt_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/EventSequenceComplete_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EventSequenceComplete_fp.h new file mode 100644 index 000000000000..e58837e5dfbf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EventSequenceComplete_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: EventSequenceComplete_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef EVENTSEQUENCECOMPLETE_FP_H +#define EVENTSEQUENCECOMPLETE_FP_H + +typedef struct { + TPMI_DH_PCR pcrHandle; + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; +} EventSequenceComplete_In; + +#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) +#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPML_DIGEST_VALUES results; +} EventSequenceComplete_Out; + +TPM_RC +TPM2_EventSequenceComplete( + EventSequenceComplete_In *in, // IN: input parameter list + EventSequenceComplete_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/EvictControl_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EvictControl_fp.h new file mode 100644 index 000000000000..1b31c4992f39 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/EvictControl_fp.h @@ -0,0 +1,82 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: EvictControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef EVICTCONTROL_FP_H +#define EVICTCONTROL_FP_H + +typedef struct { + TPMI_RH_PROVISION auth; + TPMI_DH_OBJECT objectHandle; + TPMI_DH_PERSISTENT persistentHandle; +} EvictControl_In; + +#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) +#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) +#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_EvictControl( + EvictControl_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Extend_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Extend_fp.h new file mode 100644 index 000000000000..197e4c802d09 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Extend_fp.h @@ -0,0 +1,64 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Extend */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef EXTEND_FP_H +#define EXTEND_FP_H + +#include +#include + +#include + +typedef struct { + + TPM_PCRINDEX pcrNum; + TPM_DIGEST inDigest; +} Extend_In; + +typedef struct { + TPM_PCRVALUE outDigest; +} Extend_Out; + +TPM_RC +TPM2_Extend( + Extend_In *in, // IN: input parameter buffer + Extend_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushContext_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushContext_fp.h new file mode 100644 index 000000000000..97b22e53b95e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushContext_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: FlushContext_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef FLUSHCONTEXT_FP_H +#define FLUSHCONTEXT_FP_H + +typedef struct { + TPMI_DH_CONTEXT flushHandle; +} FlushContext_In; + +#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_FlushContext( + FlushContext_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushSpecific_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushSpecific_fp.h new file mode 100644 index 000000000000..59b675134a42 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/FlushSpecific_fp.h @@ -0,0 +1,58 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 FlushSpecific */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: FlushSpecific_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef FLUSHSPECIFIC_FP_H +#define FLUSHSPECIFIC_FP_H + +#include +#include + +#include + +typedef struct { + TPM_HANDLE handle; + TPM_RESOURCE_TYPE resourceType; +} FlushSpecific_In; + +TPM_RC +TPM2_FlushSpecific( + FlushSpecific_In *in // IN: input parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability12_fp.h new file mode 100644 index 000000000000..a1c47a053820 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability12_fp.h @@ -0,0 +1,65 @@ +/********************************************************************************/ +/* */ +/* Get Capability for TPM 1.2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef GETCAPABILITY12_FP_H +#define GETCAPABILITY12_FP_H + +typedef struct { + TPM_CAPABILITY_AREA capArea; + UINT32 subCapSize; + uint8_t subCap[MAX_RESPONSE_SIZE]; +} GetCapability12_In; + +#define RC_GetCapability12_capArea (TPM_RC_P + TPM_RC_1) +#define RC_GetCapability12_subCapSize (TPM_RC_P + TPM_RC_2) +#define RC_GetCapability12_subcap (TPM_RC_P + TPM_RC_3) + +typedef struct { + UINT32 respSize; + uint8_t resp[MAX_RESPONSE_SIZE]; +} GetCapability12_Out; + + +TPM_RC +TPM2_GetCapability12( + GetCapability12_In *in, // IN: input parameter list + GetCapability12_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability_fp.h new file mode 100644 index 000000000000..7257613aedc5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCapability_fp.h @@ -0,0 +1,90 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetCapability_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETCAPABILITY_FP_H +#define GETCAPABILITY_FP_H + +typedef struct { + TPM_CAP capability; + UINT32 property; + UINT32 propertyCount; +} GetCapability_In; + +#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) +#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) +#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPMI_YES_NO moreData; + TPMS_CAPABILITY_DATA capabilityData; +} GetCapability_Out; + + +TPM_RC +TPM2_GetCapability( + GetCapability_In *in, // IN: input parameter list + GetCapability_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCommandAuditDigest_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCommandAuditDigest_fp.h new file mode 100644 index 000000000000..71a5f152d354 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetCommandAuditDigest_fp.h @@ -0,0 +1,91 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetCommandAuditDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETCOMMANDAUDITDIGEST_FP_H +#define GETCOMMANDAUDITDIGEST_FP_H + +typedef struct { + TPMI_RH_ENDORSEMENT privacyHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetCommandAuditDigest_In; + +#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; +} GetCommandAuditDigest_Out; + +TPM_RC +TPM2_GetCommandAuditDigest( + GetCommandAuditDigest_In *in, // IN: input parameter list + GetCommandAuditDigest_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetRandom_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetRandom_fp.h new file mode 100644 index 000000000000..438da95c0727 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetRandom_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetRandom_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETRANDOM_FP_H +#define GETRANDOM_FP_H + +typedef struct { + UINT16 bytesRequested; +} GetRandom_In; + +#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_DIGEST randomBytes; +} GetRandom_Out; + +TPM_RC +TPM2_GetRandom( + GetRandom_In *in, // IN: input parameter list + GetRandom_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetSessionAuditDigest_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetSessionAuditDigest_fp.h new file mode 100644 index 000000000000..b49c8cd68063 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetSessionAuditDigest_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetSessionAuditDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETSESSIONAUDITDIGEST_FP_H +#define GETSESSIONAUDITDIGEST_FP_H + +typedef struct { + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPMI_SH_HMAC sessionHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetSessionAuditDigest_In; + +#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) +#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; +} GetSessionAuditDigest_Out; + +TPM_RC +TPM2_GetSessionAuditDigest( + GetSessionAuditDigest_In *in, // IN: input parameter list + GetSessionAuditDigest_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTestResult_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTestResult_fp.h new file mode 100644 index 000000000000..4c4c71660e7d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTestResult_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetTestResult_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2016 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETTESTRESULT_FP_H +#define GETTESTRESULT_FP_H + +typedef struct{ + TPM2B_MAX_BUFFER outData; + TPM_RC testResult; +} GetTestResult_Out; + + + TPM_RC +TPM2_GetTestResult( + GetTestResult_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTime_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTime_fp.h new file mode 100644 index 000000000000..75c5e6c1ecd3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/GetTime_fp.h @@ -0,0 +1,91 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: GetTime_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef GETTIME_FP_H +#define GETTIME_FP_H + +typedef struct { + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; +} GetTime_In; + +#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) +#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_ATTEST timeInfo; + TPMT_SIGNATURE signature; +} GetTime_Out; + +TPM_RC +TPM2_GetTime( + GetTime_In *in, // IN: input parameter list + GetTime_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_Start_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_Start_fp.h new file mode 100644 index 000000000000..b27b2e574ede --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_Start_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: HMAC_Start_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HMAC_START_FP_H +#define HMAC_START_FP_H + +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; +} HMAC_Start_In; + +typedef struct { + TPMI_DH_OBJECT sequenceHandle; +} HMAC_Start_Out; + +#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) +#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) +#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_HMAC_Start( + HMAC_Start_In *in, // IN: input parameter list + HMAC_Start_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_fp.h new file mode 100644 index 000000000000..aace92290511 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HMAC_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: HMAC_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HMAC_FP_H +#define HMAC_FP_H + +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_MAX_BUFFER buffer; + TPMI_ALG_HASH hashAlg; +} HMAC_In; + +#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) +#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) +#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_DIGEST outHMAC; +} HMAC_Out; + +TPM_RC +TPM2_HMAC( + HMAC_In *in, // IN: input parameter list + HMAC_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/HashSequenceStart_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HashSequenceStart_fp.h new file mode 100644 index 000000000000..7a5bd1167f9d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HashSequenceStart_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: HashSequenceStart_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HASHSEQUENCESTART_FP_H +#define HASHSEQUENCESTART_FP_H + +typedef struct { + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; +} HashSequenceStart_In; + +#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) +#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPMI_DH_OBJECT sequenceHandle; +} HashSequenceStart_Out; + + + +TPM_RC +TPM2_HashSequenceStart( + HashSequenceStart_In *in, // IN: input parameter list + HashSequenceStart_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Hash_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Hash_fp.h new file mode 100644 index 000000000000..7e3a0093fd54 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Hash_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Hash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HASH_FP_H +#define HASH_FP_H + +typedef struct { + TPM2B_MAX_BUFFER data; + TPMI_ALG_HASH hashAlg; + TPMI_RH_HIERARCHY hierarchy; +} Hash_In; + +#define RC_Hash_data (TPM_RC_P + TPM_RC_1) +#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) +#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_DIGEST outHash; + TPMT_TK_HASHCHECK validation; +} Hash_Out; + +TPM_RC +TPM2_Hash( + Hash_In *in, // IN: input parameter list + Hash_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyChangeAuth_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyChangeAuth_fp.h new file mode 100644 index 000000000000..df6278a66075 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyChangeAuth_fp.h @@ -0,0 +1,80 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: HierarchyChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HIERARCHYCHANGEAUTH_FP_H +#define HIERARCHYCHANGEAUTH_FP_H + +typedef struct { + TPMI_RH_HIERARCHY_AUTH authHandle; + TPM2B_AUTH newAuth; +} HierarchyChangeAuth_In; + +#define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_HierarchyChangeAuth( + HierarchyChangeAuth_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyControl_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyControl_fp.h new file mode 100644 index 000000000000..e774f6df1aa6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/HierarchyControl_fp.h @@ -0,0 +1,83 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: HierarchyControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef HIERARCHYCONTROL_FP_H +#define HIERARCHYCONTROL_FP_H + +typedef struct { + TPMI_RH_HIERARCHY authHandle; + TPMI_RH_ENABLES enable; + TPMI_YES_NO state; +} HierarchyControl_In; + +#define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) +#define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_HierarchyControl( + HierarchyControl_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Implementation.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Implementation.h new file mode 100644 index 000000000000..9d63da1d2662 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Implementation.h @@ -0,0 +1,1446 @@ +/********************************************************************************/ +/* */ +/* TSS Implementation Specific Constants */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +/* #define TPM_TSS_SO_0 to get the libibmtss.so.0 values. Leave it undefined to get the new + libibmtss.so.1 values. + + The new values are required for a TPM with 4 or more hash algorithms. +*/ + +// A.2 Implementation.h + +#ifndef _IMPLEMENTATION_H_ +#define _IMPLEMENTATION_H_ + +#include +#include +#include + +/* Constants for TPM_Types.h structures. Changing these values is likely to break ABI + compatiblility.*/ + +// From Vendor-Specific: Table 4 - Defines for Key Size Constants + +#ifdef TPM_TSS_SO_0 +#define MAX_RSA_KEY_BYTES 256 +#else +#define MAX_RSA_KEY_BYTES 512 +#endif + +#ifdef TPM_TSS_SO_0 +#define MAX_ECC_KEY_BYTES 48 +#else +#define MAX_ECC_KEY_BYTES 128 +#endif + +/* This is the PC Client minimum value, and should be used for applications. */ +#define IMPLEMENTATION_PCR 24 + +#define MAX_HANDLE_NUM 3 /* the maximum number of handles in the handle + area */ +#define MAX_ACTIVE_SESSIONS 64 /* the number of simultaneously active sessions that + are supported by the TPM implementation */ +#define MAX_SESSION_NUM 3 /* this is the current maximum value */ + +#ifdef TPM_TSS_SO_0 +#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) +#else +/* increased to 8 to handle up to 64 PCRs */ +#define PCR_SELECT_MAX 8 +#endif + +#ifdef TPM_TSS_SO_0 +#define MAX_CONTEXT_SIZE 2048 +#else +#define MAX_CONTEXT_SIZE 5120 +#endif + +#define MAX_DIGEST_BUFFER 2048 +#define MAX_NV_BUFFER_SIZE 2048 +#define MAX_CAP_BUFFER 2048 + +#ifdef TPM_TSS_SO_0 +#define MAX_ALG_LIST_SIZE 64 /* number of algorithms that can be in a list */ +#else +#define MAX_ALG_LIST_SIZE 128 /* number of algorithms that can be in a list */ +#endif + +#define MAX_COMMAND_SIZE 4096 /* maximum size of a command */ +#define MAX_RESPONSE_SIZE 4096 /* maximum size of a response */ + +#ifdef TPM_TSS_SO_0 +#define MAX_SYM_DATA 128 /* this is the maximum number of octets that + may be in a sealed blob. */ +#else +#define MAX_SYM_DATA 256 +#endif + +#ifdef TPM_TSS_SO_0 +/* For the TSS .so.0, the number of digest and PCR banks was originally dependent on the number of + supported hash algoriths, using common TPM / TSS code. */ +#define HASH_COUNT 3 +#else +/* For the TSS .so.1, the number was increased to support a SW TPM with 4 banks (unlikely for a HW + TPM) plus future expansion. */ +#define HASH_COUNT 16 +#endif + +/* value independent of supported hash algorithms */ +#define LABEL_MAX_BUFFER 48 +#if LABEL_MAX_BUFFER < 32 +#error "The size allowed for the label is not large enough for interoperability." +#endif + +/* hard code maximum independent of the algorithms actually supported */ +#define MAX_SYM_KEY_BYTES 32 +#define MAX_SYM_BLOCK_SIZE 16 + +#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 /* 2^^16 + 1 */ + +#undef TRUE +#undef FALSE + +// From TPM 2.0 Part 2: Table 4 - Defines for Logic Values + +#define TRUE 1 +#define FALSE 0 +#define YES 1 +#define NO 0 +#define SET 1 +#define CLEAR 0 + +// Change these definitions to turn all algorithms or commands ON or OFF. That is, to turn all +// algorithms on, set ALG_NO to YES. This is mostly useful as a debug feature. + +#define ALG_YES YES +#define ALG_NO NO +#define CC_YES YES +#define CC_NO NO + +// From Vendor-Specific: Table 2 - Defines for Implemented Algorithms + +#ifndef ALG_RSA +#define ALG_RSA ALG_YES +#endif +#ifndef ALG_SHA1 +#define ALG_SHA1 ALG_YES +#endif +#define ALG_HMAC ALG_YES +#ifndef ALG_TDES +#define ALG_TDES ALG_YES +#endif +#define ALG_AES ALG_YES +#define ALG_MGF1 ALG_YES +#define ALG_XOR ALG_YES +#define ALG_KEYEDHASH ALG_YES +#ifndef ALG_SHA256 +#define ALG_SHA256 ALG_YES +#endif +#ifndef ALG_SHA384 +#define ALG_SHA384 ALG_YES +#endif +#ifndef ALG_SHA512 +#define ALG_SHA512 ALG_YES +#endif +#define ALG_SHA3_256 ALG_NO +#define ALG_SHA3_384 ALG_NO +#define ALG_SHA3_512 ALG_NO +#define ALG_SM3_256 ALG_YES +#define ALG_SM4 ALG_NO +#define ALG_RSASSA (ALG_YES*ALG_RSA) +#define ALG_RSAES (ALG_YES*ALG_RSA) +#define ALG_RSAPSS (ALG_YES*ALG_RSA) +#define ALG_OAEP (ALG_YES*ALG_RSA) +#ifndef ALG_ECC +#define ALG_ECC ALG_YES +#endif +#define ALG_ECDH (ALG_YES*ALG_ECC) +#define ALG_ECDSA (ALG_YES*ALG_ECC) +#define ALG_ECDAA (ALG_YES*ALG_ECC) +#define ALG_SM2 (ALG_YES*ALG_ECC) +#define ALG_ECSCHNORR (ALG_YES*ALG_ECC) +#define ALG_ECMQV (ALG_NO*ALG_ECC) +#define ALG_SYMCIPHER ALG_YES +#define ALG_KDF1_SP800_56A (ALG_YES*ALG_ECC) +#define ALG_KDF2 ALG_NO +#define ALG_KDF1_SP800_108 ALG_YES +#define ALG_CTR ALG_YES +#define ALG_OFB ALG_YES +#define ALG_CBC ALG_YES +#define ALG_CFB ALG_YES +#define ALG_ECB ALG_YES + +// From Vendor-Specific: Table 6 - Defines for Implemented Commands + +#define CC_ActivateCredential CC_YES +#define CC_Certify CC_YES +#define CC_CertifyCreation CC_YES +#define CC_CertifyX509 CC_YES +#define CC_ChangeEPS CC_YES +#define CC_ChangePPS CC_YES +#define CC_Clear CC_YES +#define CC_ClearControl CC_YES +#define CC_ClockRateAdjust CC_YES +#define CC_ClockSet CC_YES +#define CC_Commit (CC_YES*ALG_ECC) +#define CC_ContextLoad CC_YES +#define CC_ContextSave CC_YES +#define CC_Create CC_YES +#define CC_CreatePrimary CC_YES +#define CC_DictionaryAttackLockReset CC_YES +#define CC_DictionaryAttackParameters CC_YES +#define CC_Duplicate CC_YES +#define CC_ECC_Parameters (CC_YES*ALG_ECC) +#define CC_ECDH_KeyGen (CC_YES*ALG_ECC) +#define CC_ECDH_ZGen (CC_YES*ALG_ECC) +#define CC_EncryptDecrypt CC_YES +#define CC_EventSequenceComplete CC_YES +#define CC_EvictControl CC_YES +#define CC_FieldUpgradeData CC_NO +#define CC_FieldUpgradeStart CC_NO +#define CC_FirmwareRead CC_NO +#define CC_FlushContext CC_YES +#define CC_GetCapability CC_YES +#define CC_GetCommandAuditDigest CC_YES +#define CC_GetRandom CC_YES +#define CC_GetSessionAuditDigest CC_YES +#define CC_GetTestResult CC_YES +#define CC_GetTime CC_YES +#define CC_Hash CC_YES +#define CC_HashSequenceStart CC_YES +#define CC_HierarchyChangeAuth CC_YES +#define CC_HierarchyControl CC_YES +#define CC_HMAC CC_YES +#define CC_HMAC_Start CC_YES +#define CC_Import CC_YES +#define CC_IncrementalSelfTest CC_YES +#define CC_Load CC_YES +#define CC_LoadExternal CC_YES +#define CC_MakeCredential CC_YES +#define CC_NV_Certify CC_YES +#define CC_NV_ChangeAuth CC_YES +#define CC_NV_DefineSpace CC_YES +#define CC_NV_Extend CC_YES +#define CC_NV_GlobalWriteLock CC_YES +#define CC_NV_Increment CC_YES +#define CC_NV_Read CC_YES +#define CC_NV_ReadLock CC_YES +#define CC_NV_ReadPublic CC_YES +#define CC_NV_SetBits CC_YES +#define CC_NV_UndefineSpace CC_YES +#define CC_NV_UndefineSpaceSpecial CC_YES +#define CC_NV_Write CC_YES +#define CC_NV_WriteLock CC_YES +#define CC_ObjectChangeAuth CC_YES +#define CC_PCR_Allocate CC_YES +#define CC_PCR_Event CC_YES +#define CC_PCR_Extend CC_YES +#define CC_PCR_Read CC_YES +#define CC_PCR_Reset CC_YES +#define CC_PCR_SetAuthPolicy CC_YES +#define CC_PCR_SetAuthValue CC_YES +#define CC_PolicyAuthorize CC_YES +#define CC_PolicyAuthorizeNV CC_YES +#define CC_PolicyAuthValue CC_YES +#define CC_PolicyCommandCode CC_YES +#define CC_PolicyCounterTimer CC_YES +#define CC_PolicyCpHash CC_YES +#define CC_PolicyDuplicationSelect CC_YES +#define CC_PolicyGetDigest CC_YES +#define CC_PolicyLocality CC_YES +#define CC_PolicyNameHash CC_YES +#define CC_PolicyNV CC_YES +#define CC_PolicyOR CC_YES +#define CC_PolicyPassword CC_YES +#define CC_PolicyPCR CC_YES +#define CC_PolicyPhysicalPresence CC_YES +#define CC_PolicyRestart CC_YES +#define CC_PolicySecret CC_YES +#define CC_PolicySigned CC_YES +#define CC_PolicyTicket CC_YES +#define CC_PP_Commands CC_YES +#define CC_Quote CC_YES +#define CC_ReadClock CC_YES +#define CC_ReadPublic CC_YES +#define CC_Rewrap CC_YES +#define CC_RSA_Decrypt (CC_YES*ALG_RSA) +#define CC_RSA_Encrypt (CC_YES*ALG_RSA) +#define CC_SelfTest CC_YES +#define CC_SequenceComplete CC_YES +#define CC_SequenceUpdate CC_YES +#define CC_SetAlgorithmSet CC_YES +#define CC_SetCommandCodeAuditStatus CC_YES +#define CC_SetPrimaryPolicy CC_YES +#define CC_Shutdown CC_YES +#define CC_Sign CC_YES +#define CC_StartAuthSession CC_YES +#define CC_Startup CC_YES +#define CC_StirRandom CC_YES +#define CC_TestParms CC_YES +#define CC_Unseal CC_YES +#define CC_VerifySignature CC_YES +#define CC_ZGen_2Phase (CC_YES*ALG_ECC) +#define CC_EC_Ephemeral (CC_YES*ALG_ECC) +#define CC_PolicyNvWritten CC_YES +#define CC_PolicyTemplate CC_YES +#define CC_CreateLoaded CC_YES +#define CC_PolicyAuthorizeNV CC_YES +#define CC_EncryptDecrypt2 CC_YES +#define CC_Vendor_TCG_Test CC_YES + +#define CC_NTC2_PreConfig CC_YES +#define CC_NTC2_LockPreConfig CC_YES +#define CC_NTC2_GetConfig CC_YES + +// From TCG Algorithm Registry: Table 2 - Definition of TPM_ALG_ID Constants + +#define ALG_ERROR_VALUE 0x0000 +#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) +#define ALG_RSA_VALUE 0x0001 +#if defined ALG_RSA && ALG_RSA == YES +#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) +#endif +#define ALG_TDES_VALUE 0x0003 +#if defined ALG_TDES && ALG_TDES == YES +#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) +#endif +#define ALG_SHA_VALUE 0x0004 +#if defined ALG_SHA && ALG_SHA == YES +#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) +#endif +#define ALG_SHA1_VALUE 0x0004 +#if defined ALG_SHA1 && ALG_SHA1 == YES +#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) +#endif +#define ALG_HMAC_VALUE 0x0005 +#if defined ALG_HMAC && ALG_HMAC == YES +#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) +#endif +#define ALG_AES_VALUE 0x0006 +#if defined ALG_AES && ALG_AES == YES +#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) +#endif +#define ALG_MGF1_VALUE 0x0007 +#if defined ALG_MGF1 && ALG_MGF1 == YES +#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) +#endif +#define ALG_KEYEDHASH_VALUE 0x0008 +#if defined ALG_KEYEDHASH && ALG_KEYEDHASH == YES +#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) +#endif +#define ALG_XOR_VALUE 0x000A +#if defined ALG_XOR && ALG_XOR == YES +#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) +#endif +#define ALG_SHA256_VALUE 0x000B +#if defined ALG_SHA256 && ALG_SHA256 == YES +#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) +#endif +#define ALG_SHA384_VALUE 0x000C +#if defined ALG_SHA384 && ALG_SHA384 == YES +#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) +#endif +#define ALG_SHA512_VALUE 0x000D +#if defined ALG_SHA512 && ALG_SHA512 == YES +#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) +#endif +#define ALG_NULL_VALUE 0x0010 +#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) +#define ALG_SM3_256_VALUE 0x0012 +#if defined ALG_SM3_256 && ALG_SM3_256 == YES +#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) +#endif +#define ALG_SM4_VALUE 0x0013 +#if defined ALG_SM4 && ALG_SM4 == YES +#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) +#endif +#define ALG_RSASSA_VALUE 0x0014 +#if defined ALG_RSASSA && ALG_RSASSA == YES +#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) +#endif +#define ALG_RSAES_VALUE 0x0015 +#if defined ALG_RSAES && ALG_RSAES == YES +#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) +#endif +#define ALG_RSAPSS_VALUE 0x0016 +#if defined ALG_RSAPSS && ALG_RSAPSS == YES +#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) +#endif +#define ALG_OAEP_VALUE 0x0017 +#if defined ALG_OAEP && ALG_OAEP == YES +#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) +#endif +#define ALG_ECDSA_VALUE 0x0018 +#if defined ALG_ECDSA && ALG_ECDSA == YES +#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) +#endif +#define ALG_ECDH_VALUE 0x0019 +#if defined ALG_ECDH && ALG_ECDH == YES +#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) +#endif +#define ALG_ECDAA_VALUE 0x001A +#if defined ALG_ECDAA && ALG_ECDAA == YES +#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) +#endif +#define ALG_SM2_VALUE 0x001B +#if defined ALG_SM2 && ALG_SM2 == YES +#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) +#endif +#define ALG_ECSCHNORR_VALUE 0x001C +#if defined ALG_ECSCHNORR && ALG_ECSCHNORR == YES +#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) +#endif +#define ALG_ECMQV_VALUE 0x001D +#if defined ALG_ECMQV && ALG_ECMQV == YES +#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) +#endif +#define ALG_KDF1_SP800_56A_VALUE 0x0020 +#if defined ALG_KDF1_SP800_56A && ALG_KDF1_SP800_56A == YES +#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) +#endif +#define ALG_KDF2_VALUE 0x0021 +#if defined ALG_KDF2 && ALG_KDF2 == YES +#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) +#endif +#define ALG_KDF1_SP800_108_VALUE 0x0022 +#if defined ALG_KDF1_SP800_108 && ALG_KDF1_SP800_108 == YES +#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) +#endif +#define ALG_ECC_VALUE 0x0023 +#if defined ALG_ECC && ALG_ECC == YES +#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) +#endif +#define ALG_SYMCIPHER_VALUE 0x0025 +#if defined ALG_SYMCIPHER && ALG_SYMCIPHER == YES +#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) +#endif +#define ALG_CAMELLIA_VALUE 0x0026 +#if defined ALG_CAMELLIA && ALG_CAMELLIA == YES +#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) +#endif +#define ALG_SHA3_256_VALUE 0x0027 +#if defined ALG_SHA3_256 && ALG_SHA3_256 == YES +#define TPM_ALGSHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) +#endif +#define ALG_SHA3_384_VALUE 0x0028 +#if defined ALG_SHA3_384 && ALG_SHA3_384 == YES +#define TPM_ALGSHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) +#endif +#define ALG_SHA3_512_VALUE 0x0029 +#if defined ALG_SHA3_512 && ALG_SHA3_512 == YES +#define TPM_ALGSHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) +#endif +#define ALG_CMAC_VALUE 0x003f +#if defined ALG_CMAC && ALG_CMAC == YES +#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) +#endif +#define ALG_CTR_VALUE 0x0040 +#if defined ALG_CTR && ALG_CTR == YES +#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) +#endif +#define ALG_OFB_VALUE 0x0041 +#if defined ALG_OFB && ALG_OFB == YES +#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) +#endif +#define ALG_CBC_VALUE 0x0042 +#if defined ALG_CBC && ALG_CBC == YES +#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) +#endif +#define ALG_CFB_VALUE 0x0043 +#if defined ALG_CFB && ALG_CFB == YES +#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) +#endif +#define ALG_ECB_VALUE 0x0044 +#if defined ALG_ECB && ALG_ECB == YES +#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) +#endif + +// From TCG Algorithm Registry: Table 3 - Definition of TPM_ECC_CURVE Constants + +#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) +#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) +#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) +#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) +#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) +#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) +#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) +#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) +#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) + +// From TCG Algorithm Registry: Table 12 - Defines for SHA1 Hash Values +#define SHA1_DIGEST_SIZE 20 +#define SHA1_BLOCK_SIZE 64 +#define SHA1_DER_SIZE 15 +#define SHA1_DER \ + 0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14 + +// From TCG Algorithm Registry: Table 13 - Defines for SHA256 Hash Values +#define SHA256_DIGEST_SIZE 32 +#define SHA256_BLOCK_SIZE 64 +#define SHA256_DER_SIZE 19 +#define SHA256_DER \ + 0x30,0x31,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20 + +// From TCG Algorithm Registry: Table 14 - Defines for SHA384 Hash Values +#define SHA384_DIGEST_SIZE 48 +#define SHA384_BLOCK_SIZE 128 +#define SHA384_DER_SIZE 19 +#define SHA384_DER \ + 0x30,0x41,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30 + +// From TCG Algorithm Registry: Table 15 - Defines for SHA512 Hash Values +#define SHA512_DIGEST_SIZE 64 +#define SHA512_BLOCK_SIZE 128 +#define SHA512_DER_SIZE 19 +#define SHA512_DER \ + 0x30,0x51,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40 + +// From TCG Algorithm Registry: Table 16 - Defines for SM3_256 Hash Values +#define SM3_256_DIGEST_SIZE 32 +#define SM3_256_BLOCK_SIZE 64 +#define SM3_256_DER_SIZE 18 +#define SM3_256_DER \ + 0x30,0x30,0x30,0x0C,0x06,0x08,0x2A,0x81,0x1C,0x81,0x45,0x01,0x83,0x11,0x05,0x00,0x04,0x20 + +// From TCG Algorithm Registry: Table 17 - Defines for AES Symmetric Cipher Algorithm Constants +#define AES_128_BLOCK_SIZE_BYTES 16 +#define AES_192_BLOCK_SIZE_BYTES 16 +#define AES_256_BLOCK_SIZE_BYTES 16 + +// From TCG Algorithm Registry: Table 18 - Defines for SM4 Symmetric Cipher Algorithm Constants +#define SM4_128_BLOCK_SIZE_BYTES 16 + +// From TCG Algorithm Registry: Table 19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants +#define CAMELLIA_128_BLOCK_SIZE_BYTES 16 +#define CAMELLIA_192_BLOCK_SIZE_BYTES 16 +#define CAMELLIA_256_BLOCK_SIZE_BYTES 16 + +// From TPM 2.0 Part 2: Table 12 - Definition of TPM_CC Constants + +typedef UINT32 TPM_CC; + +#define TPM_CC_FIRST 0x0000011f /* Compile variable. May decrease based on + implementation. */ + +#ifndef CC_NV_UndefineSpaceSpecial +# define CC_NV_UndefineSpaceSpecial NO +#endif +#if CC_NV_UndefineSpaceSpecial == YES +#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011f) +#endif +#ifndef CC_EvictControl +# define CC_EvictControl NO +#endif +#if CC_EvictControl == YES +#define TPM_CC_EvictControl (TPM_CC)(0x00000120) +#endif +#ifndef CC_HierarchyControl +# define CC_HierarchyControl NO +#endif +#if CC_HierarchyControl == YES +#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) +#endif +#ifndef CC_NV_UndefineSpace +# define CC_NV_UndefineSpace NO +#endif +#if CC_NV_UndefineSpace == YES +#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) +#endif +#ifndef CC_ChangeEPS +# define CC_ChangeEPS NO +#endif +#if CC_ChangeEPS == YES +#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) +#endif +#ifndef CC_ChangePPS +# define CC_ChangePPS NO +#endif +#if CC_ChangePPS == YES +#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) +#endif +#ifndef CC_Clear +# define CC_Clear NO +#endif +#if CC_Clear == YES +#define TPM_CC_Clear (TPM_CC)(0x00000126) +#endif +#ifndef CC_ClearControl +# define CC_ClearControl NO +#endif +#if CC_ClearControl == YES +#define TPM_CC_ClearControl (TPM_CC)(0x00000127) +#endif +#ifndef CC_ClockSet +# define CC_ClockSet NO +#endif +#if CC_ClockSet == YES +#define TPM_CC_ClockSet (TPM_CC)(0x00000128) +#endif +#ifndef CC_HierarchyChangeAuth +# define CC_HierarchyChangeAuth NO +#endif +#if CC_HierarchyChangeAuth == YES +#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) +#endif +#ifndef CC_NV_DefineSpace +# define CC_NV_DefineSpace NO +#endif +#if CC_NV_DefineSpace == YES +#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012a) +#endif +#ifndef CC_PCR_Allocate +# define CC_PCR_Allocate NO +#endif +#if CC_PCR_Allocate == YES +#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012b) +#endif +#ifndef CC_PCR_SetAuthPolicy +# define CC_PCR_SetAuthPolicy NO +#endif +#if CC_PCR_SetAuthPolicy == YES +#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012c) +#endif +#ifndef CC_PP_Commands +# define CC_PP_Commands NO +#endif +#if CC_PP_Commands == YES +#define TPM_CC_PP_Commands (TPM_CC)(0x0000012d) +#endif +#ifndef CC_SetPrimaryPolicy +# define CC_SetPrimaryPolicy NO +#endif +#if CC_SetPrimaryPolicy == YES +#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012e) +#endif +#ifndef CC_FieldUpgradeStart +# define CC_FieldUpgradeStart NO +#endif +#if CC_FieldUpgradeStart == YES +#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012f) +#endif +#ifndef CC_ClockRateAdjust +# define CC_ClockRateAdjust NO +#endif +#if CC_ClockRateAdjust == YES +#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) +#endif +#ifndef CC_CreatePrimary +# define CC_CreatePrimary NO +#endif +#if CC_CreatePrimary == YES +#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) +#endif +#ifndef CC_NV_GlobalWriteLock +# define CC_NV_GlobalWriteLock NO +#endif +#if CC_NV_GlobalWriteLock == YES +#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) +#endif +#ifndef CC_GetCommandAuditDigest +# define CC_GetCommandAuditDigest NO +#endif +#if CC_GetCommandAuditDigest == YES +#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) +#endif +#ifndef CC_NV_Increment +# define CC_NV_Increment NO +#endif +#if CC_NV_Increment == YES +#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) +#endif +#ifndef CC_NV_SetBits +# define CC_NV_SetBits NO +#endif +#if CC_NV_SetBits == YES +#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) +#endif +#ifndef CC_NV_Extend +# define CC_NV_Extend NO +#endif +#if CC_NV_Extend == YES +#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) +#endif +#ifndef CC_NV_Write +# define CC_NV_Write NO +#endif +#if CC_NV_Write == YES +#define TPM_CC_NV_Write (TPM_CC)(0x00000137) +#endif +#ifndef CC_NV_WriteLock +# define CC_NV_WriteLock NO +#endif +#if CC_NV_WriteLock == YES +#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) +#endif +#ifndef CC_DictionaryAttackLockReset +# define CC_DictionaryAttackLockReset NO +#endif +#if CC_DictionaryAttackLockReset == YES +#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) +#endif +#ifndef CC_DictionaryAttackParameters +# define CC_DictionaryAttackParameters NO +#endif +#if CC_DictionaryAttackParameters == YES +#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013a) +#endif +#ifndef CC_NV_ChangeAuth +# define CC_NV_ChangeAuth NO +#endif +#if CC_NV_ChangeAuth == YES +#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013b) +#endif +#ifndef CC_PCR_Event +# define CC_PCR_Event NO +#endif +#if CC_PCR_Event == YES +#define TPM_CC_PCR_Event (TPM_CC)(0x0000013c) +#endif +#ifndef CC_PCR_Reset +# define CC_PCR_Reset NO +#endif +#if CC_PCR_Reset == YES +#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013d) +#endif +#ifndef CC_SequenceComplete +# define CC_SequenceComplete NO +#endif +#if CC_SequenceComplete == YES +#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013e) +#endif +#ifndef CC_SetAlgorithmSet +# define CC_SetAlgorithmSet NO +#endif +#if CC_SetAlgorithmSet == YES +#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013f) +#endif +#ifndef CC_SetCommandCodeAuditStatus +# define CC_SetCommandCodeAuditStatus NO +#endif +#if CC_SetCommandCodeAuditStatus == YES +#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) +#endif +#ifndef CC_FieldUpgradeData +# define CC_FieldUpgradeData NO +#endif +#if CC_FieldUpgradeData == YES +#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) +#endif +#ifndef CC_IncrementalSelfTest +# define CC_IncrementalSelfTest NO +#endif +#if CC_IncrementalSelfTest == YES +#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) +#endif +#ifndef CC_SelfTest +# define CC_SelfTest NO +#endif +#if CC_SelfTest == YES +#define TPM_CC_SelfTest (TPM_CC)(0x00000143) +#endif +#ifndef CC_Startup +# define CC_Startup NO +#endif +#if CC_Startup == YES +#define TPM_CC_Startup (TPM_CC)(0x00000144) +#endif +#ifndef CC_Shutdown +# define CC_Shutdown NO +#endif +#if CC_Shutdown == YES +#define TPM_CC_Shutdown (TPM_CC)(0x00000145) +#endif +#ifndef CC_StirRandom +# define CC_StirRandom NO +#endif +#if CC_StirRandom == YES +#define TPM_CC_StirRandom (TPM_CC)(0x00000146) +#endif +#ifndef CC_ActivateCredential +# define CC_ActivateCredential NO +#endif +#if CC_ActivateCredential == YES +#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) +#endif +#ifndef CC_Certify +# define CC_Certify NO +#endif +#if CC_Certify == YES +#define TPM_CC_Certify (TPM_CC)(0x00000148) +#endif +#ifndef CC_PolicyNV +# define CC_PolicyNV NO +#endif +#if CC_PolicyNV == YES +#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) +#endif +#ifndef CC_CertifyCreation +# define CC_CertifyCreation NO +#endif +#if CC_CertifyCreation == YES +#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014a) +#endif +#ifndef CC_Duplicate +# define CC_Duplicate NO +#endif +#if CC_Duplicate == YES +#define TPM_CC_Duplicate (TPM_CC)(0x0000014b) +#endif +#ifndef CC_GetTime +# define CC_GetTime NO +#endif +#if CC_GetTime == YES +#define TPM_CC_GetTime (TPM_CC)(0x0000014c) +#endif +#ifndef CC_GetSessionAuditDigest +# define CC_GetSessionAuditDigest NO +#endif +#if CC_GetSessionAuditDigest == YES +#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014d) +#endif +#ifndef CC_NV_Read +# define CC_NV_Read NO +#endif +#if CC_NV_Read == YES +#define TPM_CC_NV_Read (TPM_CC)(0x0000014e) +#endif +#ifndef CC_NV_ReadLock +# define CC_NV_ReadLock NO +#endif +#if CC_NV_ReadLock == YES +#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014f) +#endif +#ifndef CC_ObjectChangeAuth +# define CC_ObjectChangeAuth NO +#endif +#if CC_ObjectChangeAuth == YES +#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) +#endif +#ifndef CC_PolicySecret +# define CC_PolicySecret NO +#endif +#if CC_PolicySecret == YES +#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) +#endif +#ifndef CC_Rewrap +# define CC_Rewrap NO +#endif +#if CC_Rewrap == YES +#define TPM_CC_Rewrap (TPM_CC)(0x00000152) +#endif +#ifndef CC_Create +# define CC_Create NO +#endif +#if CC_Create == YES +#define TPM_CC_Create (TPM_CC)(0x00000153) +#endif +#ifndef CC_ECDH_ZGen +# define CC_ECDH_ZGen NO +#endif +#if CC_ECDH_ZGen == YES +#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) +#endif +#ifndef CC_HMAC +# define CC_HMAC NO +#endif +#if CC_HMAC == YES +#define TPM_CC_HMAC (TPM_CC)(0x00000155) +#endif +#ifndef CC_Import +# define CC_Import NO +#endif +#if CC_Import == YES +#define TPM_CC_Import (TPM_CC)(0x00000156) +#endif +#ifndef CC_Load +# define CC_Load NO +#endif +#if CC_Load == YES +#define TPM_CC_Load (TPM_CC)(0x00000157) +#endif +#ifndef CC_Quote +# define CC_Quote NO +#endif +#if CC_Quote == YES +#define TPM_CC_Quote (TPM_CC)(0x00000158) +#endif +#ifndef CC_RSA_Decrypt +# define CC_RSA_Decrypt NO +#endif +#if CC_RSA_Decrypt == YES +#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) +#endif +#ifndef CC_HMAC_Start +# define CC_HMAC_Start NO +#endif +#if CC_HMAC_Start == YES +#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015b) +#endif +#ifndef CC_SequenceUpdate +# define CC_SequenceUpdate NO +#endif +#if CC_SequenceUpdate == YES +#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015c) +#endif +#ifndef CC_Sign +# define CC_Sign NO +#endif +#if CC_Sign == YES +#define TPM_CC_Sign (TPM_CC)(0x0000015d) +#endif +#ifndef CC_Unseal +# define CC_Unseal NO +#endif +#if CC_Unseal == YES +#define TPM_CC_Unseal (TPM_CC)(0x0000015e) +#endif +#ifndef CC_PolicySigned +# define CC_PolicySigned NO +#endif +#if CC_PolicySigned == YES +#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) +#endif +#ifndef CC_ContextLoad +# define CC_ContextLoad NO +#endif +#if CC_ContextLoad == YES +#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) +#endif +#ifndef CC_ContextSave +# define CC_ContextSave NO +#endif +#if CC_ContextSave == YES +#define TPM_CC_ContextSave (TPM_CC)(0x00000162) +#endif +#ifndef CC_ECDH_KeyGen +# define CC_ECDH_KeyGen NO +#endif +#if CC_ECDH_KeyGen == YES +#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) +#endif +#ifndef CC_EncryptDecrypt +# define CC_EncryptDecrypt NO +#endif +#if CC_EncryptDecrypt == YES +#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) +#endif +#ifndef CC_FlushContext +# define CC_FlushContext NO +#endif +#if CC_FlushContext == YES +#define TPM_CC_FlushContext (TPM_CC)(0x00000165) +#endif +#ifndef CC_LoadExternal +# define CC_LoadExternal NO +#endif +#if CC_LoadExternal == YES +#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) +#endif +#ifndef CC_MakeCredential +# define CC_MakeCredential NO +#endif +#if CC_MakeCredential == YES +#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) +#endif +#ifndef CC_NV_ReadPublic +# define CC_NV_ReadPublic NO +#endif +#if CC_NV_ReadPublic == YES +#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) +#endif +#ifndef CC_PolicyAuthorize +# define CC_PolicyAuthorize NO +#endif +#if CC_PolicyAuthorize == YES +#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016a) +#endif +#ifndef CC_PolicyAuthValue +# define CC_PolicyAuthValue NO +#endif +#if CC_PolicyAuthValue == YES +#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016b) +#endif +#ifndef CC_PolicyCommandCode +# define CC_PolicyCommandCode NO +#endif +#if CC_PolicyCommandCode == YES +#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016c) +#endif +#ifndef CC_PolicyCounterTimer +# define CC_PolicyCounterTimer NO +#endif +#if CC_PolicyCounterTimer == YES +#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016d) +#endif +#ifndef CC_PolicyCpHash +# define CC_PolicyCpHash NO +#endif +#if CC_PolicyCpHash == YES +#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016e) +#endif +#ifndef CC_PolicyLocality +# define CC_PolicyLocality NO +#endif +#if CC_PolicyLocality == YES +#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016f) +#endif +#ifndef CC_PolicyNameHash +# define CC_PolicyNameHash NO +#endif +#if CC_PolicyNameHash == YES +#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) +#endif +#ifndef CC_PolicyOR +# define CC_PolicyOR NO +#endif +#if CC_PolicyOR == YES +#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) +#endif +#ifndef CC_PolicyTicket +# define CC_PolicyTicket NO +#endif +#if CC_PolicyTicket == YES +#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) +#endif +#ifndef CC_ReadPublic +# define CC_ReadPublic NO +#endif +#if CC_ReadPublic == YES +#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) +#endif +#ifndef CC_RSA_Encrypt +# define CC_RSA_Encrypt NO +#endif +#if CC_RSA_Encrypt == YES +#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) +#endif +#ifndef CC_StartAuthSession +# define CC_StartAuthSession NO +#endif +#if CC_StartAuthSession == YES +#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) +#endif +#ifndef CC_VerifySignature +# define CC_VerifySignature NO +#endif +#if CC_VerifySignature == YES +#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) +#endif +#ifndef CC_ECC_Parameters +# define CC_ECC_Parameters NO +#endif +#if CC_ECC_Parameters == YES +#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) +#endif +#ifndef CC_FirmwareRead +# define CC_FirmwareRead NO +#endif +#if CC_FirmwareRead == YES +#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) +#endif +#ifndef CC_GetCapability +# define CC_GetCapability NO +#endif +#if CC_GetCapability == YES +#define TPM_CC_GetCapability (TPM_CC)(0x0000017a) +#endif +#ifndef CC_GetRandom +# define CC_GetRandom NO +#endif +#if CC_GetRandom == YES +#define TPM_CC_GetRandom (TPM_CC)(0x0000017b) +#endif +#ifndef CC_GetTestResult +# define CC_GetTestResult NO +#endif +#if CC_GetTestResult == YES +#define TPM_CC_GetTestResult (TPM_CC)(0x0000017c) +#endif +#ifndef CC_Hash +# define CC_Hash NO +#endif +#if CC_Hash == YES +#define TPM_CC_Hash (TPM_CC)(0x0000017d) +#endif +#ifndef CC_PCR_Read +# define CC_PCR_Read NO +#endif +#if CC_PCR_Read == YES +#define TPM_CC_PCR_Read (TPM_CC)(0x0000017e) +#endif +#ifndef CC_PolicyPCR +# define CC_PolicyPCR NO +#endif +#if CC_PolicyPCR == YES +#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017f) +#endif +#ifndef CC_PolicyRestart +# define CC_PolicyRestart NO +#endif +#if CC_PolicyRestart == YES +#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) +#endif +#ifndef CC_ReadClock +# define CC_ReadClock NO +#endif +#if CC_ReadClock == YES +#define TPM_CC_ReadClock (TPM_CC)(0x00000181) +#endif +#ifndef CC_PCR_Extend +# define CC_PCR_Extend NO +#endif +#if CC_PCR_Extend == YES +#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) +#endif +#ifndef CC_PCR_SetAuthValue +# define CC_PCR_SetAuthValue NO +#endif +#if CC_PCR_SetAuthValue == YES +#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) +#endif +#ifndef CC_NV_Certify +# define CC_NV_Certify NO +#endif +#if CC_NV_Certify == YES +#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) +#endif +#ifndef CC_EventSequenceComplete +# define CC_EventSequenceComplete NO +#endif +#if CC_EventSequenceComplete == YES +#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) +#endif +#ifndef CC_HashSequenceStart +# define CC_HashSequenceStart NO +#endif +#if CC_HashSequenceStart == YES +#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) +#endif +#ifndef CC_PolicyPhysicalPresence +# define CC_PolicyPhysicalPresence NO +#endif +#if CC_PolicyPhysicalPresence == YES +#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) +#endif +#ifndef CC_PolicyDuplicationSelect +# define CC_PolicyDuplicationSelect NO +#endif +#if CC_PolicyDuplicationSelect == YES +#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) +#endif +#ifndef CC_PolicyGetDigest +# define CC_PolicyGetDigest NO +#endif +#if CC_PolicyGetDigest == YES +#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) +#endif +#ifndef CC_TestParms +# define CC_TestParms NO +#endif +#if CC_TestParms == YES +#define TPM_CC_TestParms (TPM_CC)(0x0000018a) +#endif +#ifndef CC_Commit +# define CC_Commit NO +#endif +#if CC_Commit == YES +#define TPM_CC_Commit (TPM_CC)(0x0000018b) +#endif +#ifndef CC_PolicyPassword +# define CC_PolicyPassword NO +#endif +#if CC_PolicyPassword == YES +#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018c) +#endif +#ifndef CC_ZGen_2Phase +# define CC_ZGen_2Phase NO +#endif +#if CC_ZGen_2Phase == YES +#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018d) +#endif +#ifndef CC_EC_Ephemeral +# define CC_EC_Ephemeral NO +#endif +#if CC_EC_Ephemeral == YES +#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018e) +#endif +#ifndef CC_PolicyNvWritten +# define CC_PolicyNvWritten NO +#endif +#if CC_PolicyNvWritten == YES +#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018f) +#endif +#ifndef CC_PolicyTemplate +# define CC_PolicyTemplate NO +#endif +#if CC_PolicyTemplate == YES +#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) +#endif +#ifndef CC_CreateLoaded +# define CC_CreateLoaded NO +#endif +#if CC_CreateLoaded == YES +#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) +#endif +#ifndef CC_PolicyAuthorizeNV +# define CC_PolicyAuthorizeNV NO +#endif +#if CC_PolicyAuthorizeNV == YES +#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) +#endif +#ifndef CC_EncryptDecrypt2 +# define CC_EncryptDecrypt2 NO +#endif +#if CC_EncryptDecrypt2 == YES +#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) +#endif +#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) +#define TPM_CC_AC_Send (TPM_CC)(0x00000195) +#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) +#ifndef CC_CertifyX509 +# define CC_CertifyX509 NO +#endif +#if CC_CertifyX509 == YES +#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) +#endif + +/* Compile variable. May increase based on implementation. */ +#define TPM_CC_LAST (TPM_CC)(0x00000197) + +#ifndef CC_Vendor_TCG_Test +# define CC_Vendor_TCG_Test NO +#endif +#if CC_Vendor_TCG_Test == YES +#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) +#endif + +#ifndef CC_NTC2_PreConfig +# define CC_NTC2_PreConfig NO +#endif +#if CC_NTC2_PreConfig == YES +#define NTC2_CC_PreConfig (TPM_CC)(0x20000211) +#endif +#ifndef CC_NTC2_LockPreConfig +# define CC_NTC2_LockPreConfig NO +#endif +#if CC_NTC2_LockPreConfig == YES +#define NTC2_CC_LockPreConfig (TPM_CC)(0x20000212) +#endif +#ifndef CC_NTC2_GetConfig +# define CC_NTC2_GetConfig NO +#endif +#if CC_NTC2_GetConfig == YES +#define NTC2_CC_GetConfig (TPM_CC)(0x20000213) +#endif + +#ifndef COMPRESSED_LISTS +#define ADD_FILL 1 +#else +#define ADD_FILL 0 +#endif + +// Size the array of library commands based on whether or not the array is packed (only defined +// commands) or dense (having entries for unimplemented commands) + +#define LIBRARY_COMMAND_ARRAY_SIZE (0 \ + + (ADD_FILL || CC_NV_UndefineSpaceSpecial) /* 0x0000011f */ \ + + (ADD_FILL || CC_EvictControl) /* 0x00000120 */ \ + + (ADD_FILL || CC_HierarchyControl) /* 0x00000121 */ \ + + (ADD_FILL || CC_NV_UndefineSpace) /* 0x00000122 */ \ + + ADD_FILL /* 0x00000123 */ \ + + (ADD_FILL || CC_ChangeEPS) /* 0x00000124 */ \ + + (ADD_FILL || CC_ChangePPS) /* 0x00000125 */ \ + + (ADD_FILL || CC_Clear) /* 0x00000126 */ \ + + (ADD_FILL || CC_ClearControl) /* 0x00000127 */ \ + + (ADD_FILL || CC_ClockSet) /* 0x00000128 */ \ + + (ADD_FILL || CC_HierarchyChangeAuth) /* 0x00000129 */ \ + + (ADD_FILL || CC_NV_DefineSpace) /* 0x0000012a */ \ + + (ADD_FILL || CC_PCR_Allocate) /* 0x0000012b */ \ + + (ADD_FILL || CC_PCR_SetAuthPolicy) /* 0x0000012c */ \ + + (ADD_FILL || CC_PP_Commands) /* 0x0000012d */ \ + + (ADD_FILL || CC_SetPrimaryPolicy) /* 0x0000012e */ \ + + (ADD_FILL || CC_FieldUpgradeStart) /* 0x0000012f */ \ + + (ADD_FILL || CC_ClockRateAdjust) /* 0x00000130 */ \ + + (ADD_FILL || CC_CreatePrimary) /* 0x00000131 */ \ + + (ADD_FILL || CC_NV_GlobalWriteLock) /* 0x00000132 */ \ + + (ADD_FILL || CC_GetCommandAuditDigest) /* 0x00000133 */ \ + + (ADD_FILL || CC_NV_Increment) /* 0x00000134 */ \ + + (ADD_FILL || CC_NV_SetBits) /* 0x00000135 */ \ + + (ADD_FILL || CC_NV_Extend) /* 0x00000136 */ \ + + (ADD_FILL || CC_NV_Write) /* 0x00000137 */ \ + + (ADD_FILL || CC_NV_WriteLock) /* 0x00000138 */ \ + + (ADD_FILL || CC_DictionaryAttackLockReset) /* 0x00000139 */ \ + + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013a */ \ + + (ADD_FILL || CC_NV_ChangeAuth) /* 0x0000013b */ \ + + (ADD_FILL || CC_PCR_Event) /* 0x0000013c */ \ + + (ADD_FILL || CC_PCR_Reset) /* 0x0000013d */ \ + + (ADD_FILL || CC_SequenceComplete) /* 0x0000013e */ \ + + (ADD_FILL || CC_SetAlgorithmSet) /* 0x0000013f */ \ + + (ADD_FILL || CC_SetCommandCodeAuditStatus) /* 0x00000140 */ \ + + (ADD_FILL || CC_FieldUpgradeData) /* 0x00000141 */ \ + + (ADD_FILL || CC_IncrementalSelfTest) /* 0x00000142 */ \ + + (ADD_FILL || CC_SelfTest) /* 0x00000143 */ \ + + (ADD_FILL || CC_Startup) /* 0x00000144 */ \ + + (ADD_FILL || CC_Shutdown) /* 0x00000145 */ \ + + (ADD_FILL || CC_StirRandom) /* 0x00000146 */ \ + + (ADD_FILL || CC_ActivateCredential) /* 0x00000147 */ \ + + (ADD_FILL || CC_Certify) /* 0x00000148 */ \ + + (ADD_FILL || CC_PolicyNV) /* 0x00000149 */ \ + + (ADD_FILL || CC_CertifyCreation) /* 0x0000014a */ \ + + (ADD_FILL || CC_Duplicate) /* 0x0000014b */ \ + + (ADD_FILL || CC_GetTime) /* 0x0000014c */ \ + + (ADD_FILL || CC_GetSessionAuditDigest) /* 0x0000014d */ \ + + (ADD_FILL || CC_NV_Read) /* 0x0000014e */ \ + + (ADD_FILL || CC_NV_ReadLock) /* 0x0000014f */ \ + + (ADD_FILL || CC_ObjectChangeAuth) /* 0x00000150 */ \ + + (ADD_FILL || CC_PolicySecret) /* 0x00000151 */ \ + + (ADD_FILL || CC_Rewrap) /* 0x00000152 */ \ + + (ADD_FILL || CC_Create) /* 0x00000153 */ \ + + (ADD_FILL || CC_ECDH_ZGen) /* 0x00000154 */ \ + + (ADD_FILL || CC_HMAC) /* 0x00000155 */ \ + + (ADD_FILL || CC_Import) /* 0x00000156 */ \ + + (ADD_FILL || CC_Load) /* 0x00000157 */ \ + + (ADD_FILL || CC_Quote) /* 0x00000158 */ \ + + (ADD_FILL || CC_RSA_Decrypt) /* 0x00000159 */ \ + + ADD_FILL /* 0x0000015a */ \ + + (ADD_FILL || CC_HMAC_Start) /* 0x0000015b */ \ + + (ADD_FILL || CC_SequenceUpdate) /* 0x0000015c */ \ + + (ADD_FILL || CC_Sign) /* 0x0000015d */ \ + + (ADD_FILL || CC_Unseal) /* 0x0000015e */ \ + + ADD_FILL /* 0x0000015f */ \ + + (ADD_FILL || CC_PolicySigned) /* 0x00000160 */ \ + + (ADD_FILL || CC_ContextLoad) /* 0x00000161 */ \ + + (ADD_FILL || CC_ContextSave) /* 0x00000162 */ \ + + (ADD_FILL || CC_ECDH_KeyGen) /* 0x00000163 */ \ + + (ADD_FILL || CC_EncryptDecrypt) /* 0x00000164 */ \ + + (ADD_FILL || CC_FlushContext) /* 0x00000165 */ \ + + ADD_FILL /* 0x00000166 */ \ + + (ADD_FILL || CC_LoadExternal) /* 0x00000167 */ \ + + (ADD_FILL || CC_MakeCredential) /* 0x00000168 */ \ + + (ADD_FILL || CC_NV_ReadPublic) /* 0x00000169 */ \ + + (ADD_FILL || CC_PolicyAuthorize) /* 0x0000016a */ \ + + (ADD_FILL || CC_PolicyAuthValue) /* 0x0000016b */ \ + + (ADD_FILL || CC_PolicyCommandCode) /* 0x0000016c */ \ + + (ADD_FILL || CC_PolicyCounterTimer) /* 0x0000016d */ \ + + (ADD_FILL || CC_PolicyCpHash) /* 0x0000016e */ \ + + (ADD_FILL || CC_PolicyLocality) /* 0x0000016f */ \ + + (ADD_FILL || CC_PolicyNameHash) /* 0x00000170 */ \ + + (ADD_FILL || CC_PolicyOR) /* 0x00000171 */ \ + + (ADD_FILL || CC_PolicyTicket) /* 0x00000172 */ \ + + (ADD_FILL || CC_ReadPublic) /* 0x00000173 */ \ + + (ADD_FILL || CC_RSA_Encrypt) /* 0x00000174 */ \ + + ADD_FILL /* 0x00000175 */ \ + + (ADD_FILL || CC_StartAuthSession) /* 0x00000176 */ \ + + (ADD_FILL || CC_VerifySignature) /* 0x00000177 */ \ + + (ADD_FILL || CC_ECC_Parameters) /* 0x00000178 */ \ + + (ADD_FILL || CC_FirmwareRead) /* 0x00000179 */ \ + + (ADD_FILL || CC_GetCapability) /* 0x0000017a */ \ + + (ADD_FILL || CC_GetRandom) /* 0x0000017b */ \ + + (ADD_FILL || CC_GetTestResult) /* 0x0000017c */ \ + + (ADD_FILL || CC_Hash) /* 0x0000017d */ \ + + (ADD_FILL || CC_PCR_Read) /* 0x0000017e */ \ + + (ADD_FILL || CC_PolicyPCR) /* 0x0000017f */ \ + + (ADD_FILL || CC_PolicyRestart) /* 0x00000180 */ \ + + (ADD_FILL || CC_ReadClock) /* 0x00000181 */ \ + + (ADD_FILL || CC_PCR_Extend) /* 0x00000182 */ \ + + (ADD_FILL || CC_PCR_SetAuthValue) /* 0x00000183 */ \ + + (ADD_FILL || CC_NV_Certify) /* 0x00000184 */ \ + + (ADD_FILL || CC_EventSequenceComplete) /* 0x00000185 */ \ + + (ADD_FILL || CC_HashSequenceStart) /* 0x00000186 */ \ + + (ADD_FILL || CC_PolicyPhysicalPresence) /* 0x00000187 */ \ + + (ADD_FILL || CC_PolicyDuplicationSelect) /* 0x00000188 */ \ + + (ADD_FILL || CC_PolicyGetDigest) /* 0x00000189 */ \ + + (ADD_FILL || CC_TestParms) /* 0x0000018a */ \ + + (ADD_FILL || CC_Commit) /* 0x0000018b */ \ + + (ADD_FILL || CC_PolicyPassword) /* 0x0000018c */ \ + + (ADD_FILL || CC_ZGen_2Phase) /* 0x0000018d */ \ + + (ADD_FILL || CC_EC_Ephemeral) /* 0x0000018e */ \ + + (ADD_FILL || CC_PolicyTemplate) /* 0x00000190 */ \ + + (ADD_FILL || CC_CreateLoaded) /* 0x00000191 */ \ + + (ADD_FILL || CC_PolicyAuthorizeNV) /* 0x00000192 */ \ + + (ADD_FILL || CC_EncryptDecrypt2) /* 0x00000193 */ \ + + (ADD_FILL || CC_PolicyNvWritten) /* 0x0000018f */ \ + + (ADD_FILL || CC_CertifyX509) /* 0x00000197 */ \ + ) +#define VENDOR_COMMAND_ARRAY_SIZE ( 0 \ + + CC_Vendor_TCG_Test \ + + CC_NTC2_PreConfig \ + + CC_NTC2_LockPreConfig \ + + CC_NTC2_GetConfig \ + ) + +#define COMMAND_COUNT \ + (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) + +// Following typedef is for some old code + +#ifndef ALG_CAMELLIA +# define ALG_CAMELLIA NO +#endif + +#ifndef ALG_SM4 +# define ALG_SM4 NO +#endif + +#ifndef ALG_AES +# define ALG_AES NO +#endif + +#endif // _IMPLEMENTATION_H_ diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Import_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Import_fp.h new file mode 100644 index 000000000000..ac46b0b29f43 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Import_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Import_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef IMPORT_FP_H +#define IMPORT_FP_H + +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_DATA encryptionKey; + TPM2B_PUBLIC objectPublic; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET inSymSeed; + TPMT_SYM_DEF_OBJECT symmetricAlg; +} Import_In; + +#define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) +#define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) +#define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) +#define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) +#define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) + +typedef struct { + TPM2B_PRIVATE outPrivate; +} Import_Out; + +TPM_RC +TPM2_Import( + Import_In *in, // IN: input parameter list + Import_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/IncrementalSelfTest_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/IncrementalSelfTest_fp.h new file mode 100644 index 000000000000..93275a4bce00 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/IncrementalSelfTest_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: IncrementalSelfTest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef INCREMENTALSELFTEST_FP_H +#define INCREMENTALSELFTEST_FP_H + +typedef struct{ + TPML_ALG toTest; +} IncrementalSelfTest_In; + +typedef struct{ + TPML_ALG toDoList; +} IncrementalSelfTest_Out; + +#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_IncrementalSelfTest( + IncrementalSelfTest_In *in, // IN: input parameter list + IncrementalSelfTest_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadExternal_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadExternal_fp.h new file mode 100644 index 000000000000..bbf9f8e2dca0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadExternal_fp.h @@ -0,0 +1,87 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: LoadExternal_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef LOADEXTERNAL_FP_H +#define LOADEXTERNAL_FP_H + +typedef struct { + TPM2B_SENSITIVE inPrivate; + TPM2B_PUBLIC inPublic; + TPMI_RH_HIERARCHY hierarchy; +} LoadExternal_In; + +#define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) +#define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) +#define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_NAME name; +} LoadExternal_Out; + +TPM_RC +TPM2_LoadExternal( + LoadExternal_In *in, // IN: input parameter list + LoadExternal_Out *out // OUT: output parameter list + ); +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadKey2_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadKey2_fp.h new file mode 100644 index 000000000000..f8f9fad7e832 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/LoadKey2_fp.h @@ -0,0 +1,66 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Load Key 2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: LoadKey2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef LOADKEY2_FP_H +#define LOADKEY2_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE parentHandle; + TPM_KEY12 inKey; +} LoadKey2_In; + +#define RC_LoadKey2_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_LoadKey2_inKey (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM_KEY_HANDLE inkeyHandle; +} LoadKey2_Out; + +TPM_RC +TPM2_Loadkey2( + LoadKey2_In *in, // IN: input parameter buffer + LoadKey2_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Load_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Load_fp.h new file mode 100644 index 000000000000..20a7232e429a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Load_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Load_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef LOAD_FP_H +#define LOAD_FP_H + +typedef struct { + TPMI_DH_OBJECT parentHandle; + TPM2B_PRIVATE inPrivate; + TPM2B_PUBLIC inPublic; +} Load_In; + +#define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) +#define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) +#define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM_HANDLE objectHandle; + TPM2B_NAME name; +} Load_Out; + +TPM_RC +TPM2_Load( + Load_In *in, // IN: input parameter list + Load_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeCredential_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeCredential_fp.h new file mode 100644 index 000000000000..d6e5fb3ac501 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeCredential_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: MakeCredential_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef MAKECREDENTIAL_FP_H +#define MAKECREDENTIAL_FP_H + +typedef struct { + TPMI_DH_OBJECT handle; + TPM2B_DIGEST credential; + TPM2B_NAME objectName; +} MakeCredential_In; + +#define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) +#define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) +#define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) + + +typedef struct { + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; +} MakeCredential_Out; + +TPM_RC +TPM2_MakeCredential( + MakeCredential_In *in, // IN: input parameter list + MakeCredential_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeIdentity_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeIdentity_fp.h new file mode 100644 index 000000000000..19dc3d45f5ff --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/MakeIdentity_fp.h @@ -0,0 +1,66 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 MakeIdentity */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: MakeIdentity_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef MAKEIDENTITY_FP_H +#define MAKEIDENTITY_FP_H + +#include +#include + +#include + +typedef struct { + TPM_ENCAUTH identityAuth; + TPM_CHOSENID_HASH labelPrivCADigest; + TPM_KEY12 idKeyParams; +} MakeIdentity_In; + +typedef struct { + TPM_KEY12 idKey; + UINT32 identityBindingSize; + BYTE identityBinding[MAX_RSA_KEY_BYTES]; +} MakeIdentity_Out; + +TPM_RC +TPM2_MakeIdentity( + MakeIdentity_In *in, // IN: input parameter buffer + MakeIdentity_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NTC_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NTC_fp.h new file mode 100644 index 000000000000..7cf353b53124 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NTC_fp.h @@ -0,0 +1,52 @@ +/********************************************************************************/ +/* */ +/* Nuvoton Commands */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2017 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NTC_FP_H +#define NTC_FP_H + +typedef struct { + NTC2_CFG_STRUCT preConfig; +} NTC2_PreConfig_In; + +typedef struct { + NTC2_CFG_STRUCT preConfig; +} NTC2_GetConfig_Out; + +#define RC_NTC2_PreConfig_preConfig (TPM_RC_P + TPM_RC_1) + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Certify_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Certify_fp.h new file mode 100644 index 000000000000..d5f2913f2397 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Certify_fp.h @@ -0,0 +1,98 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_Certify_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_CERTIFY_FP_H +#define NV_CERTIFY_FP_H + +typedef struct { + TPMI_DH_OBJECT signHandle; + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + UINT16 size; + UINT16 offset; +} NV_Certify_In; + +#define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) +#define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) +#define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) +#define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) + + +typedef struct { + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; +} NV_Certify_Out; + +TPM_RC +TPM2_NV_Certify( + NV_Certify_In *in, // IN: input parameter list + NV_Certify_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ChangeAuth_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ChangeAuth_fp.h new file mode 100644 index 000000000000..ed211bb05986 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ChangeAuth_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_ChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_CHANGEAUTH_FP_H +#define NV_CHANGEAUTH_FP_H + +typedef struct { + TPMI_RH_NV_INDEX nvIndex; + TPM2B_AUTH newAuth; +} NV_ChangeAuth_In; + +#define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) +#define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_NV_ChangeAuth( + NV_ChangeAuth_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace12_fp.h new file mode 100644 index 000000000000..8d6bc64de3c4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace12_fp.h @@ -0,0 +1,52 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 NV_DefineSpace */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NVDEFINESPACE12_FP_H +#define NVDEFINESPACE12_FP_H + +typedef struct { + TPM_NV_DATA_PUBLIC pubInfo; + TPM_ENCAUTH encAuth; +} NV_DefineSpace12_In; + +TPM_RC +TPM_NV_DefineSpace12( + NV_DefineSpace12_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace_fp.h new file mode 100644 index 000000000000..17699311d9bd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_DefineSpace_fp.h @@ -0,0 +1,83 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_DefineSpace_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_DEFINESPACE_FP_H +#define NV_DEFINESPACE_FP_H + +typedef struct { + TPMI_RH_PROVISION authHandle; + TPM2B_AUTH auth; + TPM2B_NV_PUBLIC publicInfo; +} NV_DefineSpace_In; + +#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) +#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_NV_DefineSpace( + NV_DefineSpace_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Extend_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Extend_fp.h new file mode 100644 index 000000000000..7fc9cf2e80ef --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Extend_fp.h @@ -0,0 +1,83 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_EXTEND_FP_H +#define NV_EXTEND_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; +} NV_Extend_In; + +#define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_NV_Extend( + NV_Extend_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_GlobalWriteLock_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_GlobalWriteLock_fp.h new file mode 100644 index 000000000000..20b637724aaf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_GlobalWriteLock_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_GlobalWriteLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_GLOBALWRITELOCK_FP_H +#define NV_GLOBALWRITELOCK_FP_H + +typedef struct { + TPMI_RH_PROVISION authHandle; +} NV_GlobalWriteLock_In; + +#define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_NV_GlobalWriteLock( + NV_GlobalWriteLock_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Increment_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Increment_fp.h new file mode 100644 index 000000000000..e6529cfe37c0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Increment_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_Increment_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_INCREMENT_FP_H +#define NV_INCREMENT_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_Increment_In;; + +#define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) + +TPM_RC +TPM2_NV_Increment( + NV_Increment_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadLock_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadLock_fp.h new file mode 100644 index 000000000000..9f92915de908 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadLock_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_ReadLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_READLOCK_FP_H +#define NV_READLOCK_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_ReadLock_In; + +#define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) + +TPM_RC +TPM2_NV_ReadLock( + NV_ReadLock_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadPublic_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadPublic_fp.h new file mode 100644 index 000000000000..35137e7ea271 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadPublic_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_ReadPublic_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_READPUBLIC_FP_H +#define NV_READPUBLIC_FP_H + +typedef struct { + TPMI_RH_NV_INDEX nvIndex; +} NV_ReadPublic_In; + +#define RC_NV_ReadPublic_nvIndex (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_NV_PUBLIC nvPublic; + TPM2B_NAME nvName; +} NV_ReadPublic_Out; + +TPM_RC +TPM2_NV_ReadPublic( + NV_ReadPublic_In *in, // IN: input parameter list + NV_ReadPublic_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValueAuth_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValueAuth_fp.h new file mode 100644 index 000000000000..efc4ea186b86 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValueAuth_fp.h @@ -0,0 +1,65 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 NV_ReadValueAuth */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_ReadValueAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NVREADVALUEAUTH_FP_H +#define NVREADVALUEAUTH_FP_H + +#include +#include + +#include + +typedef struct { + TPM12_NV_INDEX nvIndex; + UINT32 offset; + UINT32 dataSize; +} NV_ReadValueAuth_In; + +typedef struct { + UINT32 dataSize; + BYTE data[MAX_NV_BUFFER_SIZE]; +} NV_ReadValueAuth_Out; + +TPM_RC +TPM2_NV_ReadValueAuth( + NV_ReadValueAuth_In *in, // IN: input parameter buffer + NV_ReadValueAuth_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValue_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValue_fp.h new file mode 100644 index 000000000000..8546a6feedd3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_ReadValue_fp.h @@ -0,0 +1,65 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 NV_ReadValue */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_ReadValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NVREADVALUE_FP_H +#define NVREADVALUE_FP_H + +#include +#include + +#include + +typedef struct { + TPM12_NV_INDEX nvIndex; + UINT32 offset; + UINT32 dataSize; +} NV_ReadValue_In; + +typedef struct { + UINT32 dataSize; + BYTE data[MAX_NV_BUFFER_SIZE]; +} NV_ReadValue_Out; + +TPM_RC +TPM2_NV_ReadValue( + NV_ReadValue_In *in, // IN: input parameter buffer + NV_ReadValue_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Read_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Read_fp.h new file mode 100644 index 000000000000..636fe819aed3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Read_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_Read_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_READ_FP_H +#define NV_READ_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT16 size; + UINT16 offset; +} NV_Read_In; + +#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) +#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2B_MAX_NV_BUFFER data; +} NV_Read_Out; + +TPM_RC +TPM2_NV_Read( + NV_Read_In *in, // IN: input parameter list + NV_Read_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_SetBits_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_SetBits_fp.h new file mode 100644 index 000000000000..4b1c1a0093e6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_SetBits_fp.h @@ -0,0 +1,83 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_SetBits_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_SETBITS_FP_H +#define NV_SETBITS_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT64 bits; +} NV_SetBits_In; + +#define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_NV_SetBits( + NV_SetBits_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h new file mode 100644 index 000000000000..f58713c83fa9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_UndefineSpaceSpecial_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_UNDEFINESPACESPECIAL_FP_H +#define NV_UNDEFINESPACESPECIAL_FP_H + +typedef struct { + TPMI_RH_NV_INDEX nvIndex; + TPMI_RH_PLATFORM platform; +} NV_UndefineSpaceSpecial_In; + +#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) + +TPM_RC +TPM2_NV_UndefineSpaceSpecial( + NV_UndefineSpaceSpecial_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpace_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpace_fp.h new file mode 100644 index 000000000000..6b9ca92db74e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_UndefineSpace_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_UndefineSpace_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_UNDEFINESPACE_FP_H +#define NV_UNDEFINESPACE_FP_H + +typedef struct { + TPMI_RH_PROVISION authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_UndefineSpace_In; + +#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) + +TPM_RC +TPM2_NV_UndefineSpace( + NV_UndefineSpace_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteLock_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteLock_fp.h new file mode 100644 index 000000000000..471e1c9b773b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteLock_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_WriteLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_WRITELOCK_FP_H +#define NV_WRITELOCK_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_WriteLock_In; + +#define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) + +TPM_RC +TPM2_NV_WriteLock( + NV_WriteLock_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValueAuth_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValueAuth_fp.h new file mode 100644 index 000000000000..60b4bca5fd65 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValueAuth_fp.h @@ -0,0 +1,57 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 NV_WriteValueAuth */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_WriteValueAuth_fp.h 1294 2018-08-09 19:08:34Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NVWRITEVALUEAUTH_FP_H +#define NVWRITEVALUEAUTH_FP_H + +typedef struct { + TPM12_NV_INDEX nvIndex; + UINT32 offset; + UINT32 dataSize; + BYTE data[MAX_NV_BUFFER_SIZE]; +} NV_WriteValueAuth_In; + +TPM_RC +TPM_NV_WriteValueAuth( + NV_WriteValueAuth_In *in // IN: input parameter list + ); + + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValue_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValue_fp.h new file mode 100644 index 000000000000..489aa1dc0793 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_WriteValue_fp.h @@ -0,0 +1,55 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 NV_WriteValue */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_WriteValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NVWRITEVALUE_FP_H +#define NVWRITEVALUE_FP_H + +typedef struct { + TPM12_NV_INDEX nvIndex; + UINT32 offset; + UINT32 dataSize; + BYTE data[MAX_NV_BUFFER_SIZE]; +} NV_WriteValue_In; + +TPM_RC +TPM_NV_WriteValue( + NV_WriteValue_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Write_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Write_fp.h new file mode 100644 index 000000000000..56b9a98016bb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/NV_Write_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: NV_Write_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef NV_WRITE_FP_H +#define NV_WRITE_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; + UINT16 offset; +} NV_Write_In; + +#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) +#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_NV_Write( + NV_Write_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/OIAP_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OIAP_fp.h new file mode 100644 index 000000000000..644b6329be7c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OIAP_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: OIAP_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2018 */ +/* */ +/********************************************************************************/ + +#ifndef OIAP_FP_H +#define OIAP_FP_H + +#include +#include + +typedef struct { + TPM_AUTHHANDLE authHandle; + TPM_NONCE nonceEven; +} OIAP_Out; + +TPM_RC +TPM2_OIAP( + OIAP_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/OSAP_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OSAP_fp.h new file mode 100644 index 000000000000..1a6ee48159af --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OSAP_fp.h @@ -0,0 +1,60 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 OSAP */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef OSAP_FP_H +#define OSAP_FP_H + +typedef struct { + TPM_ENTITY_TYPE entityType; + UINT32 entityValue; + TPM_NONCE nonceOddOSAP; +} OSAP_In; + +typedef struct { + TPM_AUTHHANDLE authHandle; + TPM_NONCE nonceEven; + TPM_NONCE nonceEvenOSAP; +} OSAP_Out; + +TPM_RC +TPM2_OSAP( + OSAP_In *in, // IN: input parameter buffer + OSAP_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ObjectChangeAuth_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ObjectChangeAuth_fp.h new file mode 100644 index 000000000000..1987da4b389b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ObjectChangeAuth_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ObjectChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef OBJECTCHANGEAUTH_FP_H +#define OBJECTCHANGEAUTH_FP_H + +typedef struct { + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT parentHandle; + TPM2B_AUTH newAuth; +} ObjectChangeAuth_In; + +#define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) +#define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) +#define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_PRIVATE outPrivate; +} ObjectChangeAuth_Out; + + +TPM_RC +TPM2_ObjectChangeAuth( + ObjectChangeAuth_In *in, // IN: input parameter list + ObjectChangeAuth_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerReadInternalPub_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerReadInternalPub_fp.h new file mode 100644 index 000000000000..d1f74cfd1ec1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerReadInternalPub_fp.h @@ -0,0 +1,62 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 OwnerReadInternalPub */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: OwnerReadInternalPub_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef OWNERREADINTERNALPUB_FP_H +#define OWNERREADINTERNALPUB_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE keyHandle; +} OwnerReadInternalPub_In; + +typedef struct { + TPM_PUBKEY publicPortion; +} OwnerReadInternalPub_Out; + +TPM_RC +TPM2_OwnerReadInternalPub( + OwnerReadInternalPub_In *in, // IN: input parameter buffer + OwnerReadInternalPub_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerSetDisable_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerSetDisable_fp.h new file mode 100644 index 000000000000..f257f20aa471 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/OwnerSetDisable_fp.h @@ -0,0 +1,50 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: OwnerSetDisable_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef OWNERSETDISABLE_FP_H +#define OWNERSETDISABLE_FP_H + +#include + +typedef struct { + uint8_t disableState; +} OwnerSetDisable_In; + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Allocate_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Allocate_fp.h new file mode 100644 index 000000000000..509d7c098576 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Allocate_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_Allocate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_ALLOCATE_FP_H +#define PCR_ALLOCATE_FP_H + +typedef struct { + TPMI_RH_PLATFORM authHandle; + TPML_PCR_SELECTION pcrAllocation; +} PCR_Allocate_In; + +#define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPMI_YES_NO allocationSuccess; + UINT32 maxPCR; + UINT32 sizeNeeded; + UINT32 sizeAvailable; +} PCR_Allocate_Out; + +TPM_RC +TPM2_PCR_Allocate( + PCR_Allocate_In *in, // IN: input parameter list + PCR_Allocate_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Event_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Event_fp.h new file mode 100644 index 000000000000..2ccb82a32fc2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Event_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_Event_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_EVENT_FP_H +#define PCR_EVENT_FP_H + +typedef struct { + TPMI_DH_PCR pcrHandle; + TPM2B_EVENT eventData; +} PCR_Event_In; + +#define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPML_DIGEST_VALUES digests; +} PCR_Event_Out; + +TPM_RC +TPM2_PCR_Event( + PCR_Event_In *in, // IN: input parameter list + PCR_Event_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Extend_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Extend_fp.h new file mode 100644 index 000000000000..fc201a8dc863 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Extend_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_EXTEND_FP_H +#define PCR_EXTEND_FP_H + +typedef struct { + TPMI_DH_PCR pcrHandle; + TPML_DIGEST_VALUES digests; +} PCR_Extend_In; + +#define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PCR_Extend( + PCR_Extend_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Read_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Read_fp.h new file mode 100644 index 000000000000..4c38d3e52e64 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Read_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_Read_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_READ_FP_H +#define PCR_READ_FP_H + +typedef struct { + TPML_PCR_SELECTION pcrSelectionIn; +} PCR_Read_In; + +#define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) + +typedef struct { + UINT32 pcrUpdateCounter; + TPML_PCR_SELECTION pcrSelectionOut; + TPML_DIGEST pcrValues; +} PCR_Read_Out; + +TPM_RC +TPM2_PCR_Read( + PCR_Read_In *in, // IN: input parameter list + PCR_Read_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset12_fp.h new file mode 100644 index 000000000000..995a1baef44f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset12_fp.h @@ -0,0 +1,51 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 PCR_Reset */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef PCRRESET12_FP_H +#define PCRRESET12_FP_H + +typedef struct { + TPM_PCR_SELECTION pcrSelection; +} PCR_Reset12_In; + +TPM_RC +TPM_PCR_Reset12( + PCR_Reset12_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset_fp.h new file mode 100644 index 000000000000..9825fc93d9ac --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_Reset_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_Reset_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_RESET_FP_H +#define PCR_RESET_FP_H + +typedef struct { + TPMI_DH_PCR pcrHandle; +} PCR_Reset_In; + +#define RC_PCR_Reset__pcrHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_PCR_Reset( + PCR_Reset_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthPolicy_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthPolicy_fp.h new file mode 100644 index 000000000000..3146b5b65cec --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthPolicy_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_SetAuthPolicy_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_SETAUTHPOLICY_FP_H +#define PCR_SETAUTHPOLICY_FP_H + +typedef struct { + TPMI_RH_PLATFORM authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; + TPMI_DH_PCR pcrNum; +} PCR_SetAuthPolicy_In; + +#define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +#define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) +#define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_PCR_SetAuthPolicy( + PCR_SetAuthPolicy_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthValue_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthValue_fp.h new file mode 100644 index 000000000000..83515784b464 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PCR_SetAuthValue_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PCR_SetAuthValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef PCR_SETAUTHVALUE_FP_H +#define PCR_SETAUTHVALUE_FP_H + +typedef struct { + TPMI_DH_PCR pcrHandle; + TPM2B_DIGEST auth; +} PCR_SetAuthValue_In; + +#define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) +#define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PCR_SetAuthValue( + PCR_SetAuthValue_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PP_Commands_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PP_Commands_fp.h new file mode 100644 index 000000000000..f042b5a1306b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PP_Commands_fp.h @@ -0,0 +1,80 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PP_Commands_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 */ +/* */ +/********************************************************************************/ + +#ifndef PP_COMMANDS_FP_H +#define PP_COMMANDS_FP_H + +typedef struct { + TPMI_RH_PLATFORM auth; + TPML_CC setList; + TPML_CC clearList; +} PP_Commands_In; + +#define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) +#define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) +#define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_PP_Commands( + PP_Commands_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters.h new file mode 100644 index 000000000000..98a04ffcb134 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters.h @@ -0,0 +1,386 @@ +/********************************************************************************/ +/* */ +/* Command and Response Parameter Structures */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2019 */ +/* */ +/********************************************************************************/ + +/* TPM and TSS share thses structures */ + +#ifndef PARAMETERS_H +#define PARAMETERS_H + +#include "TPM_Types.h" + +#include "ActivateCredential_fp.h" +#include "CertifyCreation_fp.h" +#include "Certify_fp.h" +#include "CertifyX509_fp.h" +#include "ChangeEPS_fp.h" +#include "ChangePPS_fp.h" +#include "ClearControl_fp.h" +#include "Clear_fp.h" +#include "ClockRateAdjust_fp.h" +#include "ClockSet_fp.h" +#include "Commit_fp.h" +#include "ContextLoad_fp.h" +#include "ContextSave_fp.h" +#include "CreatePrimary_fp.h" +#include "Create_fp.h" +#include "CreateLoaded_fp.h" +#include "DictionaryAttackLockReset_fp.h" +#include "DictionaryAttackParameters_fp.h" +#include "Duplicate_fp.h" +#include "ECC_Parameters_fp.h" +#include "ECDH_KeyGen_fp.h" +#include "ECDH_ZGen_fp.h" +#include "EC_Ephemeral_fp.h" +#include "EncryptDecrypt_fp.h" +#include "EncryptDecrypt2_fp.h" +#include "EventSequenceComplete_fp.h" +#include "EvictControl_fp.h" +#include "FlushContext_fp.h" +#include "GetCapability_fp.h" +#include "GetCommandAuditDigest_fp.h" +#include "GetRandom_fp.h" +#include "GetSessionAuditDigest_fp.h" +#include "GetTestResult_fp.h" +#include "GetTime_fp.h" +#include "HMAC_Start_fp.h" +#include "HMAC_fp.h" +#include "HashSequenceStart_fp.h" +#include "Hash_fp.h" +#include "HierarchyChangeAuth_fp.h" +#include "HierarchyControl_fp.h" +#include "Import_fp.h" +#include "IncrementalSelfTest_fp.h" +#include "LoadExternal_fp.h" +#include "Load_fp.h" +#include "MakeCredential_fp.h" +#include "NV_Certify_fp.h" +#include "NV_ChangeAuth_fp.h" +#include "NV_DefineSpace_fp.h" +#include "NV_Extend_fp.h" +#include "NV_GlobalWriteLock_fp.h" +#include "NV_Increment_fp.h" +#include "NV_ReadLock_fp.h" +#include "NV_ReadPublic_fp.h" +#include "NV_Read_fp.h" +#include "NV_SetBits_fp.h" +#include "NV_UndefineSpaceSpecial_fp.h" +#include "NV_UndefineSpace_fp.h" +#include "NV_WriteLock_fp.h" +#include "NV_Write_fp.h" +#include "ObjectChangeAuth_fp.h" +#include "PCR_Allocate_fp.h" +#include "PCR_Event_fp.h" +#include "PCR_Extend_fp.h" +#include "PCR_Read_fp.h" +#include "PCR_Reset_fp.h" +#include "PCR_SetAuthPolicy_fp.h" +#include "PCR_SetAuthValue_fp.h" +#include "PP_Commands_fp.h" +#include "PolicyAuthValue_fp.h" +#include "PolicyAuthorize_fp.h" +#include "PolicyCommandCode_fp.h" +#include "PolicyCounterTimer_fp.h" +#include "PolicyCpHash_fp.h" +#include "PolicyDuplicationSelect_fp.h" +#include "PolicyGetDigest_fp.h" +#include "PolicyLocality_fp.h" +#include "PolicyNV_fp.h" +#include "PolicyAuthorizeNV_fp.h" +#include "PolicyNvWritten_fp.h" +#include "PolicyNameHash_fp.h" +#include "PolicyOR_fp.h" +#include "PolicyPCR_fp.h" +#include "PolicyPassword_fp.h" +#include "PolicyPhysicalPresence_fp.h" +#include "PolicyRestart_fp.h" +#include "PolicySecret_fp.h" +#include "PolicySigned_fp.h" +#include "PolicyTemplate_fp.h" +#include "PolicyTicket_fp.h" +#include "Quote_fp.h" +#include "RSA_Decrypt_fp.h" +#include "RSA_Encrypt_fp.h" +#include "ReadClock_fp.h" +#include "ReadPublic_fp.h" +#include "Rewrap_fp.h" +#include "SelfTest_fp.h" +#include "SequenceComplete_fp.h" +#include "SequenceUpdate_fp.h" +#include "SetAlgorithmSet_fp.h" +#include "SetCommandCodeAuditStatus_fp.h" +#include "SetPrimaryPolicy_fp.h" +#include "Shutdown_fp.h" +#include "Sign_fp.h" +#include "StartAuthSession_fp.h" +#include "Startup_fp.h" +#include "StirRandom_fp.h" +#include "TestParms_fp.h" +#include "Unseal_fp.h" +#include "VerifySignature_fp.h" +#include "ZGen_2Phase_fp.h" +#include "NTC_fp.h" + +#include + +typedef union { + ActivateCredential_In ActivateCredential; + CertifyCreation_In CertifyCreation; + Certify_In Certify; + ChangeEPS_In ChangeEPS; + ChangePPS_In ChangePPS; + ClearControl_In ClearControl; + Clear_In Clear; + ClockRateAdjust_In ClockRateAdjust; + ClockSet_In ClockSet; + Commit_In Commit; + ContextLoad_In ContextLoad; + ContextSave_In ContextSave; + CreatePrimary_In CreatePrimary; + Create_In Create; + DictionaryAttackLockReset_In DictionaryAttackLockReset; + DictionaryAttackParameters_In DictionaryAttackParameters; + Duplicate_In Duplicate; + ECC_Parameters_In ECC_Parameters; + ECDH_KeyGen_In ECDH_KeyGen; + ECDH_ZGen_In ECDH_ZGen; + EC_Ephemeral_In EC_Ephemeral; + EncryptDecrypt_In EncryptDecrypt; + EventSequenceComplete_In EventSequenceComplete; + EvictControl_In EvictControl; + FlushContext_In FlushContext; + GetCapability_In GetCapability; + GetCommandAuditDigest_In GetCommandAuditDigest; + GetRandom_In GetRandom; + GetSessionAuditDigest_In GetSessionAuditDigest; + GetTime_In GetTime; + HMAC_In HMAC; + HMAC_Start_In HMAC_Start; + HashSequenceStart_In HashSequenceStart; + Hash_In Hash; + HierarchyChangeAuth_In HierarchyChangeAuth; + HierarchyControl_In HierarchyControl; + Import_In Import; + IncrementalSelfTest_In IncrementalSelfTest; + LoadExternal_In LoadExternal; + Load_In Load; + MakeCredential_In MakeCredential; + NV_Certify_In NV_Certify; + NV_ChangeAuth_In NV_ChangeAuth; + NV_DefineSpace_In NV_DefineSpace; + NV_Extend_In NV_Extend; + NV_GlobalWriteLock_In NV_GlobalWriteLock; + NV_Increment_In NV_Increment; + NV_ReadLock_In NV_ReadLock; + NV_ReadPublic_In NV_ReadPublic; + NV_Read_In NV_Read; + NV_SetBits_In NV_SetBits; + NV_UndefineSpaceSpecial_In NV_UndefineSpaceSpecial; + NV_UndefineSpace_In NV_UndefineSpace; + NV_WriteLock_In NV_WriteLock; + NV_Write_In NV_Write; + ObjectChangeAuth_In ObjectChangeAuth; + PCR_Allocate_In PCR_Allocate; + PCR_Event_In PCR_Event; + PCR_Extend_In PCR_Extend; + PCR_Read_In PCR_Read; + PCR_Reset_In PCR_Reset; + PCR_SetAuthPolicy_In PCR_SetAuthPolicy; + PCR_SetAuthValue_In PCR_SetAuthValue; + PP_Commands_In PP_Commands; + PolicyAuthValue_In PolicyAuthValue; + PolicyAuthorize_In PolicyAuthorize; + PolicyCommandCode_In PolicyCommandCode; + PolicyCounterTimer_In PolicyCounterTimer; + PolicyCpHash_In PolicyCpHash; + PolicyDuplicationSelect_In PolicyDuplicationSelect; + PolicyGetDigest_In PolicyGetDigest; + PolicyLocality_In PolicyLocality; + PolicyNV_In PolicyNV; + PolicyAuthorizeNV_In PolicyAuthorizeNV; + PolicyNameHash_In PolicyNameHash; + PolicyOR_In PolicyOR; + PolicyPCR_In PolicyPCR; + PolicyPassword_In PolicyPassword; + PolicyPhysicalPresence_In PolicyPhysicalPresence; + PolicyRestart_In PolicyRestart; + PolicySecret_In PolicySecret; + PolicySigned_In PolicySigned; + PolicyTicket_In PolicyTicket; + Quote_In Quote; + RSA_Decrypt_In RSA_Decrypt; + RSA_Encrypt_In RSA_Encrypt; + ReadPublic_In ReadPublic; + Rewrap_In Rewrap; + SelfTest_In SelfTest; + SequenceComplete_In SequenceComplete; + SequenceUpdate_In SequenceUpdate; + SetAlgorithmSet_In SetAlgorithmSet; + SetCommandCodeAuditStatus_In SetCommandCodeAuditStatus; + SetPrimaryPolicy_In SetPrimaryPolicy; + Shutdown_In Shutdown; + Sign_In Sign; + StartAuthSession_In StartAuthSession; + Startup_In Startup; + StirRandom_In StirRandom; + TestParms_In TestParms; + Unseal_In Unseal; + VerifySignature_In VerifySignature; + ZGen_2Phase_In ZGen_2Phase; + + ActivateIdentity_In ActivateIdentity; + CreateWrapKey_In CreateWrapKey; + CreateEndorsementKeyPair_In CreateEndorsementKeyPair; + Extend_In Extend; + FlushSpecific_In FlushSpecific; + GetCapability12_In GetCapability12; + MakeIdentity_In MakeIdentity; + NV_DefineSpace12_In NV_DefineSpace12; + NV_ReadValue_In NV_ReadValue; + NV_ReadValueAuth_In NV_ReadValueAuth; + NV_WriteValue_In NV_WriteValue; + NV_WriteValueAuth_In NV_WriteValueAuth; + OSAP_In OSAP; + OwnerReadInternalPub_In OwnerReadInternalPub; + OwnerSetDisable_In OwnerSetDisable; + LoadKey2_In LoadKey2; + PcrRead12_In PcrRead12; + PCR_Reset12_In PCR_Reset12; + Quote2_In Quote2; + ReadPubek_In ReadPubek; + Sign12_In Sign12; + Startup12_In Startup12; + TakeOwnership_In TakeOwnership; +} COMMAND_PARAMETERS; + +typedef union +{ + ActivateCredential_Out ActivateCredential; + CertifyCreation_Out CertifyCreation; + Certify_Out Certify; + Commit_Out Commit; + ContextLoad_Out ContextLoad; + ContextSave_Out ContextSave; + CreatePrimary_Out CreatePrimary; + Create_Out Create; + Duplicate_Out Duplicate; + ECC_Parameters_Out ECC_Parameters; + ECDH_KeyGen_Out ECDH_KeyGen; + ECDH_ZGen_Out ECDH_ZGen; + EC_Ephemeral_Out EC_Ephemeral; + EncryptDecrypt_Out EncryptDecrypt; + EventSequenceComplete_Out EventSequenceComplete; + GetCapability_Out GetCapability; + GetCommandAuditDigest_Out GetCommandAuditDigest; + GetRandom_Out GetRandom; + GetSessionAuditDigest_Out GetSessionAuditDigest; + GetTestResult_Out GetTestResult; + GetTime_Out GetTime; + HMAC_Out HMAC; + HMAC_Start_Out HMAC_Start; + HashSequenceStart_Out HashSequenceStart; + Hash_Out Hash; + Import_Out Import; + IncrementalSelfTest_Out IncrementalSelfTest; + LoadExternal_Out LoadExternal; + Load_Out Load; + MakeCredential_Out MakeCredential; + NV_Certify_Out NV_Certify; + NV_ReadPublic_Out NV_ReadPublic; + NV_Read_Out NV_Read; + ObjectChangeAuth_Out ObjectChangeAuth; + PCR_Allocate_Out PCR_Allocate; + PCR_Event_Out PCR_Event; + PCR_Read_Out PCR_Read; + PolicyGetDigest_Out PolicyGetDigest; + PolicySecret_Out PolicySecret; + PolicySigned_Out PolicySigned; + Quote_Out Quote; + RSA_Decrypt_Out RSA_Decrypt; + RSA_Encrypt_Out RSA_Encrypt; + ReadClock_Out ReadClock; + ReadPublic_Out ReadPublic; + Rewrap_Out Rewrap; + SequenceComplete_Out SequenceComplete; + Sign_Out Sign; + StartAuthSession_Out StartAuthSession; + Unseal_Out Unseal; + VerifySignature_Out VerifySignature; + ZGen_2Phase_Out ZGen_2Phase; + + ActivateIdentity_Out ActivateIdentity; + CreateWrapKey_Out CreateWrapKey; + CreateEndorsementKeyPair_Out CreateEndorsementKeyPair; + Extend_Out Extend; + GetCapability12_Out GetCapability12; + MakeIdentity_Out MakeIdentity; + NV_ReadValue_Out NV_ReadValue; + NV_ReadValueAuth_Out NV_ReadValueAuth; + OIAP_Out OIAP; + OSAP_Out OSAP; + OwnerReadInternalPub_Out OwnerReadInternalPub; + LoadKey2_Out LoadKey2; + PcrRead12_Out PcrRead12; + Quote2_Out Quote2; + ReadPubek_Out ReadPubek; + Sign12_Out Sign12; + TakeOwnership_Out TakeOwnership; +} RESPONSE_PARAMETERS; + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters12.h new file mode 100644 index 000000000000..90c9fa847028 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Parameters12.h @@ -0,0 +1,68 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Parameters12.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef PARAMETERS12_H +#define PARAMETERS12_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PcrRead12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PcrRead12_fp.h new file mode 100644 index 000000000000..dcb22783c6ff --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PcrRead12_fp.h @@ -0,0 +1,56 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 PcrRead */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef PCRREAD12_FP_H +#define PCRREAD12_FP_H + +typedef struct { + TPM_PCRINDEX pcrIndex; +} PcrRead12_In; + +typedef struct { + TPM_PCRVALUE outDigest; +} PcrRead12_Out; + +TPM_RC +TPM_PcrRead12( + PcrRead12_In *in, // IN: input parameter list + PcrRead12_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthValue_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthValue_fp.h new file mode 100644 index 000000000000..c09a57bda18b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthValue_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyAuthValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYAUTHVALUE_FP_H +#define POLICYAUTHVALUE_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyAuthValue_In; + +#define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_PolicyAuthValue( + PolicyAuthValue_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorizeNV_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorizeNV_fp.h new file mode 100644 index 000000000000..9b70b5c6f370 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorizeNV_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* PolicyAuthorizeNV */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ +/* */ +/********************************************************************************/ + +/* rev 136 */ + +#ifndef POLICYAUTHORIZENV_FP_H +#define POLICYAUTHORIZENV_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; +} PolicyAuthorizeNV_In; + +#define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) + +TPM_RC +TPM2_PolicyAuthorizeNV( + PolicyAuthorizeNV_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorize_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorize_fp.h new file mode 100644 index 000000000000..da1ddd72357e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyAuthorize_fp.h @@ -0,0 +1,86 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyAuthorize_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYAUTHORIZE_FP_H +#define POLICYAUTHORIZE_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST approvedPolicy; + TPM2B_NONCE policyRef; + TPM2B_NAME keySign; + TPMT_TK_VERIFIED checkTicket; +} PolicyAuthorize_In; + +#define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) +#define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) +#define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) +#define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) + +TPM_RC +TPM2_PolicyAuthorize( + PolicyAuthorize_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCommandCode_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCommandCode_fp.h new file mode 100644 index 000000000000..bc74c58a4150 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCommandCode_fp.h @@ -0,0 +1,80 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyCommandCode_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYCOMMANDCODE_FP_H +#define POLICYCOMMANDCODE_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM_CC code; +} PolicyCommandCode_In; + +#define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyCommandCode( + PolicyCommandCode_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCounterTimer_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCounterTimer_fp.h new file mode 100644 index 000000000000..605de794e678 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCounterTimer_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyCounterTimer_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYCOUNTERTIMER_FP_H +#define POLICYCOUNTERTIMER_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; +} PolicyCounterTimer_In; + +#define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) +#define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) +#define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_PolicyCounterTimer( + PolicyCounterTimer_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCpHash_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCpHash_fp.h new file mode 100644 index 000000000000..f2395513a8fc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyCpHash_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyCpHash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYCPHASH_FP_H +#define POLICYCPHASH_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST cpHashA; +} PolicyCpHash_In; + +#define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyCpHash( + PolicyCpHash_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyDuplicationSelect_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyDuplicationSelect_fp.h new file mode 100644 index 000000000000..12a5d3304674 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyDuplicationSelect_fp.h @@ -0,0 +1,85 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyDuplicationSelect_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYDUPLICATIONSELECT_FP_H +#define POLICYDUPLICATIONSELECT_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_NAME objectName; + TPM2B_NAME newParentName; + TPMI_YES_NO includeObject; +} PolicyDuplicationSelect_In; + +#define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) +#define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) +#define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_PolicyDuplicationSelect( + PolicyDuplicationSelect_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyGetDigest_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyGetDigest_fp.h new file mode 100644 index 000000000000..0283ee17a21a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyGetDigest_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyGetDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYGETDIGEST_FP_H +#define POLICYGETDIGEST_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyGetDigest_In; + +#define RC_PolicyGetDigest_policySession (TPM_RC_P + TPM_RC_1) + +typedef struct { + TPM2B_DIGEST policyDigest; +} PolicyGetDigest_Out; + +TPM_RC +TPM2_PolicyGetDigest( + PolicyGetDigest_In *in, // IN: input parameter list + PolicyGetDigest_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyLocality_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyLocality_fp.h new file mode 100644 index 000000000000..f41fa654a930 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyLocality_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyLocality_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYLOCALITY_FP_H +#define POLICYLOCALITY_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPMA_LOCALITY locality; +} PolicyLocality_In; + +#define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyLocality( + PolicyLocality_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNV_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNV_fp.h new file mode 100644 index 000000000000..580eefffce1a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNV_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyNV_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYNV_FP_H +#define POLICYNV_FP_H + +typedef struct { + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; +} PolicyNV_In; + +#define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) +#define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) +#define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) +#define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_PolicyNV( + PolicyNV_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNameHash_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNameHash_fp.h new file mode 100644 index 000000000000..39c73ee85830 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNameHash_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyNameHash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYNAMEHASH_FP_H +#define POLICYNAMEHASH_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST nameHash; +} PolicyNameHash_In; + +#define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyNameHash( + PolicyNameHash_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNvWritten_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNvWritten_fp.h new file mode 100644 index 000000000000..afe514f8afe0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyNvWritten_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyNvWritten_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYNVWRITTEN_FP_H +#define POLICYNVWRITTEN_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPMI_YES_NO writtenSet; +} PolicyNvWritten_In; + +#define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyNvWritten( + PolicyNvWritten_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyOR_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyOR_fp.h new file mode 100644 index 000000000000..cc1024a72025 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyOR_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyOR_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYOR_FP_H +#define POLICYOR_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPML_DIGEST pHashList; +} PolicyOR_In; + +#define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyOR( + PolicyOR_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPCR_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPCR_fp.h new file mode 100644 index 000000000000..6d9f715c6cba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPCR_fp.h @@ -0,0 +1,82 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyPCR_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYPCR_FP_H +#define POLICYPCR_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST pcrDigest; + TPML_PCR_SELECTION pcrs; +} PolicyPCR_In; + +#define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) +#define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_PolicyPCR( + PolicyPCR_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPassword_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPassword_fp.h new file mode 100644 index 000000000000..033578bf149e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPassword_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyPassword_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYPASSWORD_FP_H +#define POLICYPASSWORD_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyPassword_In; + +#define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_PolicyPassword( + PolicyPassword_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPhysicalPresence_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPhysicalPresence_fp.h new file mode 100644 index 000000000000..1386259c8fdf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyPhysicalPresence_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyPhysicalPresence_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYPHYSICALPRESENCE_FP_H +#define POLICYPHYSICALPRESENCE_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; +} PolicyPhysicalPresence_In; + +#define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_PolicyPhysicalPresence( + PolicyPhysicalPresence_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyRestart_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyRestart_fp.h new file mode 100644 index 000000000000..615d87fe1140 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyRestart_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyRestart_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYRESTART_FP_H +#define POLICYRESTART_FP_H + +typedef struct { + TPMI_SH_POLICY sessionHandle; +} PolicyRestart_In; + +#define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) + +TPM_RC +TPM2_PolicyRestart( + PolicyRestart_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySecret_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySecret_fp.h new file mode 100644 index 000000000000..f90378a6c8ce --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySecret_fp.h @@ -0,0 +1,95 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicySecret_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 124 */ + +#ifndef POLICYSECRET_FP_H +#define POLICYSECRET_FP_H + +typedef struct { + TPMI_DH_ENTITY authHandle; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; +} PolicySecret_In; + +#define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) +#define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) +#define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; +} PolicySecret_Out; + +TPM_RC +TPM2_PolicySecret( + PolicySecret_In *in, // IN: input parameter list + PolicySecret_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySigned_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySigned_fp.h new file mode 100644 index 000000000000..d51f7bc6ee4e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicySigned_fp.h @@ -0,0 +1,96 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicySigned_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYSIGNED_FP_H +#define POLICYSIGNED_FP_H + +typedef struct { + TPMI_DH_OBJECT authObject; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; + TPMT_SIGNATURE auth; +} PolicySigned_In; + +#define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) +#define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) +#define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) +#define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) +#define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) + +typedef struct { + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; +} PolicySigned_Out; + +TPM_RC +TPM2_PolicySigned( + PolicySigned_In *in, // IN: input parameter list + PolicySigned_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTemplate_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTemplate_fp.h new file mode 100644 index 000000000000..23e40f44b87b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTemplate_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyTemplate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYTEMPLATE_FP_H +#define POLICYTEMPLATE_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_DIGEST templateHash; +} PolicyTemplate_In; + +#define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_PolicyTemplate( + PolicyTemplate_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTicket_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTicket_fp.h new file mode 100644 index 000000000000..7c680a0f62d6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/PolicyTicket_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: PolicyTicket_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef POLICYTICKET_FP_H +#define POLICYTICKET_FP_H + +typedef struct { + TPMI_SH_POLICY policySession; + TPM2B_TIMEOUT timeout; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + TPM2B_NAME authName; + TPMT_TK_AUTH ticket; +} PolicyTicket_In; + +#define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) +#define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) +#define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) +#define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) +#define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) +#define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) + +TPM_RC +TPM2_PolicyTicket( + PolicyTicket_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote2_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote2_fp.h new file mode 100644 index 000000000000..14e717579b81 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote2_fp.h @@ -0,0 +1,69 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Quote2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Quote2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef QUOTE2_FP_H +#define QUOTE2_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE keyHandle; + TPM_NONCE externalData; + TPM_PCR_SELECTION targetPCR; + TPM_BOOL addVersion; +} Quote2_In; + +typedef struct { + TPM_PCR_INFO_SHORT pcrData; + UINT32 versionInfoSize; + TPM_CAP_VERSION_INFO versionInfo; + UINT32 sigSize; + BYTE sig[MAX_RSA_KEY_BYTES]; +} Quote2_Out; + +TPM_RC +TPM2_Quote2( + Quote2_In *in, // IN: input parameter buffer + Quote2_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote_fp.h new file mode 100644 index 000000000000..75fcaa760a6f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Quote_fp.h @@ -0,0 +1,91 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Quote_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef QUOTE_FP_H +#define QUOTE_FP_H + +typedef struct { + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + TPML_PCR_SELECTION PCRselect; +} Quote_In; + +#define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) +#define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) +#define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_ATTEST quoted; + TPMT_SIGNATURE signature; +} Quote_Out; + +TPM_RC +TPM2_Quote( + Quote_In *in, // IN: input parameter list + Quote_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Decrypt_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Decrypt_fp.h new file mode 100644 index 000000000000..2c8a41f8ea34 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Decrypt_fp.h @@ -0,0 +1,90 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: RSA_Decrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef RSA_DECRYPT_FP_H +#define RSA_DECRYPT_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA cipherText; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; +} RSA_Decrypt_In; + +#define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) +#define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_PUBLIC_KEY_RSA message; +} RSA_Decrypt_Out; + +TPM_RC +TPM2_RSA_Decrypt( + RSA_Decrypt_In *in, // IN: input parameter list + RSA_Decrypt_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Encrypt_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Encrypt_fp.h new file mode 100644 index 000000000000..d7be5909946e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/RSA_Encrypt_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: RSA_Encrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef RSA_ENCRYPT_FP_H +#define RSA_ENCRYPT_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA message; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; +} RSA_Encrypt_In; + +#define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) +#define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_PUBLIC_KEY_RSA outData; +} RSA_Encrypt_Out; + +TPM_RC +TPM2_RSA_Encrypt( + RSA_Encrypt_In *in, // IN: input parameter list + RSA_Encrypt_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadClock_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadClock_fp.h new file mode 100644 index 000000000000..b0d7a68f759a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadClock_fp.h @@ -0,0 +1,77 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ReadClock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef READCLOCK_FP_H +#define READCLOCK_FP_H + +typedef struct { + TPMS_TIME_INFO currentTime; +} ReadClock_Out; + +TPM_RC +TPM2_ReadClock( + ReadClock_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPubek_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPubek_fp.h new file mode 100644 index 000000000000..440fbefe99cd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPubek_fp.h @@ -0,0 +1,63 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 ReadPubek */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ReadPubek_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef READPUBEK_FP_H +#define READPUBEK_FP_H + +#include +#include + +#include + +typedef struct { + TPM_NONCE antiReplay; +} ReadPubek_In; + +typedef struct { + TPM_PUBKEY pubEndorsementKey; + TPM_DIGEST checksum; +} ReadPubek_Out; + +TPM_RC +TPM2_ReadPubek( + ReadPubek_In *in, // IN: input parameter buffer + ReadPubek_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPublic_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPublic_fp.h new file mode 100644 index 000000000000..ad3fc2c70541 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ReadPublic_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ReadPublic_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef READPUBLIC_FP_H +#define READPUBLIC_FP_H + +typedef struct { + TPMI_DH_OBJECT objectHandle; +} ReadPublic_In; + +#define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) + +typedef struct { + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; + TPM2B_NAME qualifiedName; +} ReadPublic_Out; + +TPM_RC +TPM2_ReadPublic( + ReadPublic_In *in, // IN: input parameter list + ReadPublic_Out *out // OUT: output parameter list + ); +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Rewrap_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Rewrap_fp.h new file mode 100644 index 000000000000..83b4b627cd78 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Rewrap_fp.h @@ -0,0 +1,92 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Rewrap_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef REWRAP_FP_H +#define REWRAP_FP_H + +typedef struct { + TPMI_DH_OBJECT oldParent; + TPMI_DH_OBJECT newParent; + TPM2B_PRIVATE inDuplicate; + TPM2B_NAME name; + TPM2B_ENCRYPTED_SECRET inSymSeed; +} Rewrap_In; + +#define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) +#define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) +#define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) +#define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) +#define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPM2B_PRIVATE outDuplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; +} Rewrap_Out; + +TPM_RC +TPM2_Rewrap( + Rewrap_In *in, // IN: input parameter list + Rewrap_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SelfTest_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SelfTest_fp.h new file mode 100644 index 000000000000..33d4c6bdb578 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SelfTest_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: SelfTest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SELFTEST_FP_H +#define SELFTEST_FP_H + +typedef struct{ + TPMI_YES_NO fullTest; +} SelfTest_In; + +#define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_SelfTest( + SelfTest_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceComplete_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceComplete_fp.h new file mode 100644 index 000000000000..9064c96a461d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceComplete_fp.h @@ -0,0 +1,92 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: SequenceComplete_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SEQUENCECOMPLETE_FP_H +#define SEQUENCECOMPLETE_FP_H + +typedef struct { + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; + TPMI_RH_HIERARCHY hierarchy; +} SequenceComplete_In; + +#define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) +#define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) +#define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) + + +typedef struct { + TPM2B_DIGEST result; + TPMT_TK_HASHCHECK validation; +} SequenceComplete_Out; + + + +TPM_RC +TPM2_SequenceComplete( + SequenceComplete_In *in, // IN: input parameter list + SequenceComplete_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceUpdate_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceUpdate_fp.h new file mode 100644 index 000000000000..dd094178ab4c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SequenceUpdate_fp.h @@ -0,0 +1,82 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: SequenceUpdate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SEQUENCEUPDATE_FP_H +#define SEQUENCEUPDATE_FP_H + + +typedef struct { + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; +} SequenceUpdate_In; + +#define RC_SequenceUpdate_sequenceHandle (TPM_RC_P + TPM_RC_1) +#define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_SequenceUpdate( + SequenceUpdate_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetAlgorithmSet_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetAlgorithmSet_fp.h new file mode 100644 index 000000000000..c352f4d745bd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetAlgorithmSet_fp.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: SetAlgorithmSet_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SETALGORITHMSET_FP_H +#define SETALGORITHMSET_FP_H + +typedef struct { + TPMI_RH_PLATFORM authHandle; + UINT32 algorithmSet; +} SetAlgorithmSet_In; + +#define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_SetAlgorithmSet( + SetAlgorithmSet_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetCommandCodeAuditStatus_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetCommandCodeAuditStatus_fp.h new file mode 100644 index 000000000000..1ddb50fbbfa9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetCommandCodeAuditStatus_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: SetCommandCodeAuditStatus_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SETCOMMANDCODEAUDITSTATUS_FP_H +#define SETCOMMANDCODEAUDITSTATUS_FP_H + +typedef struct { + TPMI_RH_PROVISION auth; + TPMI_ALG_HASH auditAlg; + TPML_CC setList; + TPML_CC clearList; +} SetCommandCodeAuditStatus_In; + +#define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) +#define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) +#define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) +#define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) + +TPM_RC +TPM2_SetCommandCodeAuditStatus( + SetCommandCodeAuditStatus_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetPrimaryPolicy_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetPrimaryPolicy_fp.h new file mode 100644 index 000000000000..ea7ce050fdb6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/SetPrimaryPolicy_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* TPM2_SetPrimaryPolicy Command Header */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +#ifndef SETPRIMARYPOLICY_FP_H +#define SETPRIMARYPOLICY_FP_H + +typedef struct { + TPMI_RH_HIERARCHY_POLICY authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; +} SetPrimaryPolicy_In; + +#define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +#define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) + +TPM_RC +TPM2_SetPrimaryPolicy( + SetPrimaryPolicy_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Shutdown_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Shutdown_fp.h new file mode 100644 index 000000000000..51c6bc35f9d4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Shutdown_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Shutdown_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SHUTDOWN_FP_H +#define SHUTDOWN_FP_H + +typedef struct{ + TPM_SU shutdownType; +} Shutdown_In; + +#define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_Shutdown( + Shutdown_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign12_fp.h new file mode 100644 index 000000000000..dfaa238bffe8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign12_fp.h @@ -0,0 +1,65 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Sign12 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Sign12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef SIGN12_FP_H +#define SIGN12_FP_H + +#include +#include + +#include + +typedef struct { + TPM_KEY_HANDLE keyHandle; + UINT32 areaToSignSize; + BYTE areaToSign[MAX_COMMAND_SIZE]; +} Sign12_In; + +typedef struct { + UINT32 sigSize; + BYTE sig[MAX_RSA_KEY_BYTES]; +} Sign12_Out; + +TPM_RC +TPM2_Sign12( + Sign12_In *in, // IN: input parameter buffer + Sign12_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign_fp.h new file mode 100644 index 000000000000..41feb75d3e6e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Sign_fp.h @@ -0,0 +1,89 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Sign_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef SIGN_FP_H +#define SIGN_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_HASHCHECK validation; +} Sign_In; + +#define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_Sign_digest (TPM_RC_P + TPM_RC_1) +#define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) +#define RC_Sign_validation (TPM_RC_P + TPM_RC_3) + +typedef struct { + TPMT_SIGNATURE signature; +} Sign_Out; + +TPM_RC +TPM2_Sign( + Sign_In *in, // IN: input parameter list + Sign_Out *out // OUT: output parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/StartAuthSession_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/StartAuthSession_fp.h new file mode 100644 index 000000000000..03e8bb02e910 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/StartAuthSession_fp.h @@ -0,0 +1,97 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: StartAuthSession_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef STARTAUTHSESSION_FP_H +#define STARTAUTHSESSION_FP_H + +typedef struct { + TPMI_DH_OBJECT tpmKey; + TPMI_DH_ENTITY bind; + TPM2B_NONCE nonceCaller; + TPM2B_ENCRYPTED_SECRET encryptedSalt; + TPM_SE sessionType; + TPMT_SYM_DEF symmetric; + TPMI_ALG_HASH authHash; +} StartAuthSession_In; + +typedef struct { + TPMI_SH_AUTH_SESSION sessionHandle; + TPM2B_NONCE nonceTPM; +} StartAuthSession_Out; + +#define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) +#define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) +#define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) +#define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) +#define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) +#define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) +#define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) + +TPM_RC +TPM2_StartAuthSession( + StartAuthSession_In *in, // IN: input parameter buffer + StartAuthSession_Out *out // OUT: output parameter buffer + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup12_fp.h new file mode 100644 index 000000000000..4247810f9a8f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup12_fp.h @@ -0,0 +1,50 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Startup12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef STARTUP12_FP_H +#define STARTUP12_FP_H + +#include + +typedef struct { + TPM_STARTUP_TYPE startupType; +} Startup12_In; + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup_fp.h new file mode 100644 index 000000000000..c5e409fef063 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Startup_fp.h @@ -0,0 +1,84 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Startup_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef STARTUP_FP_H +#define STARTUP_FP_H + +void +_TPM_Init( + void + ); + + +typedef struct { + TPM_SU startupType; +} Startup_In; + +#define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_Startup( + Startup_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/StirRandom_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/StirRandom_fp.h new file mode 100644 index 000000000000..bbfc411aec4d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/StirRandom_fp.h @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: StirRandom_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef STIRRANDOM_FP_H +#define STIRRANDOM_FP_H + +typedef struct { + TPM2B_SENSITIVE_DATA inData; +} StirRandom_In; + +#define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_StirRandom( + StirRandom_In *in // IN: input parameter list + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPMB.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPMB.h new file mode 100644 index 000000000000..ff1539004a8b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPMB.h @@ -0,0 +1,104 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: TPMB.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 */ +/* */ +/********************************************************************************/ + +#ifndef TPMB_H +#define TPMB_H + +/* 5.20 TPMB.h */ +/* This file contains extra TPM2B structures */ +#ifndef _TPMB_H +#define _TPMB_H +/* TPM2B Types */ +typedef struct { + UINT16 size; + BYTE buffer[1]; +} TPM2B, *P2B; +typedef const TPM2B *PC2B; +/* This macro helps avoid having to type in the structure in order to create a new TPM2B type that + is used in a function. */ +#define TPM2B_TYPE(name, bytes) \ + typedef union { \ + struct { \ + UINT16 size; \ + BYTE buffer[(bytes)]; \ + } t; \ + TPM2B b; \ + } TPM2B_##name +/* This macro defines a TPM2B with a constant character value. This macro sets the size of the + string to the size minus the terminating zero byte. This lets the user of the label add their + terminating 0. This method is chosen so that existing code that provides a label will continue to + work correctly. */ +#define TPM2B_STRING(name, value) \ + static const union { \ + struct { \ + UINT16 size; \ + BYTE buffer[sizeof(value)]; \ + } t; \ + TPM2B b; \ + } name##_ = {{sizeof(value), {value}}}; \ + const TPM2B *name = &name##_.b +/* Macro to to instance and initialize a TPM2B value */ +#define TPM2B_INIT(TYPE, name) \ + TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} +#define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPM_Types.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPM_Types.h new file mode 100644 index 000000000000..855a3cd6653c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TPM_Types.h @@ -0,0 +1,2825 @@ +/********************************************************************************/ +/* */ +/* Headers from Part 2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012 - 2019 */ +/* */ +/********************************************************************************/ + +/* rev 124 */ + +#ifndef _TPM_TYPES_H +#define _TPM_TYPES_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + The C bit field is non-portable, but the TPM specification reference implementation uses them. + + These two macros attempt to define the TPM specification bit fields for little and big endian + machines. There is no guarantee that either will work with a specific compiler or tool chain. If + not, the developer must create a custom structure. + + TPM_BITFIELD_LE - little endian + TPM_BITFIELD_BE - big endian + + To access the structures as uint's for marshaling and unmarshaling, each bit field is a union with + an integral field called 'val'. + + Yes, I know that this uses anonymous structs, but the alternative yields another level of + deferencing, and will likely break more code. I hope your compiler supports this recent addition + to the standard. + + For portable code: + + If neither macro is defined, this header defines the structures as uint32_t. It defines constants + for the various bits, and can be used as: + + variable & CONSTANT (test for set) + !(variable & CONSTANT) (test for clear) + variable &= CONSTANT (to set) + variable |= ~CONSTANT (to clear) + + Although the portable structures are all uint32_t, some only use the least significant 8 bits and + are marshalled as a uint_8t. +*/ + +/* Table 3 - Definition of Base Types */ +/* In BaseTypes.h */ + +/* Table 4 - Defines for Logic Values */ +// In Table 39 (Yes, NO) +/* In bool.h (TRUE, FALSE) */ +#define SET 1 +#define CLEAR 0 + +/* Part 4 5.5 Capabilities.h */ + +#define MAX_CAP_DATA (MAX_CAP_BUFFER-sizeof(TPM_CAP)-sizeof(UINT32)) +#define MAX_CAP_ALGS (MAX_CAP_DATA/sizeof(TPMS_ALG_PROPERTY)) +#define MAX_CAP_HANDLES (MAX_CAP_DATA/sizeof(TPM_HANDLE)) +#define MAX_CAP_CC (MAX_CAP_DATA/sizeof(TPM_CC)) +#define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY)) +#define MAX_PCR_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PCR_SELECT)) +#define MAX_ECC_CURVES (MAX_CAP_DATA/sizeof(TPM_ECC_CURVE)) +#define MAX_TAGGED_POLICIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_POLICY)) + +/* Table 5 - Definition of Types for Documentation Clarity */ + +typedef UINT32 TPM_ALGORITHM_ID; /* this is the 1.2 compatible form of the TPM_ALG_ID */ +typedef UINT32 TPM_MODIFIER_INDICATOR; +typedef UINT32 TPM_AUTHORIZATION_SIZE; /* the authorizationSize parameter in a command */ +typedef UINT32 TPM_PARAMETER_SIZE; /* the parameterSizeset parameter in a command */ +typedef UINT16 TPM_KEY_SIZE; /* a key size in octets */ +typedef UINT16 TPM_KEY_BITS; /* a key size in bits */ + +/* Table 6 - Definition of (UINT32) TPM_SPEC Constants <> */ + +typedef UINT32 TPM_SPEC; + +#define TPM_SPEC_FAMILY 0x322E3000 /* ASCII "2.0" with null terminator */ +#define TPM_SPEC_LEVEL 00 /* the level number for the specification */ +#define TPM_SPEC_VERSION 124 /* the version number of the spec (01.21 * 100) */ +#define TPM_SPEC_YEAR 2015 /* the year of the version */ +#define TPM_SPEC_DAY_OF_YEAR 191 /* the day of the year */ + + +/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ + +typedef UINT32 TPM_GENERATED; + +#define TPM_GENERATED_VALUE 0xff544347 /* 0xFF 'TCG' (FF 54 43 47) */ + +/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ + +typedef UINT16 TPM_ALG_ID; + +/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ + +typedef UINT16 TPM_ECC_CURVE; + +/* Table 16 - Definition of (UINT32) TPM_RC Constants (Actions) */ + +typedef UINT32 TPM_RC; + +#define TPM_RC_SUCCESS 0x000 +#define TPM_RC_BAD_TAG 0x01E /* defined for compatibility with TPM 1.2 */ + +#define RC_VER1 0x100 /* set for all format 0 response codes */ + +#define TPM_RC_INITIALIZE (RC_VER1 + 0x000) /* TPM not initialized by TPM2_Startup or already initialized */ +#define TPM_RC_FAILURE (RC_VER1 + 0x001) /* commands not being accepted because of a TPM failure */ +#define TPM_RC_SEQUENCE (RC_VER1 + 0x003) /* improper use of a sequence handle */ +#define TPM_RC_PRIVATE (RC_VER1 + 0x00B) /* not currently used */ +#define TPM_RC_HMAC (RC_VER1 + 0x019) /* not currently used */ +#define TPM_RC_DISABLED (RC_VER1 + 0x020) /* the command is disabled */ +#define TPM_RC_EXCLUSIVE (RC_VER1 + 0x021) /* command failed because audit sequence required exclusivity */ +#define TPM_RC_AUTH_TYPE (RC_VER1 + 0x024) /* authorization handle is not correct for command */ +#define TPM_RC_AUTH_MISSING (RC_VER1 + 0x025) /* command requires an authorization session + for handle and it is not present. */ +#define TPM_RC_POLICY (RC_VER1 + 0x026) /* policy failure in math Operation or an invalid authPolicy value */ +#define TPM_RC_PCR (RC_VER1 + 0x027) /* PCR check fail */ +#define TPM_RC_PCR_CHANGED (RC_VER1 + 0x028) /* PCR have changed since checked. */ +#define TPM_RC_UPGRADE (RC_VER1 + 0x02D) /* for all commands other than + TPM2_FieldUpgradeData(), this code + indicates that the TPM is in field + upgrade mode */ +#define TPM_RC_TOO_MANY_CONTEXTS (RC_VER1 + 0x02E) /* context ID counter is at maximum. */ +#define TPM_RC_AUTH_UNAVAILABLE (RC_VER1 + 0x02F) /* authValue or authPolicy is not available for selected entity. */ +#define TPM_RC_REBOOT (RC_VER1 + 0x030) /* a _TPM_Init and Startup(CLEAR) is + required before the TPM can resume + operation. */ +#define TPM_RC_UNBALANCED (RC_VER1 + 0x031) /* the protection algorithms (hash and + symmetric) are not reasonably balanced */ +#define TPM_RC_COMMAND_SIZE (RC_VER1 + 0x042) /* command commandSize value is inconsistent + with contents of the command buffer */ +#define TPM_RC_COMMAND_CODE (RC_VER1 + 0x043) /* command code not supported */ +#define TPM_RC_AUTHSIZE (RC_VER1 + 0x044) /* the value of authorizationSize is out of range */ +#define TPM_RC_AUTH_CONTEXT (RC_VER1 + 0x045) /* use of an authorization session with a + context command or another command that + cannot have an authorization session.*/ +#define TPM_RC_NV_RANGE (RC_VER1 + 0x046) /* NV offset+size is out of range. */ +#define TPM_RC_NV_SIZE (RC_VER1 + 0x047) /* Requested allocation size is larger than allowed. */ +#define TPM_RC_NV_LOCKED (RC_VER1 + 0x048) /* NV access locked. */ +#define TPM_RC_NV_AUTHORIZATION (RC_VER1 + 0x049) /* NV access authorization fails in command + actions (this failure does not affect + lockout.action) */ +#define TPM_RC_NV_UNINITIALIZED (RC_VER1 + 0x04A) /* an NV Index is used before being + initialized or the state saved by + TPM2_Shutdown(STATE) could not be + restored */ +#define TPM_RC_NV_SPACE (RC_VER1 + 0x04B) /* insufficient space for NV allocation */ +#define TPM_RC_NV_DEFINED (RC_VER1 + 0x04C) /* NV Index or persistent object already defined */ +#define TPM_RC_BAD_CONTEXT (RC_VER1 + 0x050) /* context in TPM2_ContextLoad() is not valid */ +#define TPM_RC_CPHASH (RC_VER1 + 0x051) /* cpHash value already set or not correct for use */ +#define TPM_RC_PARENT (RC_VER1 + 0x052) /* handle for parent is not a valid parent */ +#define TPM_RC_NEEDS_TEST (RC_VER1 + 0x053) /* some function needs testing. */ +#define TPM_RC_NO_RESULT (RC_VER1 + 0x054) /* returned when an internal function cannot + process a request due to an unspecified + problem. */ +#define TPM_RC_SENSITIVE (RC_VER1 + 0x055) /* the sensitive area did not unmarshal correctly after decryption */ +#define RC_MAX_FM0 (RC_VER1 + 0x07F) /* largest version 1 code that is not a warning */ + +/* The codes in this group may have a value added to them to indicate the handle, session, or + parameter to which they apply. */ + +#define RC_FMT1 0x080 /* This bit is SET in all format 1 response codes */ + +#define TPM_RC_ASYMMETRIC (RC_FMT1 + 0x001) /* asymmetric algorithm not supported or not correct */ +#define TPM_RC_ATTRIBUTES (RC_FMT1 + 0x002) /* inconsistent attributes */ +#define TPM_RC_HASH (RC_FMT1 + 0x003) /* hash algorithm not supported or not appropriate */ +#define TPM_RC_VALUE (RC_FMT1 + 0x004) /* value is out of range or is not correct for the context */ +#define TPM_RC_HIERARCHY (RC_FMT1 + 0x005) /* hierarchy is not enabled or is not correct for the use */ +#define TPM_RC_KEY_SIZE (RC_FMT1 + 0x007) /* key size is not supported */ +#define TPM_RC_MGF (RC_FMT1 + 0x008) /* mask generation function not supported */ +#define TPM_RC_MODE (RC_FMT1 + 0x009) /* mode of operation not supported */ +#define TPM_RC_TYPE (RC_FMT1 + 0x00A) /* the type of the value is not appropriate for the use */ +#define TPM_RC_HANDLE (RC_FMT1 + 0x00B) /* the handle is not correct for the use */ +#define TPM_RC_KDF (RC_FMT1 + 0x00C) /* unsupported key derivation function or + function not appropriate for use */ +#define TPM_RC_RANGE (RC_FMT1 + 0x00D) /* value was out of allowed range. */ +#define TPM_RC_AUTH_FAIL (RC_FMT1 + 0x00E) /* the authorization HMAC check failed and DA counter incremented */ +#define TPM_RC_NONCE (RC_FMT1 + 0x00F) /* invalid nonce size or nonce value mismatch */ +#define TPM_RC_PP (RC_FMT1 + 0x010) /* authorization requires assertion of PP */ +#define TPM_RC_SCHEME (RC_FMT1 + 0x012) /* unsupported or incompatible scheme */ +#define TPM_RC_SIZE (RC_FMT1 + 0x015) /* structure is the wrong size */ +#define TPM_RC_SYMMETRIC (RC_FMT1 + 0x016) /* unsupported symmetric algorithm or key + size, or not appropriate for instance */ +#define TPM_RC_TAG (RC_FMT1 + 0x017) /* incorrect structure tag */ +#define TPM_RC_SELECTOR (RC_FMT1 + 0x018) /* union selector is incorrect */ +#define TPM_RC_INSUFFICIENT (RC_FMT1 + 0x01A) /* the TPM was unable to unmarshal a value + because there were not enough octets in + the input buffer */ +#define TPM_RC_SIGNATURE (RC_FMT1 + 0x01B) /* the signature is not valid */ +#define TPM_RC_KEY (RC_FMT1 + 0x01C) /* key fields are not compatible with the selected use */ +#define TPM_RC_POLICY_FAIL (RC_FMT1 + 0x01D) /* a policy check failed */ +#define TPM_RC_INTEGRITY (RC_FMT1 + 0x01F) /* integrity check failed */ +#define TPM_RC_TICKET (RC_FMT1 + 0x020) /* invalid ticket */ +#define TPM_RC_RESERVED_BITS (RC_FMT1 + 0x021) /* reserved bits not set to zero as required */ +#define TPM_RC_BAD_AUTH (RC_FMT1 + 0x022) /* authorization failure without DA implications */ +#define TPM_RC_EXPIRED (RC_FMT1 + 0x023) /* the policy has expired */ +#define TPM_RC_POLICY_CC (RC_FMT1 + 0x024) /* the commandCode in the policy is not the + commandCode of the command */ +#define TPM_RC_BINDING (RC_FMT1 + 0x025) /* public and sensitive portions of an + object are not cryptographically bound */ +#define TPM_RC_CURVE (RC_FMT1 + 0x026) /* curve not supported */ +#define TPM_RC_ECC_POINT (RC_FMT1 + 0x027) /* point is not on the required curve. */ + +/* aliases for FMT1 commands when parameter number can be added */ + +#define TPM_RCS_VALUE TPM_RC_VALUE +#define TPM_RCS_TYPE TPM_RC_TYPE +#define TPM_RCS_HANDLE TPM_RC_HANDLE +#define TPM_RCS_SIZE TPM_RC_SIZE +#define TPM_RCS_ATTRIBUTES TPM_RC_ATTRIBUTES +#define TPM_RCS_NONCE TPM_RC_NONCE +#define TPM_RCS_SYMMETRIC TPM_RC_SYMMETRIC +#define TPM_RCS_MODE TPM_RC_MODE +#define TPM_RCS_SCHEME TPM_RC_SCHEME +#define TPM_RCS_KEY TPM_RC_KEY +#define TPM_RCS_ECC_POINT TPM_RC_ECC_POINT +#define TPM_RCS_HASH TPM_RC_HASH +#define TPM_RCS_HIERARCHY TPM_RC_HIERARCHY +#define TPM_RCS_TICKET TPM_RC_TICKET +#define TPM_RCS_RANGE TPM_RC_RANGE +#define TPM_RCS_INTEGRITY TPM_RC_INTEGRITY +#define TPM_RCS_POLICY_CC TPM_RC_POLICY_CC +#define TPM_RCS_EXPIRED TPM_RC_EXPIRED + +#define RC_WARN 0x900 /* set for warning response codes */ + +#define TPM_RC_CONTEXT_GAP (RC_WARN + 0x001) /* gap for context ID is too large */ +#define TPM_RC_OBJECT_MEMORY (RC_WARN + 0x002) /* out of memory for object contexts */ +#define TPM_RC_SESSION_MEMORY (RC_WARN + 0x003) /* out of memory for session contexts */ +#define TPM_RC_MEMORY (RC_WARN + 0x004) /* out of shared object/session memory or + need space for internal operations */ +#define TPM_RC_SESSION_HANDLES (RC_WARN + 0x005) /* out of session handles - a session must + be flushed before a new session may be + created */ +#define TPM_RC_OBJECT_HANDLES (RC_WARN + 0x006) /* out of object handles - the handle space + for objects is depleted and a reboot is + required */ +#define TPM_RC_LOCALITY (RC_WARN + 0x007) /* bad locality */ +#define TPM_RC_YIELDED (RC_WARN + 0x008) /* the TPM has suspended operation on the + command; forward progress was made and + the command may be retried. */ +#define TPM_RC_CANCELED (RC_WARN + 0x009) /* the command was canceled */ +#define TPM_RC_CANCELLED TPM_RC_CANCELED +#define TPM_RC_TESTING (RC_WARN + 0x00A) /* TPM is performing self-tests */ +#define TPM_RC_REFERENCE_H0 (RC_WARN + 0x010) /* the 1st handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H1 (RC_WARN + 0x011) /* the 2nd handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H2 (RC_WARN + 0x012) /* the 3rd handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H3 (RC_WARN + 0x013) /* the 4th handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H4 (RC_WARN + 0x014) /* the 5th handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H5 (RC_WARN + 0x015) /* the 6th handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_H6 (RC_WARN + 0x016) /* the 7th handle in the handle area + references a transient object or session + that is not loaded */ +#define TPM_RC_REFERENCE_S0 (RC_WARN + 0x018) /* the 1st authorization session handle + references a session that is not + loaded */ +#define TPM_RC_REFERENCE_S1 (RC_WARN + 0x019) /* the 2nd authorization session handle + references a session that is not + loaded */ +#define TPM_RC_REFERENCE_S2 (RC_WARN + 0x01A) /* the 3rd authorization session handle + references a session that is not + loaded */ +#define TPM_RC_REFERENCE_S3 (RC_WARN + 0x01B) /* the 4th authorization session handle + references a session that is not + loaded */ +#define TPM_RC_REFERENCE_S4 (RC_WARN + 0x01C) /* the 5th session handle references a + session that is not loaded */ +#define TPM_RC_REFERENCE_S5 (RC_WARN + 0x01D) /* the 6th session handle references a session that is not loaded */ +#define TPM_RC_REFERENCE_S6 (RC_WARN + 0x01E) /* the 7th authorization session handle + references a session that is not + loaded */ +#define TPM_RC_NV_RATE (RC_WARN + 0x020) /* the TPM is rate-limiting accesses to prevent wearout of NV */ +#define TPM_RC_LOCKOUT (RC_WARN + 0x021) /* authorizations for objects subject to DA + protection are not allowed at this time + because the TPM is in DA lockout mode */ +#define TPM_RC_RETRY (RC_WARN + 0x022) /* the TPM was not able to start the command */ +#define TPM_RC_NV_UNAVAILABLE (RC_WARN + 0x023) /* the command may require writing of NV and + NV is not current accessible */ +#define TPM_RC_NOT_USED (RC_WARN + 0x07F) /* this value is reserved and shall not be returned by the TPM */ + +#define TPM_RC_H 0x000 /* add to a handle-related error */ +#define TPM_RC_P 0x040 /* add to a parameter-related error */ +#define TPM_RC_S 0x800 /* add to a session-related error */ +#define TPM_RC_1 0x100 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_2 0x200 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_3 0x300 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_4 0x400 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_5 0x500 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_6 0x600 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_7 0x700 /* add to a parameter-, handle-, or session-related error */ +#define TPM_RC_8 0x800 /* add to a parameter-related error */ +#define TPM_RC_9 0x900 /* add to a parameter-related error */ +#define TPM_RC_A 0xA00 /* add to a parameter-related error */ +#define TPM_RC_B 0xB00 /* add to a parameter-related error */ +#define TPM_RC_C 0xC00 /* add to a parameter-related error */ +#define TPM_RC_D 0xD00 /* add to a parameter-related error */ +#define TPM_RC_E 0xE00 /* add to a parameter-related error */ +#define TPM_RC_F 0xF00 /* add to a parameter-related error */ +#define TPM_RC_N_MASK 0xF00 /* number mask */ + +/* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ + +typedef INT8 TPM_CLOCK_ADJUST; + +#define TPM_CLOCK_COARSE_SLOWER -3 /* Slow the Clock update rate by one coarse adjustment step. */ +#define TPM_CLOCK_MEDIUM_SLOWER -2 /* Slow the Clock update rate by one medium adjustment step. */ +#define TPM_CLOCK_FINE_SLOWER -1 /* Slow the Clock update rate by one fine adjustment step. */ +#define TPM_CLOCK_NO_CHANGE 0 /* No change to the Clock update rate. */ +#define TPM_CLOCK_FINE_FASTER 1 /* Speed the Clock update rate by one fine adjustment step. */ +#define TPM_CLOCK_MEDIUM_FASTER 2 /* Speed the Clock update rate by one medium adjustment step. */ +#define TPM_CLOCK_COARSE_FASTER 3 /* Speed the Clock update rate by one coarse adjustment step. */ + +/* Table 18 - Definition of (UINT16) TPM_EO Constants */ + +typedef UINT16 TPM_EO; + +#define TPM_EO_EQ 0x0000 /* A = B */ +#define TPM_EO_NEQ 0x0001 /* A != B */ +#define TPM_EO_SIGNED_GT 0x0002 /* A > B signed */ +#define TPM_EO_UNSIGNED_GT 0x0003 /* A > B unsigned */ +#define TPM_EO_SIGNED_LT 0x0004 /* A < B signed */ +#define TPM_EO_UNSIGNED_LT 0x0005 /* A < B unsigned */ +#define TPM_EO_SIGNED_GE 0x0006 /* A = B signed */ +#define TPM_EO_UNSIGNED_GE 0x0007 /* A = B unsigned */ +#define TPM_EO_SIGNED_LE 0x0008 /* A = B signed */ +#define TPM_EO_UNSIGNED_LE 0x0009 /* A = B unsigned */ +#define TPM_EO_BITSET 0x000A /* All bits SET in B are SET in A. ((A&B)=B) */ +#define TPM_EO_BITCLEAR 0x000B /* All bits SET in B are CLEAR in A. ((A&B)=0) */ + +/* Table 19 - Definition of (UINT16) TPM_ST Constants */ + +typedef UINT16 TPM_ST; + +#define TPM_ST_RSP_COMMAND 0x00C4 /* tag value for a response */ +#define TPM_ST_NULL 0X8000 /* no structure type specified */ +#define TPM_ST_NO_SESSIONS 0x8001 /* command/response has no attached sessions*/ +#define TPM_ST_SESSIONS 0x8002 /* command/response has one or more attached sessions*/ +#define TPM_ST_ATTEST_NV 0x8014 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_COMMAND_AUDIT 0x8015 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_SESSION_AUDIT 0x8016 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_CERTIFY 0x8017 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_QUOTE 0x8018 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_TIME 0x8019 /* tag for an attestation structure */ +#define TPM_ST_ATTEST_CREATION 0x801A /* tag for an attestation structure */ +#define TPM_ST_ATTEST_NV_DIGEST 0x801C /* tag for an attestation structure */ +#define TPM_ST_CREATION 0x8021 /* tag for a ticket type */ +#define TPM_ST_VERIFIED 0x8022 /* tag for a ticket type */ +#define TPM_ST_AUTH_SECRET 0x8023 /* tag for a ticket type */ +#define TPM_ST_HASHCHECK 0x8024 /* tag for a ticket type */ +#define TPM_ST_AUTH_SIGNED 0x8025 /* tag for a ticket type */ +#define TPM_ST_FU_MANIFEST 0x8029 /* tag for a structure describing a Field Upgrade Policy */ + +/* Table 20 - Definition of (UINT16) TPM_SU Constants */ + +typedef UINT16 TPM_SU; + +#define TPM_SU_CLEAR 0x0000 /* on TPM2_Startup(), indicates that the TPM should perform TPM Reset or TPM Restart */ +#define TPM_SU_STATE 0x0001 /* on TPM2_Startup(), indicates that the TPM should restore the + state saved by TPM2_Shutdown(TPM_SU_STATE) */ +/* Table 21 - Definition of (UINT8) TPM_SE Constants */ + +typedef UINT8 TPM_SE; + +#define TPM_SE_HMAC 0x00 +#define TPM_SE_POLICY 0x01 +#define TPM_SE_TRIAL 0x03 + +/* Table 22 - Definition of (UINT32) TPM_CAP Constants */ + +typedef UINT32 TPM_CAP; + +#define TPM_CAP_FIRST 0x00000000 /* */ +#define TPM_CAP_ALGS 0x00000000 /* TPM_ALG_ID(1) TPML_ALG_PROPERTY */ +#define TPM_CAP_HANDLES 0x00000001 /* TPM_HANDLE TPML_HANDLE */ +#define TPM_CAP_COMMANDS 0x00000002 /* TPM_CC TPML_CCA */ +#define TPM_CAP_PP_COMMANDS 0x00000003 /* TPM_CC TPML_CC */ +#define TPM_CAP_AUDIT_COMMANDS 0x00000004 /* TPM_CC TPML_CC */ +#define TPM_CAP_PCRS 0x00000005 /* reserved TPML_PCR_SELECTION */ +#define TPM_CAP_TPM_PROPERTIES 0x00000006 /* TPM_PT TPML_TAGGED_TPM_PROPERTY */ +#define TPM_CAP_PCR_PROPERTIES 0x00000007 /* TPM_PT_PCR TPML_TAGGED_PCR_PROPERTY */ +#define TPM_CAP_ECC_CURVES 0x00000008 /* TPM_ECC_CURVE(1) TPML_ECC_CURVE */ +#define TPM_CAP_AUTH_POLICIES 0x00000009 /* TPML_TAGGED_POLICY */ +#define TPM_CAP_LAST 0x00000009 /* */ +#define TPM_CAP_VENDOR_PROPERTY 0x00000100 /* manufacturer specific manufacturer-specific values */ + +/* Table 23 - Definition of (UINT32) TPM_PT Constants */ + +typedef UINT32 TPM_PT; + +#define TPM_PT_NONE 0x00000000 /* indicates no property type */ +#define PT_GROUP 0x00000100 /* The number of properties in each group. */ +#define PT_FIXED (PT_GROUP * 1) /* the group of fixed properties returned as TPMS_TAGGED_PROPERTY */ + +/* The values in this group are only changed due to a firmware change in the TPM. */ + +#define TPM_PT_FAMILY_INDICATOR (PT_FIXED + 0) /* a 4-octet character string containing the + TPM Family value (TPM_SPEC_FAMILY) */ +#define TPM_PT_LEVEL (PT_FIXED + 1) /* the level of the specification */ +#define TPM_PT_REVISION (PT_FIXED + 2) /* the specification Revision times 100 */ +#define TPM_PT_DAY_OF_YEAR (PT_FIXED + 3) /* the specification day of year using TCG calendar */ +#define TPM_PT_YEAR (PT_FIXED + 4) /* the specification year using the CE */ +#define TPM_PT_MANUFACTURER (PT_FIXED + 5) /* the vendor ID unique to each TPM manufacturer */ +#define TPM_PT_VENDOR_STRING_1 (PT_FIXED + 6) /* the first four characters of the vendor ID string */ +#define TPM_PT_VENDOR_STRING_2 (PT_FIXED + 7) /* the second four characters of the vendor ID string */ +#define TPM_PT_VENDOR_STRING_3 (PT_FIXED + 8) /* the third four characters of the vendor ID string */ +#define TPM_PT_VENDOR_STRING_4 (PT_FIXED + 9) /* the fourth four characters of the vendor ID sting */ +#define TPM_PT_VENDOR_TPM_TYPE (PT_FIXED + 10) /* vendor-defined value indicating the TPM model */ +#define TPM_PT_FIRMWARE_VERSION_1 (PT_FIXED + 11) /* the most-significant 32 bits of a TPM + vendor-specific value indicating the + version number of the firmware */ +#define TPM_PT_FIRMWARE_VERSION_2 (PT_FIXED + 12) /* the least-significant 32 bits of a TPM + vendor-specific value indicating the + version number of the firmware */ +#define TPM_PT_INPUT_BUFFER (PT_FIXED + 13) /* the maximum size of a parameter + (typically, a TPM2B_MAX_BUFFER) */ +#define TPM_PT_HR_TRANSIENT_MIN (PT_FIXED + 14) /* the minimum number of transient objects + that can be held in TPM RAM */ +#define TPM_PT_HR_PERSISTENT_MIN (PT_FIXED + 15) /* the minimum number of persistent objects + that can be held in TPM NV memory */ +#define TPM_PT_HR_LOADED_MIN (PT_FIXED + 16) /* the minimum number of authorization + sessions that can be held in TPM RAM */ +#define TPM_PT_ACTIVE_SESSIONS_MAX (PT_FIXED + 17) /* the number of authorization sessions that + may be active at a time */ +#define TPM_PT_PCR_COUNT (PT_FIXED + 18) /* the number of PCR implemented */ +#define TPM_PT_PCR_SELECT_MIN (PT_FIXED + 19) /* the minimum number of octets in a + TPMS_PCR_SELECT.sizeOfSelect */ +#define TPM_PT_CONTEXT_GAP_MAX (PT_FIXED + 20) /* the maximum allowed difference (unsigned) + between the contextID values of two saved + session contexts */ +#define TPM_PT_NV_COUNTERS_MAX (PT_FIXED + 22) /* the maximum number of NV Indexes that are + allowed to have TPM_NV_COUNTER attribute SET */ +#define TPM_PT_NV_INDEX_MAX (PT_FIXED + 23) /* the maximum size of an NV Index data area */ +#define TPM_PT_MEMORY (PT_FIXED + 24) /* a TPMA_MEMORY indicating the memory + management method for the TPM */ +#define TPM_PT_CLOCK_UPDATE (PT_FIXED + 25) /* interval, in milliseconds, between + updates to the copy of + TPMS_CLOCK_INFO.clock in NV */ +#define TPM_PT_CONTEXT_HASH (PT_FIXED + 26) /* the algorithm used for the integrity HMAC + on saved contexts and for hashing the + fuData of TPM2_FirmwareRead() */ +#define TPM_PT_CONTEXT_SYM (PT_FIXED + 27) /* TPM_ALG_ID, the algorithm used for + encryption of saved contexts */ +#define TPM_PT_CONTEXT_SYM_SIZE (PT_FIXED + 28) /* TPM_KEY_BITS, the size of the key used + for encryption of saved contexts */ +#define TPM_PT_ORDERLY_COUNT (PT_FIXED + 29) /* the modulus - 1 of the count for NV + update of an orderly counter */ +#define TPM_PT_MAX_COMMAND_SIZE (PT_FIXED + 30) /* the maximum value for commandSize in a command */ +#define TPM_PT_MAX_RESPONSE_SIZE (PT_FIXED + 31) /* the maximum value for responseSize in a response */ +#define TPM_PT_MAX_DIGEST (PT_FIXED + 32) /* the maximum size of a digest that can be + produced by the TPM */ +#define TPM_PT_MAX_OBJECT_CONTEXT (PT_FIXED + 33) /* the maximum size of an object context + that will be returned by + TPM2_ContextSave */ +#define TPM_PT_MAX_SESSION_CONTEXT (PT_FIXED + 34) /* the maximum size of a session context + that will be returned by + TPM2_ContextSave */ +#define TPM_PT_PS_FAMILY_INDICATOR (PT_FIXED + 35) /* platform-specific family (a TPM_PS + value)(see Table 26) */ +#define TPM_PT_PS_LEVEL (PT_FIXED + 36) /* the level of the platform-specific specification */ +#define TPM_PT_PS_REVISION (PT_FIXED + 37) /* the specification Revision times 100 for + the platform-specific specification */ +#define TPM_PT_PS_DAY_OF_YEAR (PT_FIXED + 38) /* the platform-specific specification day + of year using TCG calendar */ +#define TPM_PT_PS_YEAR (PT_FIXED + 39) /* the platform-specific specification year + using the CE */ +#define TPM_PT_SPLIT_MAX (PT_FIXED + 40) /* the number of split signing operations + supported by the TPM */ +#define TPM_PT_TOTAL_COMMANDS (PT_FIXED + 41) /* total number of commands implemented in the TPM */ +#define TPM_PT_LIBRARY_COMMANDS (PT_FIXED + 42) /* number of commands from the TPM library + that are implemented */ +#define TPM_PT_VENDOR_COMMANDS (PT_FIXED + 43) /* number of vendor commands that are implemented */ +#define TPM_PT_NV_BUFFER_MAX (PT_FIXED + 44) /* the maximum data size in one NV write command */ +#define TPM_PT_MODES (PT_FIXED + 45) /* a TPMA_MODES value, indicating that the + TPM is designed for these modes. */ +#define TPM_PT_MAX_CAP_BUFFER (PT_FIXED + 46) /* the maximum size of a + TPMS_CAPABILITY_DATA structure returned + in TPM2_GetCapability(). */ +#define PT_VAR (PT_GROUP * 2) /* the group of variable properties returned + as TPMS_TAGGED_PROPERTY */ + +/* The properties in this group change because of a Protected Capability other than a firmware + update. The values are not necessarily persistent across all power transitions. */ + +#define TPM_PT_PERMANENT (PT_VAR + 0) /* TPMA_PERMANENT */ +#define TPM_PT_STARTUP_CLEAR (PT_VAR + 1) /* TPMA_STARTUP_CLEAR */ +#define TPM_PT_HR_NV_INDEX (PT_VAR + 2) /* the number of NV Indexes currently defined */ +#define TPM_PT_HR_LOADED (PT_VAR + 3) /* the number of authorization sessions + currently loaded into TPM RAM */ +#define TPM_PT_HR_LOADED_AVAIL (PT_VAR + 4) /* the number of additional authorization + sessions, of any type, that could be + loaded into TPM RAM */ +#define TPM_PT_HR_ACTIVE (PT_VAR + 5) /* the number of active authorization + sessions currently being tracked by the + TPM */ +#define TPM_PT_HR_ACTIVE_AVAIL (PT_VAR + 6) /* the number of additional authorization + sessions, of any type, that could be + created */ +#define TPM_PT_HR_TRANSIENT_AVAIL (PT_VAR + 7) /* estimate of the number of additional + transient objects that could be loaded + into TPM RAM */ +#define TPM_PT_HR_PERSISTENT (PT_VAR + 8) /* the number of persistent objects + currently loaded into TPM NV memory */ +#define TPM_PT_HR_PERSISTENT_AVAIL (PT_VAR + 9) /* the number of additional persistent + objects that could be loaded into NV + memory */ +#define TPM_PT_NV_COUNTERS (PT_VAR + 10) /* the number of defined NV Indexes that + have the NV TPM_NV_COUNTER attribute SET */ +#define TPM_PT_NV_COUNTERS_AVAIL (PT_VAR + 11) /* the number of additional NV Indexes that + can be defined with their TPM_NT of TPM_NV_COUNTER + and the TPM_NV_ORDERLY attribute SET */ +#define TPM_PT_ALGORITHM_SET (PT_VAR + 12) /* code that limits the algorithms that may + be used with the TPM */ +#define TPM_PT_LOADED_CURVES (PT_VAR + 13) /* the number of loaded ECC curves */ +#define TPM_PT_LOCKOUT_COUNTER (PT_VAR + 14) /* the current value of the lockout counter (failedTries) */ +#define TPM_PT_MAX_AUTH_FAIL (PT_VAR + 15) /* the number of authorization failures + before DA lockout is invoked */ +#define TPM_PT_LOCKOUT_INTERVAL (PT_VAR + 16) /* the number of seconds before the value + reported by TPM_PT_LOCKOUT_COUNTER is + decremented */ +#define TPM_PT_LOCKOUT_RECOVERY (PT_VAR + 17) /* the number of seconds after a lockoutAuth + failure before use of lockoutAuth may be + attempted again */ +#define TPM_PT_NV_WRITE_RECOVERY (PT_VAR + 18) /* number of milliseconds before the TPM + will accept another command that will + modify NV */ +#define TPM_PT_AUDIT_COUNTER_0 (PT_VAR + 19) /* the high-order 32 bits of the command audit counter */ +#define TPM_PT_AUDIT_COUNTER_1 (PT_VAR + 20) /* the low-order 32 bits of the command audit counter */ + +/* Table 24 - Definition of (UINT32) TPM_PT_PCR Constants */ + +typedef UINT32 TPM_PT_PCR; + +#define TPM_PT_PCR_FIRST 0x00000000 /* bottom of the range of TPM_PT_PCR properties */ +#define TPM_PT_PCR_SAVE 0x00000000 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR is saved and restored by TPM_SU_STATE */ +#define TPM_PT_PCR_EXTEND_L0 0x00000001 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be extended from locality 0 */ +#define TPM_PT_PCR_RESET_L0 0x00000002 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 0 */ +#define TPM_PT_PCR_EXTEND_L1 0x00000003 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be extended from locality 1 */ +#define TPM_PT_PCR_RESET_L1 0x00000004 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 1 */ +#define TPM_PT_PCR_EXTEND_L2 0x00000005 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be extended from locality 2 */ +#define TPM_PT_PCR_RESET_L2 0x00000006 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 2 */ +#define TPM_PT_PCR_EXTEND_L3 0x00000007 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be extended from locality 3 */ +#define TPM_PT_PCR_RESET_L3 0x00000008 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 3 */ +#define TPM_PT_PCR_EXTEND_L4 0x00000009 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be extended from locality 4 */ +#define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 4 */ +#define TPM_PT_PCR_NO_INCREMENT 0x00000011 /* a SET bit in the TPMS_PCR_SELECT indicates that + modifications to this PCR (reset or Extend) will + not increment the pcrUpdateCounter */ +#define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR may be reset by TPM2_PCR_Reset() from + locality 4 */ +#define TPM_PT_PCR_DRTM_RESET 0x00000012 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR is reset by a DRTM event */ +#define TPM_PT_PCR_POLICY 0x00000013 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR is controlled by policy */ +#define TPM_PT_PCR_AUTH 0x00000014 /* a SET bit in the TPMS_PCR_SELECT indicates that + the PCR is controlled by an authorization + value */ +#define TPM_PT_PCR_LAST 0x00000014 /* top of the range of TPM_PT_PCR properties of the + implementation */ + +/* Table 25 - Definition of (UINT32) TPM_PS Constants */ + +typedef UINT32 TPM_PS; + +#define TPM_PS_MAIN 0x00000000 /* not platform specific */ +#define TPM_PS_PC 0x00000001 /* PC Client */ +#define TPM_PS_PDA 0x00000002 /* PDA (includes all mobile devices that are not + specifically cell phones) */ +#define TPM_PS_CELL_PHONE 0x00000003 /* Cell Phone */ +#define TPM_PS_SERVER 0x00000004 /* Server WG */ +#define TPM_PS_PERIPHERAL 0x00000005 /* Peripheral WG */ +#define TPM_PS_TSS 0x00000006 /* TSS WG */ +#define TPM_PS_STORAGE 0x00000007 /* Storage WG */ +#define TPM_PS_AUTHENTICATION 0x00000008 /* Authentication WG */ +#define TPM_PS_EMBEDDED 0x00000009 /* Embedded WG */ +#define TPM_PS_HARDCOPY 0x0000000A /* Hardcopy WG */ +#define TPM_PS_INFRASTRUCTURE 0x0000000B /* Infrastructure WG */ +#define TPM_PS_VIRTUALIZATION 0x0000000C /* Virtualization WG */ +#define TPM_PS_TNC 0x0000000D /* Trusted Network Connect WG */ +#define TPM_PS_MULTI_TENANT 0x0000000E /* Multi-tenant WG */ +#define TPM_PS_TC 0x0000000F /* Technical Committee*/ + +/* Table 26 - Definition of Types for Handles */ + +typedef UINT32 TPM_HANDLE; /* Handles may refer to objects (keys or data blobs), authorization + sessions (HMAC and policy), NV Indexes, permanent TPM locations, + and PCR. */ + +/* Table 27 - Definition of (UINT8) TPM_HT Constants */ + +typedef UINT8 TPM_HT; + +#define TPM_HT_PCR 0x00 /* PCR - consecutive numbers, starting at 0, that reference the PCR registers */ +#define TPM_HT_NV_INDEX 0x01 /* NV Index - assigned by the caller */ +#define TPM_HT_HMAC_SESSION 0x02 /* HMAC Authorization Session - assigned by the TPM when the session is created */ +#define TPM_HT_LOADED_SESSION 0x02 /* Loaded Authorization Session - used only in the context of TPM2_GetCapability */ +#define TPM_HT_POLICY_SESSION 0x03 /* Policy Authorization Session - assigned by the TPM when the session is created */ +#define TPM_HT_SAVED_SESSION 0x03 /* Saved Authorization Session - used only in the context of TPM2_GetCapability */ +#define TPM_HT_PERMANENT 0x40 /* Permanent Values - assigned by this specification in Table 27 */ +#define TPM_HT_TRANSIENT 0x80 /* Transient Objects - assigned by the TPM when an object is + loaded into transient-object memory or when a persistent + object is converted to a transient object */ +#define TPM_HT_PERSISTENT 0x81 /* Persistent Objects - assigned by the TPM when a loaded + transient object is made persistent */ + +/* Table 28 - Definition of (TPM_HANDLE) TPM_RH Constants */ + +typedef TPM_HANDLE TPM_RH; + +#define TPM_RH_FIRST 0x40000000 /* R */ +#define TPM_RH_SRK 0x40000000 /* R not used1 */ +#define TPM_RH_OWNER 0x40000001 /* K, A, P handle references the Storage Primary + Seed (SPS), the ownerAuth, and the ownerPolicy */ +#define TPM_RH_REVOKE 0x40000002 /* R not used1 */ +#define TPM_RH_TRANSPORT 0x40000003 /* R not used1 */ +#define TPM_RH_OPERATOR 0x40000004 /* R not used1 */ +#define TPM_RH_ADMIN 0x40000005 /* R not used1 */ +#define TPM_RH_EK 0x40000006 /* R not used1 */ +#define TPM_RH_NULL 0x40000007 /* K, A, P a handle associated with the null + hierarchy, an EmptyAuth authValue, and an Empty + Policy authPolicy. */ +#define TPM_RH_UNASSIGNED 0x40000008 /* R value reserved to the TPM to indicate a handle + location that has not been initialized or + assigned */ +#define TPM_RS_PW 0x40000009 /* S authorization value used to indicate a password + authorization session */ +#define TPM_RH_LOCKOUT 0x4000000A /* A references the authorization associated with + the dictionary attack lockout reset */ +#define TPM_RH_ENDORSEMENT 0x4000000B /* K, A, P references the Endorsement Primary Seed + (EPS), endorsementAuth, and endorsementPolicy */ +#define TPM_RH_PLATFORM 0x4000000C /* K, A, P references the Platform Primary Seed + (PPS), platformAuth, and platformPolicy */ +#define TPM_RH_PLATFORM_NV 0x4000000D /* C for phEnableNV */ +#define TPM_RH_AUTH_00 0x40000010 /* A Start of a range of authorization values that + are vendor-specific. A TPM may support any of + the values in this range as are needed for + vendor-specific purposes. Disabled if ehEnable is CLEAR. */ +#define TPM_RH_AUTH_FF 0x4000010F /* A End of the range of vendor-specific + authorization values. */ +#define TPM_RH_LAST 0x4000010F /* R the top of the reserved handle area */ + +/* Table 29 - Definition of (TPM_HANDLE) TPM_HC Constants */ + +typedef TPM_HANDLE TPM_HC; +#define HR_HANDLE_MASK 0x00FFFFFF /* to mask off the HR */ +#define HR_RANGE_MASK 0xFF000000 /* to mask off the variable part */ +#define HR_SHIFT 24 +#define HR_PCR ((TPM_HT_PCR) << HR_SHIFT) +#define HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT) +#define HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT) +#define HR_TRANSIENT (TPM_HC)((((UINT32)TPM_HT_TRANSIENT) << HR_SHIFT)) +#define HR_PERSISTENT (TPM_HC)((((UINT32)TPM_HT_PERSISTENT) << HR_SHIFT)) +#define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT) +#define HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT) +#define PCR_FIRST (HR_PCR + 0) /* first PCR */ +#define PCR_LAST (HR_PCR | HR_HANDLE_MASK) /* last PCR in range */ +#define HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0) /* first HMAC session */ +#define HMAC_SESSION_LAST (HMAC_SESSION_FIRST | HR_HANDLE_MASK) /* last HMAC session */ +#define LOADED_SESSION_FIRST HMAC_SESSION_FIRST /* used in GetCapability */ +#define LOADED_SESSION_LAST HMAC_SESSION_LAST /* used in GetCapability */ +#define POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0) /* first policy session */ +#define POLICY_SESSION_LAST (POLICY_SESSION_FIRST | HR_HANDLE_MASK) /* last policy session */ +#define TRANSIENT_FIRST ((UINT32)(HR_TRANSIENT + 0)) /* first transient object */ +#define ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST /* used in GetCapability */ +#define ACTIVE_SESSION_LAST POLICY_SESSION_LAST /* used in GetCapability */ +#define TRANSIENT_LAST ((UINT32)(TRANSIENT_FIRST | HR_HANDLE_MASK)) /* last transient object */ +#define PERSISTENT_FIRST ((UINT32)(HR_PERSISTENT + 0)) /* first persistent object */ +#define PERSISTENT_LAST ((UINT32)(PERSISTENT_FIRST | HR_HANDLE_MASK)) /* last persistent object */ +#define PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000) /* first platform persistent object */ +#define NV_INDEX_FIRST (HR_NV_INDEX + 0) /* first allowed NV Index */ +#define NV_INDEX_LAST (NV_INDEX_FIRST | HR_HANDLE_MASK) /* last allowed NV Index */ +#define PERMANENT_FIRST TPM_RH_FIRST +#define PERMANENT_LAST TPM_RH_LAST + +/* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ + unsigned int symmetric : 1; /* 1 a symmetric block cipher */ + unsigned int hash : 1; /* a hash algorithm */ + unsigned int object : 1; /* an algorithm that may be used as an object type */ + unsigned int Reserved1 : 4; /* 7:4 */ + unsigned int signing : 1; /* 8 a signing algorithm */ + unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ + unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ + unsigned int Reserved2 : 21; /* 31:11 */ + }; + UINT32 val; +} TPMA_ALGORITHM; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Reserved2 : 21; /* 31:11 */ + unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ + unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ + unsigned int signing : 1; /* 8 a signing algorithm */ + unsigned int Reserved1 : 4; /* 7:4 */ + unsigned int object : 1; /* an algorithm that may be used as an object type */ + unsigned int hash : 1; /* a hash algorithm */ + unsigned int symmetric : 1; /* 1 a symmetric block cipher */ + unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ + }; + UINT32 val; +} TPMA_ALGORITHM; + +#else + +typedef struct { + UINT32 val; +} TPMA_ALGORITHM; + +#endif + +#define TPMA_ALGORITHM_ASYMMETRIC 0x00000001 +#define TPMA_ALGORITHM_SYMMETRIC 0x00000002 +#define TPMA_ALGORITHM_HASH 0x00000004 +#define TPMA_ALGORITHM_OBJECT 0x00000008 +#define TPMA_ALGORITHM_RESERVED1 0x000000f0 +#define TPMA_ALGORITHM_SIGNING 0x00000100 +#define TPMA_ALGORITHM_ENCRYPTING 0x00000200 +#define TPMA_ALGORITHM_METHOD 0x00000400 +#define TPMA_ALGORITHM_RESERVED2 0xfffff800 + +#define TPMA_ALGORITHM_RESERVED ( \ + TPMA_ALGORITHM_RESERVED1 | \ + TPMA_ALGORITHM_RESERVED2 ) + +/* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int Reserved1 : 1; /* 0 shall be zero */ + unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ + unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ + unsigned int Reserved2 : 1; /* 3 shall be zero */ + unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ + unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ + unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ + unsigned int adminWithPolicy : 1; /* 7 policy session. */ + unsigned int Reserved3 : 2; /* 9:8 shall be zero */ + unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ + unsigned int encryptedDuplication : 1; /* 11 */ + unsigned int Reserved4 : 4; /* 15:12 shall be zero */ + unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ + unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ + unsigned int sign : 1; /* 18 For a symmetric cipher object, the private + portion of the key may be used to encrypt. For + other objects, the private portion of the key may + be used to sign. */ + unsigned int Reserved5 : 13; /* 31:19 shall be zero */ + }; + UINT32 val; +} TPMA_OBJECT; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Reserved5 : 13; /* 31:19 shall be zero */ + unsigned int sign : 1; /* 18 For a symmetric cipher object, the private + portion of the key may be used to encrypt. For + other objects, the private portion of the key may + be used to sign. */ + unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ + unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ + unsigned int Reserved4 : 4; /* 15:12 shall be zero */ + unsigned int encryptedDuplication : 1; /* 11 */ + unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ + unsigned int Reserved3 : 2; /* 9:8 shall be zero */ + unsigned int adminWithPolicy : 1; /* 7 policy session. */ + unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ + unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ + unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ + unsigned int Reserved2 : 1; /* 3 shall be zero */ + unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ + unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ + unsigned int Reserved1 : 1; /* 0 shall be zero */ + }; + UINT32 val; +} TPMA_OBJECT; + +#else + +typedef struct { + UINT32 val; +} TPMA_OBJECT; + +#endif + +#define TPMA_OBJECT_RESERVED1 0x00000001 +#define TPMA_OBJECT_FIXEDTPM 0x00000002 +#define TPMA_OBJECT_STCLEAR 0x00000004 +#define TPMA_OBJECT_RESERVED2 0x00000008 +#define TPMA_OBJECT_FIXEDPARENT 0x00000010 +#define TPMA_OBJECT_SENSITIVEDATAORIGIN 0x00000020 +#define TPMA_OBJECT_USERWITHAUTH 0x00000040 +#define TPMA_OBJECT_ADMINWITHPOLICY 0x00000080 +#define TPMA_OBJECT_RESERVED3 0x00000300 +#define TPMA_OBJECT_NODA 0x00000400 +#define TPMA_OBJECT_ENCRYPTEDDUPLICATION 0x00000800 +#define TPMA_OBJECT_RESERVED4 0x0000f000 +#define TPMA_OBJECT_RESTRICTED 0x00010000 +#define TPMA_OBJECT_DECRYPT 0x00020000 +#define TPMA_OBJECT_SIGN 0x00040000 +#define TPMA_OBJECT_RESERVED5 0xfff80000 + +#define TPMA_OBJECT_RESERVED ( \ + TPMA_OBJECT_RESERVED1 | \ + TPMA_OBJECT_RESERVED2 | \ + TPMA_OBJECT_RESERVED3 | \ + TPMA_OBJECT_RESERVED4 | \ + TPMA_OBJECT_RESERVED5 ) + +/* Table 32 - Definition of (UINT8) TPMA_SESSION Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ + unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ + unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ + unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ + unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ + unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ + unsigned int audit : 1; /* 7 session is for audit */ + }; + UINT8 val; +} TPMA_SESSION; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int audit : 1; /* 7 session is for audit */ + unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ + unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ + unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ + unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ + unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ + unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ + }; + UINT8 val; +} TPMA_SESSION; + +#else + +typedef struct { + UINT8 val; +} TPMA_SESSION; + +#endif + +#define TPMA_SESSION_CONTINUESESSION 0x01 +#define TPMA_SESSION_AUDITEXCLUSIVE 0x02 +#define TPMA_SESSION_AUDITRESET 0x04 +#define TPMA_SESSION_DECRYPT 0x20 +#define TPMA_SESSION_ENCRYPT 0x40 +#define TPMA_SESSION_AUDIT 0x80 + +#define TPMA_SESSION_RESERVED 0x18 + +/* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int TPM_LOC_ZERO : 1; /* 0 */ + unsigned int TPM_LOC_ONE : 1; /* 1 */ + unsigned int TPM_LOC_TWO : 1; /* 2 */ + unsigned int TPM_LOC_THREE : 1; /* 3 */ + unsigned int TPM_LOC_FOUR : 1; /* 4 */ + unsigned int Extended : 3; /* 7:5 */ + }; + UINT8 val; +} TPMA_LOCALITY; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Extended : 3; /* 7:5 */ + unsigned int TPM_LOC_FOUR : 1; /* 4 */ + unsigned int TPM_LOC_THREE : 1; /* 3 */ + unsigned int TPM_LOC_TWO : 1; /* 2 */ + unsigned int TPM_LOC_ONE : 1; /* 1 */ + unsigned int TPM_LOC_ZERO : 1; /* 0 */ + }; + UINT8 val; +} TPMA_LOCALITY; + +#else + +typedef struct { + UINT8 val; +} TPMA_LOCALITY; + +#endif + +#define TPMA_LOCALITY_ZERO 0x01 +#define TPMA_LOCALITY_ONE 0x02 +#define TPMA_LOCALITY_TWO 0x04 +#define TPMA_LOCALITY_THREE 0x08 +#define TPMA_LOCALITY_FOUR 0x10 +#define TPMA_LOCALITY_EXTENDED 0xe0 + +/* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ + unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ + unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ + unsigned int Reserved1 : 5; /* 7:3 */ + unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ + unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization + with other than Platform Authorization or Lockout Authorization will not succeed. */ + unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ + unsigned int Reserved2 : 21; /* 31:11 */ + }; + UINT32 val; +} TPMA_PERMANENT; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Reserved2 : 21; /* 31:11 */ + unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ + unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization with other than Platform Authorization will not succeed. */ + unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ + unsigned int Reserved1 : 5; /* 7:3 */ + unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ + unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ + unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ + }; + UINT32 val; +} TPMA_PERMANENT; + +#else + +typedef struct { + UINT32 val; +} TPMA_PERMANENT; + +#endif + +#define TPMA_PERMANENT_OWNERAUTHSET 0x00000001 +#define TPMA_PERMANENT_ENDORSEMENTAUTHSET 0x00000002 +#define TPMA_PERMANENT_LOCKOUTAUTHSET 0x00000004 +#define TPMA_PERMANENT_RESERVED1 0x000000f8 +#define TPMA_PERMANENT_DISABLECLEAR 0x00000100 +#define TPMA_PERMANENT_INLOCKOUT 0x00000200 +#define TPMA_PERMANENT_TPMGENERATEDEPS 0x00000400 +#define TPMA_PERMANENT_RESERVED2 0xfffff800 + +/* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ + unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ + unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ + unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ + unsigned int Reserved : 27; /* 30:4 shall be zero */ + unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ + }; + UINT32 val; +} TPMA_STARTUP_CLEAR; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ + unsigned int Reserved : 27; /* 30:4 shall be zero */ + unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ + unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ + unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ + unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ + }; + UINT32 val; +} TPMA_STARTUP_CLEAR; + +#else + +typedef struct { + UINT32 val; +} TPMA_STARTUP_CLEAR; + +#endif + +#define TPMA_STARTUP_CLEAR_PHENABLE 0x00000001 +#define TPMA_STARTUP_CLEAR_SHENABLE 0x00000002 +#define TPMA_STARTUP_CLEAR_EHENABLE 0x00000004 +#define TPMA_STARTUP_CLEAR_PHENABLENV 0x00000008 +#define TPMA_STARTUP_CLEAR_RESERVED 0x7ffffff0 +#define TPMA_STARTUP_CLEAR_ORDERLY 0x80000000 + +/* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ + unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ + unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ + unsigned int Reserved : 29; /* 31:3 shall be zero */ + }; + UINT32 val; +} TPMA_MEMORY; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Reserved : 29; /* 31:3 shall be zero */ + unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ + unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ + unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ + }; + UINT32 val; +} TPMA_MEMORY; + +#else + +typedef struct { + UINT32 val; +} TPMA_MEMORY; + +#endif + +#define TPMA_MEMORY_SHAREDRAM 0x00000001 +#define TPMA_MEMORY_SHAREDNV 0x00000002 +#define TPMA_MEMORY_OBJECTCOPIEDTORAM 0x00000004 +#define TPMA_MEMORY_RESERVED 0xfffffff8 + +/* Table 37 - Definition of (TPM_CC) TPMA_CC Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ + unsigned int Reserved : 6; /* 21:16 shall be zero */ + unsigned int nv : 1; /* 22 indicates that the command may write to NV */ + unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ + unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ + unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ + unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ + unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ + unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ + }; + UINT32 val; +} TPMA_CC; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ + unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ + unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ + unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ + unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ + unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ + unsigned int nv : 1; /* 22 indicates that the command may write to NV */ + unsigned int Reserved : 6; /* 21:16 shall be zero */ + unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ + }; + UINT32 val; +} TPMA_CC; + +#else + +typedef union { + struct { + UINT32 val; + }; +} TPMA_CC; + +#endif + +#define TPMA_CC_COMMANDINDEX 0x0000ffff +#define TPMA_CC_RESERVED1 0x003f0000 +#define TPMA_CC_NV 0x00400000 +#define TPMA_CC_EXTENSIVE 0x00800000 +#define TPMA_CC_FLUSHED 0x01000000 +#define TPMA_CC_CHANDLES 0x0e000000 +#define TPMA_CC_RHANDLE 0x10000000 +#define TPMA_CC_V 0x20000000 +#define TPMA_CC_RES 0xc0000000 +#define TPMA_CC_RESERVED (0x003f0000 | 0xc0000000) + + /* Table 38 - Definition of (UINT32) TPMA_MODES Bits */ + +#if defined TPM_BITFIELD_LE + + typedef union { + struct { + unsigned int FIPS_140_2 : 1; /* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */ + unsigned int Reserved : 31; /* 31:1 shall be zero */ + }; + UINT32 val; + } TPMA_MODES; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int Reserved : 31; /* 31:1 shall be zero */ + unsigned int FIPS_140_2 : 1; /* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */ + }; + UINT32 val; +} TPMA_MODES; + +#else + + typedef struct { + UINT32 val; + } TPMA_MODES; + +#endif + +#define TPMA_MODES_FIPS_140_2 0x00000001 + +/* Table 38 - Definition of (BYTE) TPMI_YES_NO Type */ + +typedef BYTE TPMI_YES_NO; + +#define NO 0 +#define YES 1 + +/* Table 39 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ + +typedef TPM_HANDLE TPMI_DH_OBJECT; + +/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PARENT Type */ + +typedef TPM_HANDLE TPMI_DH_PARENT; + +/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ + +typedef TPM_HANDLE TPMI_DH_PERSISTENT; + +/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ + +typedef TPM_HANDLE TPMI_DH_ENTITY; + +/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ + +typedef TPM_HANDLE TPMI_DH_PCR; + +/* Table 43 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ + +typedef TPM_HANDLE TPMI_SH_AUTH_SESSION; + +/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ + +typedef TPM_HANDLE TPMI_SH_HMAC; + +/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ + +typedef TPM_HANDLE TPMI_SH_POLICY; + +/* Table 46 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ + +typedef TPM_HANDLE TPMI_DH_CONTEXT; + +/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type */ + +typedef TPM_HANDLE TPMI_DH_SAVED; + +/* Table 47 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ + +typedef TPM_HANDLE TPMI_RH_HIERARCHY; + +/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ + +typedef TPM_HANDLE TPMI_RH_ENABLES; + +/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ + +typedef TPM_HANDLE TPMI_RH_HIERARCHY_AUTH; + +/* Table 2:55 - Definition of TPMI_RH_HIERARCHY_POLICY Type */ + +typedef TPM_HANDLE TPMI_RH_HIERARCHY_POLICY; + +/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ + +typedef TPM_HANDLE TPMI_RH_PLATFORM; + +/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_OWNER Type */ + +typedef TPM_HANDLE TPMI_RH_OWNER; + +/* Table 52 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ + +typedef TPM_HANDLE TPMI_RH_ENDORSEMENT; + +/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ + +typedef TPM_HANDLE TPMI_RH_PROVISION; + +/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ + +typedef TPM_HANDLE TPMI_RH_CLEAR; + +/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ + +typedef TPM_HANDLE TPMI_RH_NV_AUTH; + +/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ + +typedef TPM_HANDLE TPMI_RH_LOCKOUT; + +/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ + +typedef TPM_HANDLE TPMI_RH_NV_INDEX; + +/* Table 58 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + +typedef TPM_ALG_ID TPMI_ALG_HASH; + +/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type */ + +typedef TPM_ALG_ID TPMI_ALG_ASYM; + +/* Table 60 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ + +typedef TPM_ALG_ID TPMI_ALG_SYM; + +/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ + +typedef TPM_ALG_ID TPMI_ALG_SYM_OBJECT; + +/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ + +typedef TPM_ALG_ID TPMI_ALG_SYM_MODE; + +/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + +typedef TPM_ALG_ID TPMI_ALG_KDF; + +/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ + +typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME; + +/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ + +typedef TPM_ALG_ID TPMI_ECC_KEY_EXCHANGE; + +/* Table 66 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ + +typedef TPM_ST TPMI_ST_COMMAND_TAG; + +/* Table 71 - Definition of (TPM_ALG_ID) TPMI_ALG_MAC_SCHEME Type */ + +typedef TPM_ALG_ID TPMI_ALG_MAC_SCHEME; + +/* Table 72 - Definition of (TPM_ALG_ID) TPMI_ALG_CIPHER_MODE Type */ + +typedef TPM_ALG_ID TPMI_ALG_CIPHER_MODE; + +/* Table 67 - Definition of TPMS_EMPTY Structure */ + +typedef struct { + /* a structure with no member */ + BYTE empty[0]; +} TPMS_EMPTY; + +/* Table 68 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure */ +typedef struct { + TPM_ALG_ID alg; /* an algorithm */ + TPMA_ALGORITHM attributes; /* the attributes of the algorithm */ +} TPMS_ALGORITHM_DESCRIPTION; + +/* Table 69 - Definition of TPMU_HA Union */ + +typedef union { + BYTE sha1 [SHA1_DIGEST_SIZE]; /* TPM_ALG_SHA1 */ + BYTE sha256 [SHA256_DIGEST_SIZE]; /* TPM_ALG_SHA256 */ + BYTE sha384 [SHA384_DIGEST_SIZE]; /* TPM_ALG_SHA384 */ + BYTE sha512 [SHA512_DIGEST_SIZE]; /* TPM_ALG_SHA512 */ + BYTE sm3_256 [SM3_256_DIGEST_SIZE]; /* TPM_ALG_SM3_256 */ + BYTE tssmax [128]; /* to make union size larger */ + +} TPMU_HA; + +/* legacy, better to use (sizeof(TPMU_HA) */ + +#define MAX_DIGEST_SIZE (sizeof(TPMU_HA)) + +/* Table 70 - Definition of TPMT_HA Structure */ + +typedef struct { + TPMI_ALG_HASH hashAlg; /* selector of the hash contained in the digest that implies the size of the digest */ + TPMU_HA digest; /* the digest data */ +} TPMT_HA; + +/* Table 71 - Definition of TPM2B_DIGEST Structure */ + +typedef struct { + UINT16 size; + BYTE buffer[sizeof(TPMU_HA)]; +} DIGEST_2B; + +typedef union { + DIGEST_2B t; + TPM2B b; +} TPM2B_DIGEST; + +/* Table 72 - Definition of TPM2B_DATA Structure */ + +typedef struct { + UINT16 size; /* size in octets of the buffer field; may be 0 */ + BYTE buffer[sizeof(TPMT_HA)]; +} DATA_2B; + +typedef union { + DATA_2B t; + TPM2B b; +} TPM2B_DATA; + +/* Table 73 - Definition of Types for TPM2B_NONCE */ + +typedef TPM2B_DIGEST TPM2B_NONCE; /* size limited to the same as the digest structure */ + +/* Table 74 - Definition of Types for TPM2B_AUTH */ + +typedef TPM2B_DIGEST TPM2B_AUTH; /* size limited to the same as the digest structure */ + +/* This is not in Part 2, but the concatenation of two digests to create an HMAC key is used often + enough that it's worth putting in a central location. + + In Part 1 19.6.8 sessionKey Creation - authValue || salt. + In Part 1 19.6.5 HMAC Computation - sessionKey || authValue + + I think both could be TPMU_HA, but the TPM reference code seems to use TPMT_HA. +*/ + +typedef struct { + UINT16 size; + BYTE buffer[sizeof(TPMU_HA) + /* TPM2B_AUTH authValue */ + sizeof(TPMT_HA)]; /* salt */ +} KEY_2B; + +typedef union { + KEY_2B t; + TPM2B b; +} TPM2B_KEY; + +/* Table 75 - Definition of Types for TPM2B_OPERAND */ + +typedef TPM2B_DIGEST TPM2B_OPERAND; /* size limited to the same as the digest structure */ + +/* Table 76 - Definition of TPM2B_EVENT Structure */ + +typedef struct { + UINT16 size; /* size of the operand */ + BYTE buffer [1024]; /* the operand */ +} EVENT_2B; + +typedef union { + EVENT_2B t; + TPM2B b; +} TPM2B_EVENT; + +/* Table 77 - Definition of TPM2B_MAX_BUFFER Structure */ + +/* MAX_DIGEST_BUFFER is TPM-dependent but is required to be at least 1,024. */ + +typedef struct { + UINT16 size; /* size of the buffer */ + BYTE buffer [MAX_DIGEST_BUFFER]; /* the operand */ +} MAX_BUFFER_2B; + +typedef union { + MAX_BUFFER_2B t; + TPM2B b; +} TPM2B_MAX_BUFFER; + +/* Table 78 - Definition of TPM2B_MAX_NV_BUFFER Structure */ + +typedef struct { + UINT16 size; /* size of the buffer */ + BYTE buffer [MAX_NV_BUFFER_SIZE]; /* the operand */ +} MAX_NV_BUFFER_2B; + +typedef union { + MAX_NV_BUFFER_2B t; + TPM2B b; +} TPM2B_MAX_NV_BUFFER; + +/* Table 79 - Definition of TPM2B_TIMEOUT Structure */ + +typedef TPM2B_DIGEST TPM2B_TIMEOUT; /* size limited to the same as the digest structure */ + +/* Table 80 - Definition of TPM2B_IV Structure */ + +typedef struct { + UINT16 size; /* size of the IV value */ + BYTE buffer [MAX_SYM_BLOCK_SIZE]; /* the IV value */ +} IV_2B; + +typedef union { + IV_2B t; + TPM2B b; +} TPM2B_IV; + +/* Table 81 - Definition of TPMU_NAME Union <> */ + +typedef union { + TPMT_HA digest; /* when the Name is a digest */ + TPM_HANDLE handle; /* when the Name is a handle */ +} TPMU_NAME; + +/* Table 82 - Definition of TPM2B_NAME Structure */ + +typedef struct { + UINT16 size; /* size of the Name structure */ + BYTE name[sizeof(TPMU_NAME)]; /* the Name structure */ +} NAME_2B; + +typedef union { + NAME_2B t; + TPM2B b; +} TPM2B_NAME; + +/* Table 83 - Definition of TPMS_PCR_SELECT Structure */ + +typedef struct { + UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ + BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ +} TPMS_PCR_SELECT; + +/* Table 84 - Definition of TPMS_PCR_SELECTION Structure */ + +typedef struct { + TPMI_ALG_HASH hash; /* the hash algorithm associated with the selection */ + UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ + BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ +} TPMS_PCR_SELECTION; + +/* Table 87 - Definition of TPMT_TK_CREATION Structure */ + +typedef struct { + TPM_ST tag; /* ticket structure tag TPM_ST_CREATION */ + TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing name */ + TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ +} TPMT_TK_CREATION; + +/* Table 88 - Definition of TPMT_TK_VERIFIED Structure */ + +typedef struct { + TPM_ST tag; /* ticket structure tag TPM_ST_VERIFIED */ + TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing keyName */ + TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ +} TPMT_TK_VERIFIED; + +/* Table 89 - Definition of TPMT_TK_AUTH Structure */ + +typedef struct { + TPM_ST tag; /* ticket structure tag TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET */ + TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the object used to produce the ticket */ + TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ +} TPMT_TK_AUTH; + +/* Table 90 - Definition of TPMT_TK_HASHCHECK Structure */ + +typedef struct { + TPM_ST tag; /* ticket structure tag TPM_ST_HASHCHECK */ + TPMI_RH_HIERARCHY hierarchy; /* the hierarchy */ + TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ +} TPMT_TK_HASHCHECK; + +/* Table 91 - Definition of TPMS_ALG_PROPERTY Structure */ + +typedef struct { + TPM_ALG_ID alg; /* an algorithm identifier */ + TPMA_ALGORITHM algProperties; /* the attributes of the algorithm */ +} TPMS_ALG_PROPERTY; + +/* Table 92 - Definition of TPMS_TAGGED_PROPERTY Structure */ + +typedef struct { + TPM_PT property; /* a property identifier */ + UINT32 value; /* the value of the property */ +} TPMS_TAGGED_PROPERTY; + +/* Table 93 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ + +typedef struct { + TPM_PT_PCR tag; /* the property identifier */ + UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ + BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of PCR with the identified property */ +} TPMS_TAGGED_PCR_SELECT; + +/* Table 96 - Definition of TPMS_TAGGED_POLICY Structure */ + +typedef struct { + TPM_HANDLE handle; + TPMT_HA policyHash; +} TPMS_TAGGED_POLICY; + +/* Table 94 - Definition of TPML_CC Structure */ + +typedef struct { + UINT32 count; /* number of commands in the commandCode list; may be 0 */ + TPM_CC commandCodes[MAX_CAP_CC]; /* a list of command codes */ +} TPML_CC; + +/* Table 95 - Definition of TPML_CCA Structure */ + +typedef struct { + UINT32 count; /* number of values in the commandAttributes list; may be 0 */ + TPMA_CC commandAttributes[MAX_CAP_CC]; /* a list of command codes attributes */ +} TPML_CCA; + +/* Table 96 - Definition of TPML_ALG Structure */ + +typedef struct { + UINT32 count; /* number of algorithms in the algorithms list; may be 0 */ + TPM_ALG_ID algorithms[MAX_ALG_LIST_SIZE]; /* a list of algorithm IDs */ +} TPML_ALG; + +/* Table 97 - Definition of TPML_HANDLE Structure */ + +typedef struct { + UINT32 count; /* the number of handles in the list may have a value of 0 */ + TPM_HANDLE handle[MAX_CAP_HANDLES]; /* an array of handles */ +} TPML_HANDLE; + +/* Table 98 - Definition of TPML_DIGEST Structure */ + +typedef struct { + UINT32 count; /* number of digests in the list, minimum is two for TPM2_PolicyOR(). */ + TPM2B_DIGEST digests[8]; /* a list of digests */ +} TPML_DIGEST; + +/* Table 99 - Definition of TPML_DIGEST_VALUES Structure */ + +typedef struct { + UINT32 count; /* number of digests in the list */ + TPMT_HA digests[HASH_COUNT]; /* a list of tagged digests */ +} TPML_DIGEST_VALUES; + +/* Table 100 - Definition of TPM2B_DIGEST_VALUES Structure */ + +typedef struct { + UINT16 size; /* size of the operand buffer */ + BYTE buffer [sizeof(TPML_DIGEST_VALUES)]; /* the operand */ +} TPM2B_DIGEST_VALUES; + +/* Table 101 - Definition of TPML_PCR_SELECTION Structure */ + +typedef struct { + UINT32 count; /* number of selection structures A value of zero is allowed. */ + TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; /* list of selections */ +} TPML_PCR_SELECTION; + +/* Table 102 - Definition of TPML_ALG_PROPERTY Structure */ + +typedef struct { + UINT32 count; /* number of algorithm properties structures A value of zero is allowed. */ + TPMS_ALG_PROPERTY algProperties[MAX_CAP_ALGS]; /* list of properties */ +} TPML_ALG_PROPERTY; + +/* Table 103 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ + +typedef struct { + UINT32 count; /* number of properties A value of zero is allowed. */ + TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; /* an array of tagged properties */ +} TPML_TAGGED_TPM_PROPERTY; + +/* Table 104 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ + +typedef struct { + UINT32 count; /* number of properties A value of zero is allowed. */ + TPMS_TAGGED_PCR_SELECT pcrProperty[MAX_PCR_PROPERTIES]; /* a tagged PCR selection */ +} TPML_TAGGED_PCR_PROPERTY; + +/* Table 105 - Definition of {ECC} TPML_ECC_CURVE Structure */ + +typedef struct { + UINT32 count; /* number of curves A value of zero is allowed. */ + TPM_ECC_CURVE eccCurves[MAX_ECC_CURVES]; /* array of ECC curve identifiers */ +} TPML_ECC_CURVE ; + +/* Table 109 - Definition of TPML_TAGGED_POLICY Structure */ + +typedef struct { + UINT32 count; + TPMS_TAGGED_POLICY policies[MAX_TAGGED_POLICIES]; +} TPML_TAGGED_POLICY; + +/* Table 106 - Definition of TPMU_CAPABILITIES Union */ + +typedef union { + TPML_ALG_PROPERTY algorithms; /* TPM_CAP_ALGS */ + TPML_HANDLE handles; /* TPM_CAP_HANDLES */ + TPML_CCA command; /* TPM_CAP_COMMANDS */ + TPML_CC ppCommands; /* TPM_CAP_PP_COMMANDS */ + TPML_CC auditCommands; /* TPM_CAP_AUDIT_COMMANDS */ + TPML_PCR_SELECTION assignedPCR; /* TPM_CAP_PCRS */ + TPML_TAGGED_TPM_PROPERTY tpmProperties; /* TPM_CAP_TPM_PROPERTIES */ + TPML_TAGGED_PCR_PROPERTY pcrProperties; /* TPM_CAP_PCR_PROPERTIES */ + TPML_ECC_CURVE eccCurves; /* TPM_CAP_ECC_CURVES */ + TPML_TAGGED_POLICY authPolicies; /* TPM_CAP_AUTH_POLICIES */ +} TPMU_CAPABILITIES; + +/* Table 107 - Definition of TPMS_CAPABILITY_DATA Structure */ + +typedef struct { + TPM_CAP capability; /* the capability */ + TPMU_CAPABILITIES data; /* the capability data */ +} TPMS_CAPABILITY_DATA; + +/* Table 108 - Definition of TPMS_CLOCK_INFO Structure */ + +typedef struct { + UINT64 clock; /* time in milliseconds during which the TPM has been powered */ + UINT32 resetCount; /* number of occurrences of TPM Reset since the last TPM2_Clear() */ + UINT32 restartCount; /* number of times that TPM2_Shutdown() or _TPM_Hash_Start have + occurred since the last TPM Reset or TPM2_Clear(). */ + TPMI_YES_NO safe; /* no value of Clock greater than the current value of Clock has + been previously reported by the TPM */ +} TPMS_CLOCK_INFO; + +/* Table 109 - Definition of TPMS_TIME_INFO Structure */ + +typedef struct { + UINT64 time; /* time in milliseconds since the last _TPM_Init() or TPM2_Startup() */ + TPMS_CLOCK_INFO clockInfo; /* a structure containing the clock information */ +} TPMS_TIME_INFO; + +/* Table 110 - Definition of TPMS_TIME_ATTEST_INFO Structure */ + +typedef struct { + TPMS_TIME_INFO time; /* the Time, clock, resetCount, restartCount, and + Safe indicator */ + UINT64 firmwareVersion; /* a TPM vendor-specific value indicating the + version number of the firmware */ +} TPMS_TIME_ATTEST_INFO; + +/* Table 111 - Definition of TPMS_CERTIFY_INFO Structure */ + +typedef struct { + TPM2B_NAME name; /* Name of the certified object */ + TPM2B_NAME qualifiedName; /* Qualified Name of the certified object */ +} TPMS_CERTIFY_INFO; + +/* Table 112 - Definition of TPMS_QUOTE_INFO Structure */ + +typedef struct { + TPML_PCR_SELECTION pcrSelect; /* information on algID, PCR selected and digest */ + TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using the hash of the signing key */ +} TPMS_QUOTE_INFO; + +/* Table 113 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ + +typedef struct { + UINT64 auditCounter; /* the monotonic audit counter */ + TPM_ALG_ID digestAlg; /* hash algorithm used for the command audit */ + TPM2B_DIGEST auditDigest; /* the current value of the audit digest */ + TPM2B_DIGEST commandDigest; /* digest of the command codes being audited using digestAlg */ +} TPMS_COMMAND_AUDIT_INFO; + +/* Table 114 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ + +typedef struct { + TPMI_YES_NO exclusiveSession; /* current exclusive status of the session */ + TPM2B_DIGEST sessionDigest; /* the current value of the session audit digest */ +} TPMS_SESSION_AUDIT_INFO; + +/* Table 115 - Definition of TPMS_CREATION_INFO Structure */ + +typedef struct { + TPM2B_NAME objectName; /* Name of the object */ + TPM2B_DIGEST creationHash; /* creationHash */ +} TPMS_CREATION_INFO; + +/* Table 116 - Definition of TPMS_NV_CERTIFY_INFO Structure */ + +typedef struct { + TPM2B_NAME indexName; /* Name of the NV Index */ + UINT16 offset; /* the offset parameter of TPM2_NV_Certify() */ + TPM2B_MAX_NV_BUFFER nvContents; /* contents of the NV Index */ +} TPMS_NV_CERTIFY_INFO; + +/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure */ +typedef struct { + TPM2B_NAME indexName; + TPM2B_DIGEST nvDigest; +} TPMS_NV_DIGEST_CERTIFY_INFO; + +typedef TPM_ST TPMI_ST_ATTEST; + +/* Table 118 - Definition of TPMU_ATTEST Union */ + +typedef union { + TPMS_CERTIFY_INFO certify; /* TPM_ST_ATTEST_CERTIFY */ + TPMS_CREATION_INFO creation; /* TPM_ST_ATTEST_CREATION */ + TPMS_QUOTE_INFO quote; /* TPM_ST_ATTEST_QUOTE */ + TPMS_COMMAND_AUDIT_INFO commandAudit; /* TPM_ST_ATTEST_COMMAND_AUDIT */ + TPMS_SESSION_AUDIT_INFO sessionAudit; /* TPM_ST_ATTEST_SESSION_AUDIT */ + TPMS_TIME_ATTEST_INFO time; /* TPM_ST_ATTEST_TIME */ + TPMS_NV_CERTIFY_INFO nv; /* TPM_ST_ATTEST_NV */ + TPMS_NV_DIGEST_CERTIFY_INFO nvDigest; /* TPM_ST_ATTEST_NV_DIGEST */ +} TPMU_ATTEST; + +/* Table 119 - Definition of TPMS_ATTEST Structure */ + +typedef struct { + TPM_GENERATED magic; /* the indication that this structure was created by + a TPM (always TPM_GENERATED_VALUE) */ + TPMI_ST_ATTEST type; /* type of the attestation structure */ + TPM2B_NAME qualifiedSigner; /* Qualified Name of the signing key */ + TPM2B_DATA extraData; /* external information supplied by caller */ + TPMS_CLOCK_INFO clockInfo; /* Clock, resetCount, restartCount, and Safe */ + UINT64 firmwareVersion; /* TPM-vendor-specific value identifying the version + number of the firmware */ + TPMU_ATTEST attested; /* the type-specific attestation information */ +} TPMS_ATTEST; + +/* Table 120 - Definition of TPM2B_ATTEST Structure */ + +typedef struct { + UINT16 size; /* size of the attestationData structure */ + BYTE attestationData[sizeof(TPMS_ATTEST)]; /* the signed structure */ +} ATTEST_2B; + +typedef union { + ATTEST_2B t; + TPM2B b; +} TPM2B_ATTEST; + +/* Table 121 - Definition of TPMS_AUTH_COMMAND Structure */ + +typedef struct { + TPMI_SH_AUTH_SESSION sessionHandle; /* the session handle */ + TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ + TPMA_SESSION sessionAttributes; /* the session attributes */ + TPM2B_AUTH hmac; /* either an HMAC, a password, or an EmptyAuth */ +} TPMS_AUTH_COMMAND; + +/* Table 126 - Definition of TPMS_AUTH_RESPONSE Structure */ + +typedef struct { + TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ + TPMA_SESSION sessionAttributes; /* the session attributes */ + TPM2B_AUTH hmac; /* either an HMAC or an EmptyAuth */ +} TPMS_AUTH_RESPONSE; + +/* Table 127 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ + +typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS; +typedef TPM_KEY_BITS TPMI_AES_KEY_BITS; +typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS; +typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS; + +/* Table 128 - Definition of TPMU_SYM_KEY_BITS Union */ + +typedef union { +#ifdef TPM_ALG_TDES + TPMI_TDES_KEY_BITS tdes; /* TPM_ALG_TDES */ +#endif +#ifdef TPM_ALG_AES + TPMI_AES_KEY_BITS aes; /* TPM_ALG_AES */ +#endif +#ifdef TPM_ALG_SM4 + TPMI_SM4_KEY_BITS sm4; /* TPM_ALG_SM4 */ +#endif +#ifdef TPM_ALG_CAMELLIA + TPMI_CAMELLIA_KEY_BITS camellia; /* TPM_ALG_CAMELLIA */ +#endif +#ifdef TPM_ALG_XOR + TPMI_ALG_HASH xorr; /* TPM_ALG_XOR overload for using xor */ +#endif + TPM_KEY_BITS sym; /* when selector may be any of the symmetric block ciphers */ +} TPMU_SYM_KEY_BITS; + +/* Table 129 - Definition of TPMU_SYM_MODE Union */ + +typedef union { +#ifdef TPM_ALG_TDES + TPMI_ALG_SYM_MODE tdes; /* TPM_ALG_TDES */ +#endif +#ifdef TPM_ALG_AES + TPMI_ALG_SYM_MODE aes; /* TPM_ALG_AES */ +#endif +#ifdef TPM_ALG_SM4 + TPMI_ALG_SYM_MODE sm4; /* TPM_ALG_SM4 */ +#endif +#ifdef TPM_ALG_CAMELLIA + TPMI_ALG_SYM_MODE camellia; /* TPM_ALG_CAMELLIA */ +#endif + TPMI_ALG_SYM_MODE sym; /* when selector may be any of the symmetric block ciphers */ +} TPMU_SYM_MODE; + +/* Table 126 - xDefinition of TPMU_SYM_DETAILS Union */ + +/* Table 127 - Definition of TPMT_SYM_DEF Structure */ + +typedef struct { + TPMI_ALG_SYM algorithm; /* indicates a symmetric algorithm */ + TPMU_SYM_KEY_BITS keyBits; /* a supported key size */ + TPMU_SYM_MODE mode; /* the mode for the key */ +} TPMT_SYM_DEF; + +/* Table 128 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + +typedef struct { + TPMI_ALG_SYM_OBJECT algorithm; /* selects a symmetric block cipher */ + TPMU_SYM_KEY_BITS keyBits; /* the key size */ + TPMU_SYM_MODE mode; /* default mode */ +} TPMT_SYM_DEF_OBJECT; + +/* Table 129 - Definition of TPM2B_SYM_KEY Structure */ + +typedef struct { + UINT16 size; /* size, in octets, of the buffer containing the key; may be zero */ + BYTE buffer [MAX_SYM_KEY_BYTES]; /* the key */ +} SYM_KEY_2B; + +typedef union { + SYM_KEY_2B t; + TPM2B b; +} TPM2B_SYM_KEY; + +/* Table 130 - Definition of TPMS_SYMCIPHER_PARMS Structure */ + +typedef struct { + TPMT_SYM_DEF_OBJECT sym; /* a symmetric block cipher */ +} TPMS_SYMCIPHER_PARMS; + +/* Table 135 - Definition of TPM2B_LABEL Structure */ + +typedef union { + struct { + UINT16 size; + BYTE buffer[LABEL_MAX_BUFFER]; + } t; + TPM2B b; +} TPM2B_LABEL; + +/* Table 135 - Definition of TPMS_DERIVE Structure */ + +typedef struct { + TPM2B_LABEL label; + TPM2B_LABEL context; +} TPMS_DERIVE; + +/* Table 131 - Definition of TPM2B_SENSITIVE_DATA Structure */ + +typedef struct { + UINT16 size; + BYTE buffer[MAX_SYM_DATA]; /* the keyed hash private data structure */ +} SENSITIVE_DATA_2B; + +typedef union { + SENSITIVE_DATA_2B t; + TPM2B b; +} TPM2B_SENSITIVE_DATA; + +/* Table 132 - Definition of TPMS_SENSITIVE_CREATE Structure */ + +typedef struct { + TPM2B_AUTH userAuth; /* the USER auth secret value */ + TPM2B_SENSITIVE_DATA data; /* data to be sealed */ +} TPMS_SENSITIVE_CREATE; + +/* Table 133 - Definition of TPM2B_SENSITIVE_CREATE Structure */ + +typedef struct { + UINT16 size; /* size of sensitive in octets (may not be zero) */ + TPMS_SENSITIVE_CREATE sensitive; /* data to be sealed or a symmetric key value. */ +} TPM2B_SENSITIVE_CREATE; + +/* Table 134 - Definition of TPMS_SCHEME_HASH Structure */ + +typedef struct { + TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ +} TPMS_SCHEME_HASH; + +/* Table 135 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ + +typedef struct { + TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ + UINT16 count; /* the counter value that is used between TPM2_Commit() and the sign operation */ +} TPMS_SCHEME_ECDAA; + +/* Table 136 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + +typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME; + +/* Table 137 - Definition of Types for HMAC_SIG_SCHEME */ + +typedef TPMS_SCHEME_HASH TPMS_SCHEME_HMAC; + +/* Table 138 - Definition of TPMS_SCHEME_XOR Structure */ + +typedef struct { + TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ + TPMI_ALG_KDF kdf; /* the key derivation function */ +} TPMS_SCHEME_XOR; + +/* Table 139 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + +typedef union { +#ifdef TPM_ALG_HMAC + TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the "signing" scheme */ +#endif +#ifdef TPM_ALG_XOR + TPMS_SCHEME_XOR xorr; /* TPM_ALG_XOR the "obfuscation" scheme */ +#endif +} TPMU_SCHEME_KEYEDHASH; + +/* Table 140 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + +typedef struct { + TPMI_ALG_KEYEDHASH_SCHEME scheme; /* selects the scheme */ + TPMU_SCHEME_KEYEDHASH details; /* the scheme parameters */ +} TPMT_KEYEDHASH_SCHEME; + +/* Table 141 - Definition of {RSA} Types for RSA Signature Schemes */ + +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSASSA; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSAPSS; + +/* Table 142 - Definition of {ECC} Types for ECC Signature Schemes */ + +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECDSA; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_SM2; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECSCHNORR; + +typedef TPMS_SCHEME_ECDAA TPMS_SIG_SCHEME_ECDAA; + +/* Table 143 - Definition of TPMU_SIG_SCHEME Union */ + +typedef union { +#ifdef TPM_ALG_RSASSA + TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA the RSASSA-PKCS1v1_5 scheme */ +#endif +#ifdef TPM_ALG_RSAPSS + TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS the RSASSA-PSS scheme */ +#endif +#ifdef TPM_ALG_ECDSA + TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA the ECDSA scheme */ +#endif +#ifdef TPM_ALG_ECDAA + TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA the ECDAA scheme */ +#endif +#ifdef TPM_ALG_SM2 + TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 ECDSA from SM2 */ +#endif +#ifdef TPM_ALG_ECSCHNORR + TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR the EC Schnorr */ +#endif +#ifdef TPM_ALG_HMAC + TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the HMAC scheme */ +#endif + TPMS_SCHEME_HASH any; /* selector that allows access to digest for any signing scheme */ +} TPMU_SIG_SCHEME; + +/* Table 144 - Definition of TPMT_SIG_SCHEME Structure */ + +typedef struct { + TPMI_ALG_SIG_SCHEME scheme; /* scheme selector */ + TPMU_SIG_SCHEME details; /* scheme parameters */ +} TPMT_SIG_SCHEME; + +/* Table 145 - Definition of Types for {RSA} Encryption Schemes */ + +typedef TPMS_SCHEME_HASH TPMS_ENC_SCHEME_OAEP; /* schemes that only need a hash */ + +typedef TPMS_EMPTY TPMS_ENC_SCHEME_RSAES; /* schemes that need nothing */ + +/* Table 146 - Definition of Types for {ECC} ECC Key Exchange */ + +typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECDH; /* schemes that only need a hash */ +typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECMQV; /* schemes that only need a hash */ + +/* Table 147 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +typedef TPMS_SCHEME_HASH TPMS_SCHEME_MGF1; +typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_56A; +typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF2; +typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_108; + +/* Table 148 - Definition of TPMU_KDF_SCHEME Union */ + +typedef union { +#ifdef TPM_ALG_MGF1 + TPMS_SCHEME_MGF1 mgf1; /* TPM_ALG_MGF1 */ +#endif +#ifdef TPM_ALG_KDF1_SP800_56A + TPMS_SCHEME_KDF1_SP800_56A kdf1_SP800_56a; /* TPM_ALG_KDF1_SP800_56A */ +#endif +#ifdef TPM_ALG_KDF2 + TPMS_SCHEME_KDF2 kdf2; /* TPM_ALG_KDF2 */ +#endif +#ifdef TPM_ALG_KDF1_SP800_108 + TPMS_SCHEME_KDF1_SP800_108 kdf1_sp800_108; /* TPM_ALG_KDF1_SP800_108 */ +#endif +} TPMU_KDF_SCHEME; + +/* Table 149 - Definition of TPMT_KDF_SCHEME Structure */ + +typedef struct { + TPMI_ALG_KDF scheme; /* scheme selector */ + TPMU_KDF_SCHEME details; /* scheme parameters */ +} TPMT_KDF_SCHEME; + +/* Table 150 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */ + +typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME; + +/* Table 151 - Definition of TPMU_ASYM_SCHEME Union */ + +typedef union { +#ifdef TPM_ALG_ECDH + TPMS_KEY_SCHEME_ECDH ecdh; /* TPM_ALG_ECDH */ +#endif +#ifdef TPM_ALG_ECMQV + TPMS_KEY_SCHEME_ECMQV ecmqvh; /* TPM_ALG_ECMQV */ +#endif +#ifdef TPM_ALG_RSASSA + TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA */ +#endif +#ifdef TPM_ALG_RSAPSS + TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ +#endif +#ifdef TPM_ALG_ECDSA + TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA */ +#endif +#ifdef TPM_ALG_ECDAA + TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA */ +#endif +#ifdef TPM_ALG_SM2 + TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 */ +#endif +#ifdef TPM_ALG_ECSCHNORR + TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR */ +#endif +#ifdef TPM_ALG_RSAES + TPMS_ENC_SCHEME_RSAES rsaes; /* TPM_ALG_RSAES */ +#endif +#ifdef TPM_ALG_OAEP + TPMS_ENC_SCHEME_OAEP oaep; /* TPM_ALG_OAEP */ +#endif + TPMS_SCHEME_HASH anySig; +} TPMU_ASYM_SCHEME; + +/* Table 152 - Definition of TPMT_ASYM_SCHEME Structure <> */ + +typedef struct { + TPMI_ALG_ASYM_SCHEME scheme; /* scheme selector */ + TPMU_ASYM_SCHEME details; /* scheme parameters */ +} TPMT_ASYM_SCHEME; + +/* Table 153 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ + +typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME; + +/* Table 154 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ + +typedef struct { + TPMI_ALG_RSA_SCHEME scheme; /* scheme selector */ + TPMU_ASYM_SCHEME details; /* scheme parameters */ +} TPMT_RSA_SCHEME; + +/* Table 155 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ + +typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT; + +/* Table 156 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + +typedef struct { + TPMI_ALG_RSA_DECRYPT scheme; /* scheme selector */ + TPMU_ASYM_SCHEME details; /* scheme parameters */ +} TPMT_RSA_DECRYPT; + +/* Table 157 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ + +typedef struct { + UINT16 size; /* size of the buffer */ + BYTE buffer[MAX_RSA_KEY_BYTES]; /* Value */ +} PUBLIC_KEY_RSA_2B; + +typedef union { + PUBLIC_KEY_RSA_2B t; + TPM2B b; +} TPM2B_PUBLIC_KEY_RSA; + +/* Table 158 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ + +typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS; + +/* Table 159 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ + +typedef struct { + UINT16 size; + BYTE buffer[MAX_RSA_KEY_BYTES/2]; +} PRIVATE_KEY_RSA_2B; + +typedef union { + PRIVATE_KEY_RSA_2B t; + TPM2B b; +} TPM2B_PRIVATE_KEY_RSA; + +/* Table 160 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ + +typedef struct { + UINT16 size; /* size of the buffer */ + BYTE buffer[MAX_ECC_KEY_BYTES]; /* the parameter data */ +} ECC_PARAMETER_2B; + +typedef union { + ECC_PARAMETER_2B t; + TPM2B b; +} TPM2B_ECC_PARAMETER; + +/* Table 161 - Definition of {ECC} TPMS_ECC_POINT Structure */ + +typedef struct { + TPM2B_ECC_PARAMETER x; /* X coordinate */ + TPM2B_ECC_PARAMETER y; /* Y coordinate */ +} TPMS_ECC_POINT; + +/* Table 162 - Definition of {ECC} TPM2B_ECC_POINT Structure */ + +typedef struct { + UINT16 size; /* size of the remainder of this structure */ + TPMS_ECC_POINT point; /* coordinates */ +} TPM2B_ECC_POINT; + +/* Table 163 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ + +typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME; + +/* Table 164 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + +typedef TPM_ECC_CURVE TPMI_ECC_CURVE; + +/* Table 165 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ + +typedef struct { + TPMI_ALG_ECC_SCHEME scheme; /* scheme selector */ + TPMU_ASYM_SCHEME details; /* scheme parameters */ +} TPMT_ECC_SCHEME; + +/* Table 166 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ + +typedef struct { + TPM_ECC_CURVE curveID; /* identifier for the curve */ + UINT16 keySize; /* Size in bits of the key */ + TPMT_KDF_SCHEME kdf; /* If not TPM_ALG_NULL, the required KDF and hash algorithm + used in secret sharing operations */ + TPMT_ECC_SCHEME sign; /* If not TPM_ALG_NULL, this is the mandatory signature + scheme that is required to be used with this curve. */ + TPM2B_ECC_PARAMETER p; /* Fp (the modulus) */ + TPM2B_ECC_PARAMETER a; /* coefficient of the linear term in the curve equation */ + TPM2B_ECC_PARAMETER b; /* constant term for curve equation */ + TPM2B_ECC_PARAMETER gX; /* x coordinate of base point G */ + TPM2B_ECC_PARAMETER gY; /* y coordinate of base point G */ + TPM2B_ECC_PARAMETER n; /* order of G */ + TPM2B_ECC_PARAMETER h; /* cofactor (a size of zero indicates a cofactor of 1) */ +} TPMS_ALGORITHM_DETAIL_ECC; + +/* Table 167 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ + +typedef struct { + TPMI_ALG_HASH hash; /* the hash algorithm used to digest the message TPM_ALG_NULL is not allowed. */ + TPM2B_PUBLIC_KEY_RSA sig; /* The signature is the size of a public key. */ +} TPMS_SIGNATURE_RSA; + +/* Table 168 - Definition of Types for {RSA} Signature */ + +typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA; +typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS; + +/* Table 169 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ + +typedef struct { + TPMI_ALG_HASH hash; /* the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. */ + TPM2B_ECC_PARAMETER signatureR; + TPM2B_ECC_PARAMETER signatureS; +} TPMS_SIGNATURE_ECC; + +/* Table 170 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ + +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR; + +/* Table 171 - Definition of TPMU_SIGNATURE Union */ + +typedef union { +#ifdef TPM_ALG_RSASSA + TPMS_SIGNATURE_RSASSA rsassa; /* TPM_ALG_RSASSA */ +#endif +#ifdef TPM_ALG_RSAPSS + TPMS_SIGNATURE_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ +#endif +#ifdef TPM_ALG_ECDSA + TPMS_SIGNATURE_ECDSA ecdsa; /* TPM_ALG_ECDSA */ +#endif +#ifdef TPM_ALG_ECDAA + TPMS_SIGNATURE_ECDSA ecdaa; /* TPM_ALG_ECDAA */ +#endif +#ifdef TPM_ALG_SM2 + TPMS_SIGNATURE_ECDSA sm2; /* TPM_ALG_SM2 */ +#endif +#ifdef TPM_ALG_ECSCHNORR + TPMS_SIGNATURE_ECDSA ecschnorr; /* TPM_ALG_ECSCHNORR */ +#endif +#ifdef TPM_ALG_HMAC + TPMT_HA hmac; /* TPM_ALG_HMAC */ +#endif + TPMS_SCHEME_HASH any; /* used to access the hash */ +} TPMU_SIGNATURE; + +/* Table 172 - Definition of TPMT_SIGNATURE Structure */ + +typedef struct { + TPMI_ALG_SIG_SCHEME sigAlg; /* selector of the algorithm used to construct the signature */ + TPMU_SIGNATURE signature; /* This shall be the actual signature information. */ +} TPMT_SIGNATURE; + +/* Table 173 - Definition of TPMU_ENCRYPTED_SECRET Union */ + +typedef union { +#ifdef TPM_ALG_ECC + BYTE ecc[sizeof(TPMS_ECC_POINT)]; /* TPM_ALG_ECC */ +#endif +#ifdef TPM_ALG_RSA + BYTE rsa[MAX_RSA_KEY_BYTES]; /* TPM_ALG_RSA */ +#endif +#ifdef TPM_ALG_SYMCIPHER + BYTE symmetric[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_SYMCIPHER */ +#endif +#ifdef TPM_ALG_KEYEDHASH + BYTE keyedHash[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_KEYEDHASH */ +#endif +} TPMU_ENCRYPTED_SECRET; + +/* Table 174 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ + +typedef struct { + UINT16 size; /* size of the secret value */ + BYTE secret[sizeof(TPMU_ENCRYPTED_SECRET)]; /* secret */ +} ENCRYPTED_SECRET_2B; + +typedef union { + ENCRYPTED_SECRET_2B t; + TPM2B b; +} TPM2B_ENCRYPTED_SECRET; + +/* Table 175 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + +typedef TPM_ALG_ID TPMI_ALG_PUBLIC; + +/* Table 176 - Definition of TPMU_PUBLIC_ID Union */ + +typedef union { +#ifdef TPM_ALG_KEYEDHASH + TPM2B_DIGEST keyedHash; /* TPM_ALG_KEYEDHASH */ +#endif +#ifdef TPM_ALG_SYMCIPHER + TPM2B_DIGEST sym; /* TPM_ALG_SYMCIPHER */ +#endif +#ifdef TPM_ALG_RSA + TPM2B_PUBLIC_KEY_RSA rsa; /* TPM_ALG_RSA */ +#endif +#ifdef TPM_ALG_ECC + TPMS_ECC_POINT ecc; /* TPM_ALG_ECC */ +#endif + TPMS_DERIVE derive; /* only allowed for TPM2_CreateLoaded when + parentHandle is a Derivation Parent */ +} TPMU_PUBLIC_ID; + +/* Table 177 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + +typedef struct { + TPMT_KEYEDHASH_SCHEME scheme; /* Indicates the signing method used for a keyedHash signing object */ +} TPMS_KEYEDHASH_PARMS; + +/* Table 178 - Definition of TPMS_ASYM_PARMS Structure <> */ + +typedef struct { + TPMT_SYM_DEF_OBJECT symmetric; /* the companion symmetric algorithm for a restricted decryption key */ + TPMT_ASYM_SCHEME scheme; /* for a key with the sign attribute SET, a valid signing scheme for the key type */ +} TPMS_ASYM_PARMS; + +/* Table 179 - Definition of {RSA} TPMS_RSA_PARMS Structure */ + +typedef struct { + TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size, and mode. */ + TPMT_RSA_SCHEME scheme; /* for an unrestricted signing key, shall be either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL */ + TPMI_RSA_KEY_BITS keyBits; /* number of bits in the public modulus */ + UINT32 exponent; /* the public exponent */ +} TPMS_RSA_PARMS; + +/* Table 180 - Definition of {ECC} TPMS_ECC_PARMS Structure */ + +typedef struct { + TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size. and mode. */ + TPMT_ECC_SCHEME scheme; /* If the sign attribute of the key is SET, then this shall be a valid signing scheme. */ + TPMI_ECC_CURVE curveID; /* ECC curve ID */ + TPMT_KDF_SCHEME kdf; /* an optional key derivation scheme for generating a symmetric key from a Z value */ +} TPMS_ECC_PARMS; + +/* Table 181 - Definition of TPMU_PUBLIC_PARMS Union */ + +typedef union { +#ifdef TPM_ALG_KEYEDHASH + TPMS_KEYEDHASH_PARMS keyedHashDetail; /* TPM_ALG_KEYEDHASH */ +#endif +#ifdef TPM_ALG_SYMCIPHER + TPMS_SYMCIPHER_PARMS symDetail; /* TPM_ALG_SYMCIPHER */ +#endif +#ifdef TPM_ALG_RSA + TPMS_RSA_PARMS rsaDetail; /* TPM_ALG_RSA */ +#endif +#ifdef TPM_ALG_ECC + TPMS_ECC_PARMS eccDetail; /* TPM_ALG_ECC */ +#endif + TPMS_ASYM_PARMS asymDetail; /* common scheme structure for RSA and ECC keys */ +} TPMU_PUBLIC_PARMS; + +/* Table 182 - Definition of TPMT_PUBLIC_PARMS Structure */ + +typedef struct { + TPMI_ALG_PUBLIC type; /* the algorithm to be tested */ + TPMU_PUBLIC_PARMS parameters; /* the algorithm details */ +} TPMT_PUBLIC_PARMS; + +/* Table 183 - Definition of TPMT_PUBLIC Structure */ + +typedef struct { + TPMI_ALG_PUBLIC type; /* "algorithm" associated with this object */ + TPMI_ALG_HASH nameAlg; /* algorithm used for computing the Name of the object */ + TPMA_OBJECT objectAttributes; /* attributes that, along with type, determine the manipulations of this object */ + TPM2B_DIGEST authPolicy; /* optional policy for using this key */ + TPMU_PUBLIC_PARMS parameters; /* the algorithm or structure details */ + TPMU_PUBLIC_ID unique; /* the unique identifier of the structure */ +} TPMT_PUBLIC; + +/* Table 184 - Definition of TPM2B_PUBLIC Structure */ + +typedef struct { + UINT16 size; /* size of publicArea */ + TPMT_PUBLIC publicArea; /* the public area */ +} TPM2B_PUBLIC; + +/* Table 192 - Definition of TPM2B_TEMPLATE Structure */ + +typedef union { + struct { + UINT16 size; /* size of publicArea */ + BYTE buffer[sizeof(TPMT_PUBLIC)]; /* the public area */ + } t; + TPM2B b; +} TPM2B_TEMPLATE; + +/* Table 186 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ + +typedef union { +#ifdef TPM_ALG_RSA + TPM2B_PRIVATE_KEY_RSA rsa; /* TPM_ALG_RSA a prime factor of the public key */ +#endif +#ifdef TPM_ALG_ECC + TPM2B_ECC_PARAMETER ecc; /* TPM_ALG_ECC the integer private key */ +#endif +#ifdef TPM_ALG_KEYEDHASH + TPM2B_SENSITIVE_DATA bits; /* TPM_ALG_KEYEDHASH the private data */ +#endif +#ifdef TPM_ALG_SYMCIPHER + TPM2B_SYM_KEY sym; /* TPM_ALG_SYMCIPHER the symmetric key */ +#endif +} TPMU_SENSITIVE_COMPOSITE; + +/* Table 187 - Definition of TPMT_SENSITIVE Structure */ + +typedef struct { + TPMI_ALG_PUBLIC sensitiveType; /* identifier for the sensitive area */ + TPM2B_AUTH authValue; /* user authorization data */ + TPM2B_DIGEST seedValue; /* for asymmetric key object, the optional protection seed; for other objects, the obfuscation value */ + TPMU_SENSITIVE_COMPOSITE sensitive; /* the type-specific private data */ +} TPMT_SENSITIVE; + +/* Table 188 - Definition of TPM2B_SENSITIVE Structure */ + +typedef struct { + UINT16 size; /* size of the private structure */ + TPMT_SENSITIVE sensitiveArea; /* an unencrypted sensitive area */ +} SENSITIVE_2B; + +typedef union { + SENSITIVE_2B t; + TPM2B b; +} TPM2B_SENSITIVE; + +/* Table 189 - Definition of _PRIVATE Structure <> */ + +typedef struct { + TPM2B_DIGEST integrityOuter; + TPM2B_DIGEST integrityInner; /* could also be a TPM2B_IV */ + TPM2B_SENSITIVE sensitive; /* the sensitive area */ +} _PRIVATE; + +/* Table 190 - Definition of TPM2B_PRIVATE Structure */ + +typedef struct { + UINT16 size; /* size of the private structure */ + BYTE buffer[sizeof(_PRIVATE)]; /* an encrypted private area */ +} PRIVATE_2B; + +typedef union { + PRIVATE_2B t; + TPM2B b; +} TPM2B_PRIVATE; + +/* Table 191 - Definition of _ID_OBJECT Structure <> */ + +typedef struct { + TPM2B_DIGEST integrityHMAC; /* HMAC using the nameAlg of the storage key on the target TPM */ + TPM2B_DIGEST encIdentity; /* credential protector information returned if name matches the referenced object */ +} _ID_OBJECT; + +/* Table 192 - Definition of TPM2B_ID_OBJECT Structure */ + +typedef struct { + UINT16 size; /* size of the credential structure */ + BYTE credential[sizeof(_ID_OBJECT)]; /* an encrypted credential area */ +} ID_OBJECT_2B; + +typedef union { + ID_OBJECT_2B t; + TPM2B b; +} TPM2B_ID_OBJECT; + +/* Table 193 - Definition of (UINT32) TPM_NV_INDEX Bits <> */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int index : 24; /* 23:0 The Index of the NV location */ + unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ + }; + UINT32 val; +} TPM_NV_INDEX; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ + unsigned int index : 24; /* 23:0 The Index of the NV location */ + }; + UINT32 val; +} TPM_NV_INDEX; + +#else + +typedef struct { + UINT32 val; +} TPM_NV_INDEX; + +#endif + +#define TPM_NV_INDEX_INDEX 0x00ffffff +#define TPM_NV_INDEX_RH_NV 0xff000000 + +/* Table 194 - Definition of TPM_NT Constants */ + +#define TPM_NT_ORDINARY 0x0 /* Ordinary - contains data that is opaque to the TPM that can only be modified using TPM2_NV_Write(). */ +#define TPM_NT_COUNTER 0x1 /* Counter - contains an 8-octet value that is to be used as a + counter and can only be modified with TPM2_NV_Increment() */ +#define TPM_NT_BITS 0x2 /* Bit Field - contains an 8-octet value to be used as a bit field + and can only be modified with TPM2_NV_SetBits(). */ +#define TPM_NT_EXTEND 0x4 /* Extend - contains a digest-sized value used like a PCR. The Index + can only be modified using TPM2_NV_Extend(). The extend will use + the nameAlg of the Index. */ +#define TPM_NT_PIN_FAIL 0x8 /* PIN Fail - contains a PIN limit and a PIN count that increments on a PIN authorization failure */ +#define TPM_NT_PIN_PASS 0x9 /* PIN Pass - contains a PIN limit and a PIN count that increments on a PIN authorization success */ + +/* Table 204 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */ + +typedef struct { + uint32_t pinCount; /* This counter shows the current number of successful authValue + authorization attempts to access a TPM_NT_PIN_PASS index or the current + number of unsuccessful authValue authorization attempts to access a + TPM_NT_PIN_FAIL index. */ + uint32_t pinLimit; /* This threshold is the value of pinCount at which the authValue + authorization of the host TPM_NT_PIN_PASS or TPM_NT_PIN_FAIL index is + locked out. */ +} TPMS_NV_PIN_COUNTER_PARAMETERS; + +/* Table 205 - Definition of (UINT32) TPMA_NV Bits */ + +#if defined TPM_BITFIELD_LE + +typedef union { + struct { + unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ + unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ + unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ + unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ + unsigned int TPM_NT : 4; /* 7:4 The type of the index */ + unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ + unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ + unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ + unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ + unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ + unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ + unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ + unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ + unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ + unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ + unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ + unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ + unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ + unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ + unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ + }; + UINT32 val; +} TPMA_NV; + +#elif defined TPM_BITFIELD_BE + +typedef union { + struct { + unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ + unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ + unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ + unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ + unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ + unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ + unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ + unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ + unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ + unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ + unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ + unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ + unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ + unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ + unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ + unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ + unsigned int TPM_NT : 4; /* 7:4 The type of the index */ + unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ + unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ + unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ + unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ + }; + UINT32 val; +} TPMA_NV; + +#else + +typedef struct { + UINT32 val; +} TPMA_NV; + +#endif + +#define TPMA_NVA_PPWRITE 0x00000001 +#define TPMA_NVA_OWNERWRITE 0x00000002 +#define TPMA_NVA_AUTHWRITE 0x00000004 +#define TPMA_NVA_POLICYWRITE 0x00000008 +#define TPMA_NVA_ORDINARY 0x00000000 +#define TPMA_NVA_COUNTER 0x00000010 +#define TPMA_NVA_BITS 0x00000020 +#define TPMA_NVA_EXTEND 0x00000040 +#define TPMA_NVA_PIN_FAIL 0x00000080 +#define TPMA_NVA_PIN_PASS 0x00000090 +#define TPMA_NVA_RESERVED1 0x00000300 +#define TPMA_NVA_POLICY_DELETE 0x00000400 +#define TPMA_NVA_WRITELOCKED 0x00000800 +#define TPMA_NVA_WRITEALL 0x00001000 +#define TPMA_NVA_WRITEDEFINE 0x00002000 +#define TPMA_NVA_WRITE_STCLEAR 0x00004000 +#define TPMA_NVA_GLOBALLOCK 0x00008000 +#define TPMA_NVA_PPREAD 0x00010000 +#define TPMA_NVA_OWNERREAD 0x00020000 +#define TPMA_NVA_AUTHREAD 0x00040000 +#define TPMA_NVA_POLICYREAD 0x00080000 +#define TPMA_NVA_RESERVED2 0x01f00000 +#define TPMA_NVA_NO_DA 0x02000000 +#define TPMA_NVA_ORDERLY 0x04000000 +#define TPMA_NVA_CLEAR_STCLEAR 0x08000000 +#define TPMA_NVA_READLOCKED 0x10000000 +#define TPMA_NVA_WRITTEN 0x20000000 +#define TPMA_NVA_PLATFORMCREATE 0x40000000 +#define TPMA_NVA_READ_STCLEAR 0x80000000 + +#define TPMA_NVA_TPM_NT_MASK 0x000000f0 +#define TPMA_NV_RESERVED (TPMA_NVA_RESERVED1 | TPMA_NVA_RESERVED2) + +/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ + +typedef struct { + TPMI_RH_NV_INDEX nvIndex; /* the handle of the data area */ + TPMI_ALG_HASH nameAlg; /* hash algorithm used to compute the name of the Index and used for the authPolicy */ + TPMA_NV attributes; /* the Index attributes */ + TPM2B_DIGEST authPolicy; /* optional access policy for the Index */ + UINT16 dataSize; /* the size of the data area */ +} TPMS_NV_PUBLIC; + +/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ + +typedef struct { + UINT16 size; /* size of nvPublic */ + TPMS_NV_PUBLIC nvPublic; /* the public area */ +} TPM2B_NV_PUBLIC; + +/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ + +typedef struct { + UINT16 size; + BYTE buffer[MAX_CONTEXT_SIZE]; /* the sensitive data */ +} CONTEXT_SENSITIVE_2B; + +typedef union { + CONTEXT_SENSITIVE_2B t; + TPM2B b; +} TPM2B_CONTEXT_SENSITIVE; + +/* Table 200 - Definition of TPMS_CONTEXT_DATA Structure */ + +typedef struct { + TPM2B_DIGEST integrity; /* the integrity value */ + TPM2B_CONTEXT_SENSITIVE encrypted; /* the sensitive area */ +} TPMS_CONTEXT_DATA; + +/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ + +typedef struct { + UINT16 size; + BYTE buffer[sizeof(TPMS_CONTEXT_DATA)]; +} CONTEXT_DATA_2B; + +typedef union { + CONTEXT_DATA_2B t; + TPM2B b; +} TPM2B_CONTEXT_DATA; + +/* Table 202 - Definition of TPMS_CONTEXT Structure */ + +typedef struct { + UINT64 sequence; /* the sequence number of the context */ + TPMI_DH_SAVED savedHandle; /* a handle indicating if the context is a session, object or sequence object */ + TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the context */ + TPM2B_CONTEXT_DATA contextBlob; /* the context data and integrity HMAC */ +} TPMS_CONTEXT; + +/* Table 203 - Context Handle Values */ + +#define TPM_CONTEXT_HANDLE_HMAC 0x02000000 /* an HMAC session context */ +#define TPM_CONTEXT_HANDLE_POLICY_SESSION 0x03000000 /* a policy session context */ +#define TPM_CONTEXT_HANDLE_TRANSIENT 0x80000000 /* an ordinary transient object */ +#define TPM_CONTEXT_HANDLE_SEQUENCE 0x80000001 /* a sequence object */ +#define TPM_CONTEXT_HANDLE_STCLEAR 0x80000002 /* a transient object with the stClear attribute SET */ + +/* Table 204 - Definition of TPMS_CREATION_DATA Structure */ + +typedef struct { + TPML_PCR_SELECTION pcrSelect; /* list indicating the PCR included in pcrDigest */ + TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using nameAlg of the object for which this structure is being created */ + TPMA_LOCALITY locality; /* the locality at which the object was created */ + TPM_ALG_ID parentNameAlg; /* nameAlg of the parent */ + TPM2B_NAME parentName; /* Name of the parent at time of creation */ + TPM2B_NAME parentQualifiedName; /* Qualified Name of the parent at the time of creation */ + TPM2B_DATA outsideInfo; /* association with additional information added by the key creator */ +} TPMS_CREATION_DATA; + +/* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ + +typedef struct { + UINT16 size; /* size of the creation data */ + TPMS_CREATION_DATA creationData; +} TPM2B_CREATION_DATA; + +typedef struct tdNTC2_CFG_STRUCT { + uint8_t i2cLoc1_2; + uint8_t i2cLoc3_4; + uint8_t AltCfg; + uint8_t Direction; + uint8_t PullUp; + uint8_t PushPull; + uint8_t CFG_A; + uint8_t CFG_B; + uint8_t CFG_C; + uint8_t CFG_D; + uint8_t CFG_E; + uint8_t CFG_F; + uint8_t CFG_G; + uint8_t CFG_H; + uint8_t CFG_I; + uint8_t CFG_J; + uint8_t IsValid; /* Must be AAh */ + uint8_t IsLocked; /* Ignored on NTC2_PreConfig, NTC2_GetConfig returns AAh once configuration + is locked. */ +} NTC2_CFG_STRUCT; + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/TakeOwnership_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TakeOwnership_fp.h new file mode 100644 index 000000000000..20a8f66643dd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TakeOwnership_fp.h @@ -0,0 +1,67 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 TakeOwnership */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: TakeOwnership_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TAKEOWNERSHIP_FP_H +#define TAKEOWNERSHIP_FP_H + +#include +#include + +#include + +typedef struct { + TPM_PROTOCOL_ID protocolID; + uint32_t encOwnerAuthSize; + uint8_t encOwnerAuth[MAX_RSA_KEY_BYTES]; + uint32_t encSrkAuthSize; + uint8_t encSrkAuth[MAX_RSA_KEY_BYTES]; + TPM_KEY12 srkParams; +} TakeOwnership_In; + +typedef struct { + TPM_KEY12 srkPub; +} TakeOwnership_Out; + +TPM_RC +TPM2_TakeOwnership( + TakeOwnership_In *in, // IN: input parameter buffer + TakeOwnership_Out *out // OUT: output parameter buffer + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/TestParms_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TestParms_fp.h new file mode 100644 index 000000000000..1d0ca4d3c88c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TestParms_fp.h @@ -0,0 +1,79 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: TestParms_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef TESTPARMS_FP_H +#define TESTPARMS_FP_H + +typedef struct { + TPMT_PUBLIC_PARMS parameters; +} TestParms_In; + +#define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) + +TPM_RC +TPM2_TestParms( + TestParms_In *in // IN: input parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/TpmBuildSwitches.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TpmBuildSwitches.h new file mode 100644 index 000000000000..e61d9ed5dee1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/TpmBuildSwitches.h @@ -0,0 +1,87 @@ +/********************************************************************************/ +/* */ +/* TSS Compiler Build Switches */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: TpmBuildSwitches.h 1294 2018-08-09 19:08:34Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2018 */ +/* */ +/********************************************************************************/ + +// 5.12 TpmBuildSwitches.h + +// This file contains the build switches. + +#ifndef _TPM_BUILD_SWITCHES_H +#define _TPM_BUILD_SWITCHES_H + +// Switch added to support packed lists that leave out space associated with unimplemented +// commands. Comment this out to use linear lists. NOTE: if vendor specific commands are present, +// the associated list is always in compressed form. +#define COMPRESSED_LISTS + +#ifdef _MSC_VER +// This macro is used to handle LIB_EXPORT of function and variable names in lieu of a .def +// file. Visual Studio requires that functions be explicity exported and imported. +# define LIB_EXPORT __declspec(dllexport) // VS compatible version +#endif + +// The following definitions are used if they have not already been defined. The defaults for these +// settings are compatible with ISO/IEC 9899:2011 (E) + +#ifndef LIB_EXPORT +# define LIB_EXPORT +#endif + +#endif // _TPM_BUILD_SWITCHES_H diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal12_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal12_fp.h new file mode 100644 index 000000000000..60149e0e0b2f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal12_fp.h @@ -0,0 +1,94 @@ +/********************************************************************************/ +/* */ +/* Parameter Unmarshaling */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Unmarshal12_fp.h 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef UNMARSHAL12_FP_H +#define UNMARSHAL12_FP_H + +#include "TPM_Types.h" +#include "tpmtypes12.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC + TSS_TPM_STARTUP_TYPE_Unmarshalu(TPM_STARTUP_TYPE *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_VERSION_Unmarshalu(TPM_VERSION *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_TAG_Unmarshalu(TPM_TAG *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PCR_SELECTION_Unmarshalu(TPM_PCR_SELECTION *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PCR_INFO_SHORT_Unmarshalu(TPM_PCR_INFO_SHORT *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_SYMMETRIC_KEY_Unmarshalu(TPM_SYMMETRIC_KEY *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_RSA_KEY_PARMS_Unmarshalu(TPM_RSA_KEY_PARMS *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector); + TPM_RC + TSS_TPM4B_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector); + TPM_RC + TSS_TPM_KEY_PARMS_Unmarshalu(TPM_KEY_PARMS *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_KEY12_Unmarshalu(TPM_KEY12 *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_STORE_PUBKEY_Unmarshalu(TPM_STORE_PUBKEY *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PUBKEY_Unmarshalu(TPM_PUBKEY *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_NV_ATTRIBUTES_Unmarshalu(TPM_NV_ATTRIBUTES *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(TPM_NV_DATA_PUBLIC *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_CAP_VERSION_INFO_Unmarshalu(TPM_CAP_VERSION_INFO *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_DA_INFO_Unmarshalu(TPM_DA_INFO *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_DA_INFO_LIMITED_Unmarshalu(TPM_DA_INFO_LIMITED *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_DA_ACTION_TYPE_Unmarshalu(TPM_DA_ACTION_TYPE *target, BYTE **buffer, uint32_t *size); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal_fp.h new file mode 100644 index 000000000000..cd3062e7b0a1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unmarshal_fp.h @@ -0,0 +1,696 @@ +/********************************************************************************/ +/* */ +/* Unmarshal Functions */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2019 */ +/* */ +/********************************************************************************/ + +/* The functions with the TSS_ prefix are preferred. They use an unsigned size. The functions + without the prefix are deprecated. */ + +#ifndef UNMARSHAL_FP_H +#define UNMARSHAL_FP_H + +#include "TPM_Types.h" + +#ifdef __cplusplus +extern "C" { +#endif + + LIB_EXPORT TPM_RC + TSS_UINT8_Unmarshalu(UINT8 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_INT8_Unmarshalu(INT8 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT16_Unmarshalu(UINT16 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT32_Unmarshalu(UINT32 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_INT32_Unmarshalu(INT32 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT64_Unmarshalu(UINT64 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_Array_Unmarshalu(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_Unmarshalu(TPM2B *target, UINT16 targetSize, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_KEY_BITS_Unmarshalu(TPM_KEY_BITS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_GENERATED_Unmarshalu(TPM_GENERATED *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ALG_ID_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ECC_CURVE_Unmarshalu(TPM_ECC_CURVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_RC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CLOCK_ADJUST_Unmarshalu(TPM_CLOCK_ADJUST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_EO_Unmarshalu(TPM_EO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ST_Unmarshalu(TPM_ST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_SU_Unmarshalu(TPM_SU *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_SE_Unmarshalu(TPM_SE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CAP_Unmarshalu(TPM_CAP *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_PCR_Unmarshalu(TPM_PT_PCR *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_HANDLE_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_ALGORITHM_Unmarshalu(TPMA_ALGORITHM *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_OBJECT_Unmarshalu(TPMA_OBJECT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_SESSION_Unmarshalu(TPMA_SESSION *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_LOCALITY_Unmarshalu(TPMA_LOCALITY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_CC_Unmarshalu(TPMA_CC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_YES_NO_Unmarshalu(TPMI_YES_NO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_OBJECT_Unmarshalu(TPMI_DH_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PARENT_Unmarshalu(TPMI_DH_PARENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PERSISTENT_Unmarshalu(TPMI_DH_PERSISTENT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_ENTITY_Unmarshalu(TPMI_DH_ENTITY *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PCR_Unmarshalu(TPMI_DH_PCR *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, uint32_t *size, BOOL allowPwd); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_HMAC_Unmarshalu(TPMI_SH_HMAC *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_POLICY_Unmarshalu(TPMI_SH_POLICY *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_CONTEXT_Unmarshalu(TPMI_DH_CONTEXT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_SAVED_Unmarshalu(TPMI_DH_SAVED *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_Unmarshalu(TPMI_RH_HIERARCHY *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENABLES_Unmarshalu(TPMI_RH_ENABLES *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PLATFORM_Unmarshalu(TPMI_RH_PLATFORM *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PROVISION_Unmarshalu(TPMI_RH_PROVISION *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_CLEAR_Unmarshalu(TPMI_RH_CLEAR *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_AUTH_Unmarshalu(TPMI_RH_NV_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_LOCKOUT_Unmarshalu(TPMI_RH_LOCKOUT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_INDEX_Unmarshalu(TPMI_RH_NV_INDEX *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_HASH_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_Unmarshalu(TPMI_ALG_SYM *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_MODE_Unmarshalu(TPMI_ALG_SYM_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KDF_Unmarshalu(TPMI_ALG_KDF *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMS_EMPTY_Unmarshalu(TPMS_EMPTY *target, BYTE **buffer, uint32_t *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMU_HA_Unmarshalu(TPMU_HA *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_HA_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_DIGEST_Unmarshalu(TPM2B_DIGEST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_DATA_Unmarshalu(TPM2B_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NONCE_Unmarshalu(TPM2B_NONCE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_AUTH_Unmarshalu(TPM2B_AUTH *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_OPERAND_Unmarshalu(TPM2B_OPERAND *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_EVENT_Unmarshalu(TPM2B_EVENT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_BUFFER_Unmarshalu(TPM2B_MAX_BUFFER *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_TIMEOUT_Unmarshalu(TPM2B_TIMEOUT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_IV_Unmarshalu(TPM2B_IV *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NAME_Unmarshalu(TPM2B_NAME *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_PCR_SELECTION_Unmarshalu(TPMS_PCR_SELECTION *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_CREATION_Unmarshalu(TPMT_TK_CREATION *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_VERIFIED_Unmarshalu(TPMT_TK_VERIFIED *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_AUTH_Unmarshalu(TPMT_TK_AUTH *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_HASHCHECK_Unmarshalu(TPMT_TK_HASHCHECK *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ALG_PROPERTY_Unmarshalu(TPMS_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_CC_Unmarshalu(TPML_CC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_POLICY_Unmarshalu(TPMS_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_CCA_Unmarshalu(TPML_CCA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_Unmarshalu(TPML_ALG *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_HANDLE_Unmarshalu(TPML_HANDLE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_Unmarshalu(TPML_DIGEST *target, BYTE **buffer, uint32_t *size ,uint32_t minCount); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_VALUES_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_PCR_SELECTION_Unmarshalu(TPML_PCR_SELECTION *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_PROPERTY_Unmarshalu(TPML_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ECC_CURVE_Unmarshalu(TPML_ECC_CURVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_POLICY_Unmarshalu(TPML_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_CAPABILITIES_Unmarshalu(TPMU_CAPABILITIES *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_CLOCK_INFO_Unmarshalu(TPMS_CLOCK_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_INFO_Unmarshalu(TPMS_TIME_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CERTIFY_INFO_Unmarshalu(TPMS_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_QUOTE_INFO_Unmarshalu(TPMS_QUOTE_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_INFO_Unmarshalu(TPMS_CREATION_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(TPMS_NV_DIGEST_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_ATTEST_Unmarshalu(TPMI_ST_ATTEST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_ATTEST_Unmarshalu(TPMU_ATTEST *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_ATTEST_Unmarshalu(TPMS_ATTEST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ATTEST_Unmarshalu(TPM2B_ATTEST *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CAPABILITY_DATA_Unmarshalu(TPMS_CAPABILITY_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_AUTH_RESPONSE_Unmarshalu(TPMS_AUTH_RESPONSE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_AES_KEY_BITS_Unmarshalu(TPMI_AES_KEY_BITS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_KEY_BITS_Unmarshalu(TPMU_SYM_KEY_BITS *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_MODE_Unmarshalu(TPMU_SYM_MODE *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_Unmarshalu(TPMT_SYM_DEF *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_SYM_KEY_Unmarshalu(TPM2B_SYM_KEY *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_LABEL_Unmarshalu(TPM2B_LABEL *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HASH_Unmarshalu(TPMS_SCHEME_HASH *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_ECDAA_Unmarshalu(TPMS_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size) ; + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HMAC_Unmarshalu(TPMS_SCHEME_HMAC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_XOR_Unmarshalu(TPMS_SCHEME_XOR *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIG_SCHEME_Unmarshalu(TPMU_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIG_SCHEME_Unmarshalu(TPMT_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, uint32_t *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF2_Unmarshalu(TPMS_SCHEME_KDF2 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_MGF1_Unmarshalu(TPMS_SCHEME_MGF1 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_KDF_SCHEME_Unmarshalu(TPMU_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KDF_SCHEME_Unmarshalu(TPMT_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMU_ASYM_SCHEME_Unmarshalu(TPMU_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_ASYM_SCHEME_Unmarshalu(TPMT_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_SCHEME_Unmarshalu(TPMT_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_DECRYPT_Unmarshalu(TPMT_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RSA_KEY_BITS_Unmarshalu(TPMI_RSA_KEY_BITS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_PARAMETER_Unmarshalu(TPM2B_ECC_PARAMETER *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_POINT_Unmarshalu(TPMS_ECC_POINT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_CURVE_Unmarshalu(TPMI_ECC_CURVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_ECC_SCHEME_Unmarshalu(TPMT_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSA_Unmarshalu(TPMS_SIGNATURE_RSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECC_Unmarshalu(TPMS_SIGNATURE_ECC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_SM2_Unmarshalu(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIGNATURE_Unmarshalu(TPMU_SIGNATURE *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIGNATURE_Unmarshalu(TPMT_SIGNATURE *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_PUBLIC_Unmarshalu(TPMI_ALG_PUBLIC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_ID_Unmarshalu(TPMU_PUBLIC_ID *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ASYM_PARMS_Unmarshalu(TPMS_ASYM_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_RSA_PARMS_Unmarshalu(TPMS_RSA_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_PARMS_Unmarshalu(TPMS_ECC_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_PARMS_Unmarshalu(TPMU_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_PARMS_Unmarshalu(TPMT_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_Unmarshalu(TPMT_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull); + LIB_EXPORT TPM_RC + TSS_TPM2B_TEMPLATE_Unmarshalu(TPM2B_TEMPLATE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, uint32_t *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SENSITIVE_Unmarshalu(TPMT_SENSITIVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_Unmarshalu(TPM2B_SENSITIVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_Unmarshalu(TPM2B_PRIVATE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ID_OBJECT_Unmarshalu(TPM2B_ID_OBJECT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_NV_Unmarshalu(TPMA_NV *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_PUBLIC_Unmarshalu(TPMS_NV_PUBLIC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CONTEXT_DATA_Unmarshalu(TPMS_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_DATA_Unmarshalu(TPM2B_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CONTEXT_Unmarshalu(TPMS_CONTEXT *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_DATA_Unmarshalu(TPMS_CREATION_DATA *target, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CREATION_DATA_Unmarshalu(TPM2B_CREATION_DATA *target, BYTE **buffer, uint32_t *size); + + /* These functions are deprecated. They were adapted from the TPM side, but the signed size + caused static analysis tool warnings. */ + + TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); + TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); + TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); + TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); + TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); + TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); + TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size); + TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); + TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd); + TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_TAGGED_POLICY_Unmarshal(TPMS_TAGGED_POLICY *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size,uint32_t minCount); + TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) ; + TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size); + TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); + TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull); + TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector); + TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); + TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); + TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size); + TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unseal_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unseal_fp.h new file mode 100644 index 000000000000..87c720ec7079 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/Unseal_fp.h @@ -0,0 +1,83 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: Unseal_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef UNSEAL_FP_H +#define UNSEAL_FP_H + +typedef struct { + TPMI_DH_OBJECT itemHandle; +} Unseal_In; + +#define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) + +typedef struct { + TPM2B_SENSITIVE_DATA outData; +} Unseal_Out; + +TPM_RC +TPM2_Unseal( + Unseal_In *in, + Unseal_Out *out + ); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/VerifySignature_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/VerifySignature_fp.h new file mode 100644 index 000000000000..19f36a2b5b81 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/VerifySignature_fp.h @@ -0,0 +1,88 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: VerifySignature_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef VERIFYSIGNATURE_FP_H +#define VERIFYSIGNATURE_FP_H + +typedef struct { + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIGNATURE signature; +} VerifySignature_In; + +#define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) +#define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) +#define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPMT_TK_VERIFIED validation; +} VerifySignature_Out; + +TPM_RC +TPM2_VerifySignature( + VerifySignature_In *in, // IN: input parameter list + VerifySignature_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/ZGen_2Phase_fp.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ZGen_2Phase_fp.h new file mode 100644 index 000000000000..efbf082f8461 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/ZGen_2Phase_fp.h @@ -0,0 +1,93 @@ +/********************************************************************************/ +/* */ +/* */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ZGen_2Phase_fp.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2012-2015 */ +/* */ +/********************************************************************************/ + +/* rev 119 */ + +#ifndef ZGEN_2PHASE_FP_H +#define ZGEN_2PHASE_FP_H + +typedef struct { + TPMI_DH_OBJECT keyA; + TPM2B_ECC_POINT inQsB; + TPM2B_ECC_POINT inQeB; + TPMI_ECC_KEY_EXCHANGE inScheme; + UINT16 counter; +} ZGen_2Phase_In; + +#define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) +#define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) +#define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) +#define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) +#define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) + +typedef struct { + TPM2B_ECC_POINT outZ1; + TPM2B_ECC_POINT outZ2; +} ZGen_2Phase_Out; + +TPM_RC +TPM2_ZGen_2Phase( + ZGen_2Phase_In *in, // IN: input parameter list + ZGen_2Phase_Out *out // OUT: output parameter list + ); + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmconstants12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmconstants12.h new file mode 100644 index 000000000000..55574badc2df --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmconstants12.h @@ -0,0 +1,1721 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Constants */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2006, 2010. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TPMCONSTANTS12_H +#define TPMCONSTANTS12_H + +#include + +/* + NOTE implementation Specific +*/ + +/* + version, revision, specLevel, errataRev +*/ + +/* current for released specification revision 103 */ + +#define TPM_REVISION_MAX 9999 +#ifndef TPM_REVISION +#define TPM_REVISION TPM_REVISION_MAX +#endif + +// #if (TPM_REVISION >= 116) + +// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */ +// #define TPM_ERRATA_REV 0x03 /* specification errata level */ + +// #elif (TPM_REVISION >= 103) + +// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */ +// #define TPM_ERRATA_REV 0x02 /* specification errata level */ + +// #elif (TPM_REVISION >= 94) + +// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */ +// #define TPM_ERRATA_REV 0x01 /* specification errata level */ + +// #elif (TPM_REVISION >= 85) + +// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */ +// #define TPM_ERRATA_REV 0x00 /* specification errata level */ + +// #else + +// #define TPM_SPEC_LEVEL 0x0001 /* uint16_t The level of ordinals supported */ +// #define TPM_ERRATA_REV 0x00 /* specification errata level */ + +// #endif + +/* IBM specific */ + +#if 0 /* at one time vendorID was the PCI vendor ID, this is the IBM code */ +#define TPM_VENDOR_ID "\x00\x00\x10\x14" /* BYTE[4], the vendor ID, obtained from the TCG, + typically PCI vendor ID */ +#endif + + +#ifdef TPM_VENDOR + +#define TPM_VENDOR_ID "WEC" /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER + return the same value */ +#define TPM_MANUFACTURER "WEC" /* 4 characters, assigned by TCG, typically stock ticker symbol */ + +#else + +#define TPM_VENDOR_ID "IBM" /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER + return the same value */ +#define TPM_MANUFACTURER "IBM" /* 4 characters, assigned by TCG, typically stock ticker symbol */ + +#endif + +/* Timeouts in microseconds. These are for the platform specific interface (e.g. the LPC bus + registers in the PC Client TPM). They are most likely not applicable to a software TPM. */ +#define TPM_TIMEOUT_A 1000000 +#define TPM_TIMEOUT_B 1000000 +#define TPM_TIMEOUT_C 1000000 +#define TPM_TIMEOUT_D 1000000 + +/* dictionary attack mitigation */ + +#define TPM_LOCKOUT_THRESHOLD 5 /* successive failures to trigger lockout, must be greater + than 0 */ + +/* Denotes the duration value in microseconds of the duration of the three classes of commands: + Small, Medium and Long. The command types are in the Part 2 Ordinal Table. Essentially: + + Long - creating an RSA key pair + Medium - using an RSA key + Short - anything else +*/ + +#ifndef TPM_SMALL_DURATION +#define TPM_SMALL_DURATION 2000000 +#endif + +#ifndef TPM_MEDIUM_DURATION +#define TPM_MEDIUM_DURATION 5000000 +#endif + +#ifndef TPM_LONG_DURATION +#define TPM_LONG_DURATION 60000000 +#endif + +/* startup effects */ + +#define TPM_STARTUP_EFFECTS_VALUE \ +(TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY | /* key resources init by TPM_Startup(ST_ANY) */ \ + TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH | /* hash resources are init by TPM_Startup(ST_STATE) */ \ + TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST) /* auditDigest nulled on TPM_Startup(ST_CLEAR) */ + +/* + TPM buffer limits +*/ + +/* This value is used to limit memory allocation to prevent resource overload. */ + +#ifndef TPM_ALLOC_MAX +#define TPM_ALLOC_MAX 0x10000 /* 64k bytes */ +#endif + +/* This is the increment by which the TPM_STORE_BUFFER grows. A larger number saves realloc's. A + smaller number saves memory. + + TPM_ALLOC_MAX must be a multiple of this value. +*/ + +#define TPM_STORE_BUFFER_INCREMENT (TPM_ALLOC_MAX / 64) + +/* This is the maximum value of the TPM input and output packet buffer. It should be large enough + to accommodate the largest TPM command or response, currently about 1200 bytes. It should be + small enough to accommodate whatever software is driving the TPM. + + NOTE: Some commands are somewhat open ended, and related to this parmater. E.g., The input size + for the TPM_SHA1Init. The output size for TPM_GetRandom. + + It is returned by TPM_GetCapability -> TPM_CAP_PROP_INPUT_BUFFER +*/ + +#ifndef TPM_BUFFER_MAX +#define TPM_BUFFER_MAX 0x1000 /* 4k bytes */ +#endif + +/* Random number generator */ + +/* maximum bytes in one TPM_GetRandom() call + + Use maximum input buffer size minus tag, paramSize, returnCode, randomBytesSize. +*/ + +#define TPM_RANDOM_MAX (TPM_BUFFER_MAX \ + - sizeof(TPM_TAG) - sizeof(uint32_t) \ + - sizeof(TPM_RESULT) - sizeof(uint32_t)) + +/* Maximum number of bytes that can be sent to TPM_SHA1Update. Must be a multiple of 64 bytes. + + Use maximum input buffer size minus tag, paramSize, ordinal, numBytes. +*/ + +#define TPM_SHA1_MAXNUMBYTES (TPM_BUFFER_MAX - 64) + +/* extra audit status bits for TSC commands outside the normal ordinal range */ +#define TSC_PHYS_PRES_AUDIT 0x01 +#define TSC_RESET_ESTAB_AUDIT 0x02 + +#ifdef TPM_VTPM +/* ordinals for virtual TPM instance handling */ +/* NOTE must be contiguous, see TPM_PERMANENT_DATA -> instanceOrdinalAuditStatus */ +#define TPM_InstanceOrdinals_Start1 0x20000000 +#define TPM_InstanceOrdinals_End1 0x20000020 +#define TPM_InstanceOrdinals_Start2 0x20000020 +#define TPM_InstanceOrdinals_End2 0x20000040 + +#define TPM_ORD_CreateInstance 0x20000001 +#define TPM_ORD_DeleteInstance 0x20000002 +#define TPM_ORD_LockInstance 0x20000003 +#define TPM_ORD_GetInstanceData 0x20000004 +#define TPM_ORD_SetInstanceData 0x20000005 +#define TPM_ORD_GetInstanceKey 0x20000009 +#define TPM_ORD_SetInstanceKey 0x2000000a +#define TPM_ORD_TransportInstance 0x2000000b +#define TPM_ORD_SetupInstance 0x2000000c +#define TPM_ORD_UnlockInstance 0x2000000e +#define TPM_ORD_ReportEnvironment 0x2000000f +#define TPM_ORD_QuotePubEK 0x20000010 + +/* actionMask for TPM_SetupInstance (bit mask) */ + +#define TPM_INSTANCE_ACTIVATE 0x00000001 +#define TPM_INSTANCE_ENABLE 0x00000002 +#define TPM_INSTANCE_STARTUP 0x00000004 +#define TPM_INSTANCE_INIT 0x00000008 + +#define TPM_INSTANCE_ACTION_MASK 0xfffffff0 /* ~ OR of all above bits */ + +/* creationMask for TPM_CreateInstance (bit mask) */ + +#define TPM_INSTANCE_PRIVILEGED 0x00000001 +#define TPM_INSTANCE_NO_MIGRATE 0x00000002 +#define TPM_INSTANCE_CREATION_MASK 0xfffffffc /* ~ OR of all above bits */ + +/* TPM_CAP_MFR capabilities */ + +#define TPM_CAP_PROP_MAX_INSTANCES 0x00000001 +#define TPM_CAP_INSTANCE_HANDLE 0x00000002 +#define TPM_CAP_INSTANCE_PARENT 0x00000003 +#define TPM_CAP_INSTANCE_CHILDREN 0x00000004 +#define TPM_CAP_CREATION_MASK 0x00000005 +#define TPM_CAP_SETUP_PCRLIST 0x00000006 +#define TPM_CAP_NUMBER_PCR_MEAS 0x00000008 +#define TPM_CAP_PCR_MEASUREMENTS 0x00000009 +#define TPM_CAP_PCR_SELECTIONS 0x0000000a + +/* TPM_SET_VENDOR Subcap */ + +#define TPM_SETCAP_LOG_PCR_SELECTION 0x00000001 +#define TPM_SETCAP_SUBSCRIBE_PCR_SELECTION 0x00000002 +#define TPM_SETCAP_LOG_LOG_LENGTH_MAX 0x00000003 + +/* VTPM Structure Tags */ + +#define TPM_TAG_LOG_ENTRIES 0x8003 + +#endif /* TPM_VTPM */ + +/* TPM_CAP_MFR capabilities */ +#define TPM_CAP_PROCESS_ID 0x00000020 + +#ifdef TPM_VENDOR + +#define WEC_ORD_PreConfig 0x2000000e +#define WEC_ORD_LockPreConfig 0x2000000f +#define WEC_ORD_GetTPMStatus 0x20000021 + +#endif /* TPM_VENDOR */ + +/* define a value for an illegal instance handle */ + +#define TPM_ILLEGAL_INSTANCE_HANDLE 0xffffffff + +/* + NOTE End Implementation Specific +*/ + +/* 3. Structure Tags rev 105 + + There have been some indications that knowing what structure is in use would be valuable + information in each structure. This new tag will be in each new structure that the TPM defines. + + The upper nibble of the value designates the purview of the structure tag. 0 is used for TPM + structures, 1 for platforms, and 2-F are reserved. +*/ + +/* 3.1 TPM_STRUCTURE_TAG */ + +/* Structure */ +#define TPM_TAG_CONTEXTBLOB 0x0001 /* TPM_CONTEXT_BLOB */ +#define TPM_TAG_CONTEXT_SENSITIVE 0x0002 /* TPM_CONTEXT_SENSITIVE */ +#define TPM_TAG_CONTEXTPOINTER 0x0003 /* TPM_CONTEXT_POINTER */ +#define TPM_TAG_CONTEXTLIST 0x0004 /* TPM_CONTEXT_LIST */ +#define TPM_TAG_SIGNINFO 0x0005 /* TPM_SIGN_INFO */ +#define TPM_TAG_PCR_INFO_LONG 0x0006 /* TPM_PCR_INFO_LONG */ +#define TPM_TAG_PERSISTENT_FLAGS 0x0007 /* TPM_PERSISTENT_FLAGS (deprecated 1.1 struct) */ +#define TPM_TAG_VOLATILE_FLAGS 0x0008 /* TPM_VOLATILE_FLAGS (deprecated 1.1 struct) */ +#define TPM_TAG_PERSISTENT_DATA 0x0009 /* TPM_PERSISTENT_DATA (deprecated 1.1 struct) */ +#define TPM_TAG_VOLATILE_DATA 0x000A /* TPM_VOLATILE_DATA (deprecated 1.1 struct) */ +#define TPM_TAG_SV_DATA 0x000B /* TPM_SV_DATA */ +#define TPM_TAG_EK_BLOB 0x000C /* TPM_EK_BLOB */ +#define TPM_TAG_EK_BLOB_AUTH 0x000D /* TPM_EK_BLOB_AUTH */ +#define TPM_TAG_COUNTER_VALUE 0x000E /* TPM_COUNTER_VALUE */ +#define TPM_TAG_TRANSPORT_INTERNAL 0x000F /* TPM_TRANSPORT_INTERNAL */ +#define TPM_TAG_TRANSPORT_LOG_IN 0x0010 /* TPM_TRANSPORT_LOG_IN */ +#define TPM_TAG_TRANSPORT_LOG_OUT 0x0011 /* TPM_TRANSPORT_LOG_OUT */ +#define TPM_TAG_AUDIT_EVENT_IN 0x0012 /* TPM_AUDIT_EVENT_IN */ +#define TPM_TAG_AUDIT_EVENT_OUT 0X0013 /* TPM_AUDIT_EVENT_OUT */ +#define TPM_TAG_CURRENT_TICKS 0x0014 /* TPM_CURRENT_TICKS */ +#define TPM_TAG_KEY 0x0015 /* TPM_KEY */ +#define TPM_TAG_STORED_DATA12 0x0016 /* TPM_STORED_DATA12 */ +#define TPM_TAG_NV_ATTRIBUTES 0x0017 /* TPM_NV_ATTRIBUTES */ +#define TPM_TAG_NV_DATA_PUBLIC 0x0018 /* TPM_NV_DATA_PUBLIC */ +#define TPM_TAG_NV_DATA_SENSITIVE 0x0019 /* TPM_NV_DATA_SENSITIVE */ +#define TPM_TAG_DELEGATIONS 0x001A /* TPM DELEGATIONS */ +#define TPM_TAG_DELEGATE_PUBLIC 0x001B /* TPM_DELEGATE_PUBLIC */ +#define TPM_TAG_DELEGATE_TABLE_ROW 0x001C /* TPM_DELEGATE_TABLE_ROW */ +#define TPM_TAG_TRANSPORT_AUTH 0x001D /* TPM_TRANSPORT_AUTH */ +#define TPM_TAG_TRANSPORT_PUBLIC 0X001E /* TPM_TRANSPORT_PUBLIC */ +#define TPM_TAG_PERMANENT_FLAGS 0X001F /* TPM_PERMANENT_FLAGS */ +#define TPM_TAG_STCLEAR_FLAGS 0X0020 /* TPM_STCLEAR_FLAGS */ +#define TPM_TAG_STANY_FLAGS 0X0021 /* TPM_STANY_FLAGS */ +#define TPM_TAG_PERMANENT_DATA 0X0022 /* TPM_PERMANENT_DATA */ +#define TPM_TAG_STCLEAR_DATA 0X0023 /* TPM_STCLEAR_DATA */ +#define TPM_TAG_STANY_DATA 0X0024 /* TPM_STANY_DATA */ +#define TPM_TAG_FAMILY_TABLE_ENTRY 0X0025 /* TPM_FAMILY_TABLE_ENTRY */ +#define TPM_TAG_DELEGATE_SENSITIVE 0X0026 /* TPM_DELEGATE_SENSITIVE */ +#define TPM_TAG_DELG_KEY_BLOB 0X0027 /* TPM_DELG_KEY_BLOB */ +#define TPM_TAG_KEY12 0x0028 /* TPM_KEY12 */ +#define TPM_TAG_CERTIFY_INFO2 0X0029 /* TPM_CERTIFY_INFO2 */ +#define TPM_TAG_DELEGATE_OWNER_BLOB 0X002A /* TPM_DELEGATE_OWNER_BLOB */ +#define TPM_TAG_EK_BLOB_ACTIVATE 0X002B /* TPM_EK_BLOB_ACTIVATE */ +#define TPM_TAG_DAA_BLOB 0X002C /* TPM_DAA_BLOB */ +#define TPM_TAG_DAA_CONTEXT 0X002D /* TPM_DAA_CONTEXT */ +#define TPM_TAG_DAA_ENFORCE 0X002E /* TPM_DAA_ENFORCE */ +#define TPM_TAG_DAA_ISSUER 0X002F /* TPM_DAA_ISSUER */ +#define TPM_TAG_CAP_VERSION_INFO 0X0030 /* TPM_CAP_VERSION_INFO */ +#define TPM_TAG_DAA_SENSITIVE 0X0031 /* TPM_DAA_SENSITIVE */ +#define TPM_TAG_DAA_TPM 0X0032 /* TPM_DAA_TPM */ +#define TPM_TAG_CMK_MIGAUTH 0X0033 /* TPM_CMK_MIGAUTH */ +#define TPM_TAG_CMK_SIGTICKET 0X0034 /* TPM_CMK_SIGTICKET */ +#define TPM_TAG_CMK_MA_APPROVAL 0X0035 /* TPM_CMK_MA_APPROVAL */ +#define TPM_TAG_QUOTE_INFO2 0X0036 /* TPM_QUOTE_INFO2 */ +#define TPM_TAG_DA_INFO 0x0037 /* TPM_DA_INFO */ +#define TPM_TAG_DA_INFO_LIMITED 0x0038 /* TPM_DA_INFO_LIMITED */ +#define TPM_TAG_DA_ACTION_TYPE 0x0039 /* TPM_DA_ACTION_TYPE */ + +/* + SW TPM Tags +*/ + +/* + These tags are used to describe the format of serialized TPM non-volatile state +*/ + +/* These describe the overall format */ + +/* V1 state is the sequence permanent data, permanent flags, owner evict keys, NV defined space */ + +#define TPM_TAG_NVSTATE_V1 0x0001 /* svn revision 4078 */ + +/* These tags describe the TPM_PERMANENT_DATA format */ + +/* For the first release, use the standard TPM_TAG_PERMANENT_DATA tag. Since this tag is never + visible outside the TPM, the tag value can be changed if the format changes. +*/ + +/* These tags describe the TPM_PERMANENT_FLAGS format */ + +/* The TPM_PERMANENT_FLAGS structure changed from rev 94 to 103. Unfortunately, the standard TPM + tag did not change. Define distinguishing values here. +*/ + +#define TPM_TAG_NVSTATE_PF94 0x0001 +#define TPM_TAG_NVSTATE_PF103 0x0002 + +/* This tag describes the owner evict key format */ + +#define TPM_TAG_NVSTATE_OE_V1 0x0001 + +/* This tag describes the NV defined space format */ + +#define TPM_TAG_NVSTATE_NV_V1 0x0001 + +/* V2 added the NV public optimization */ + +#define TPM_TAG_NVSTATE_NV_V2 0x0002 + +/* + These tags are used to describe the format of serialized TPM volatile state +*/ + +/* These describe the overall format */ + +/* V1 state is the sequence TPM Parameters, TPM_STCLEAR_FLAGS, TPM_STANY_FLAGS, TPM_STCLEAR_DATA, + TPM_STANY_DATA, TPM_KEY_HANDLE_ENTRY, SHA1 context(s), TPM_TRANSHANDLE, testState, NV volatile + flags */ + +#define TPM_TAG_VSTATE_V1 0x0001 + +/* This tag defines the TPM Parameters format */ + +#define TPM_TAG_TPM_PARAMETERS_V1 0x0001 + +/* This tag defines the TPM_STCLEAR_FLAGS format */ + +/* V1 is the TCG standard returned by the getcap. It's unlikely that this will change */ + +#define TPM_TAG_STCLEAR_FLAGS_V1 0x0001 + +/* These tags describe the TPM_STANY_FLAGS format */ + +/* For the first release, use the standard TPM_TAG_STANY_FLAGS tag. Since this tag is never visible + outside the TPM, the tag value can be changed if the format changes. +*/ + +/* This tag defines the TPM_STCLEAR_DATA format */ + +/* V2 deleted the ordinalResponse, responseCount */ + +#define TPM_TAG_STCLEAR_DATA_V2 0X0024 + +/* These tags describe the TPM_STANY_DATA format */ + +/* For the first release, use the standard TPM_TAG_STANY_DATA tag. Since this tag is never visible + outside the TPM, the tag value can be changed if the format changes. +*/ + +/* This tag defines the key handle entries format */ + +#define TPM_TAG_KEY_HANDLE_ENTRIES_V1 0x0001 + +/* This tag defines the SHA-1 context format */ + +#define TPM_TAG_SHA1CONTEXT_OSSL_V1 0x0001 /* for openssl */ + +#define TPM_TAG_SHA1CONTEXT_FREEBL_V1 0x0101 /* for freebl */ + +/* This tag defines the NV index entries volatile format */ + +#define TPM_TAG_NV_INDEX_ENTRIES_VOLATILE_V1 0x0001 + +/* 4. Types + */ + +/* 4.1 TPM_RESOURCE_TYPE rev 87 */ + +#define TPM_RT_KEY 0x00000001 /* The handle is a key handle and is the result of a LoadKey + type operation */ + +#define TPM_RT_AUTH 0x00000002 /* The handle is an authorization handle. Auth handles come from + TPM_OIAP, TPM_OSAP and TPM_DSAP */ + +#define TPM_RT_HASH 0X00000003 /* Reserved for hashes */ + +#define TPM_RT_TRANS 0x00000004 /* The handle is for a transport session. Transport handles come + from TPM_EstablishTransport */ + +#define TPM_RT_CONTEXT 0x00000005 /* Resource wrapped and held outside the TPM using the context + save/restore commands */ + +#define TPM_RT_COUNTER 0x00000006 /* Reserved for counters */ + +#define TPM_RT_DELEGATE 0x00000007 /* The handle is for a delegate row. These are the internal rows + held in NV storage by the TPM */ + +#define TPM_RT_DAA_TPM 0x00000008 /* The value is a DAA TPM specific blob */ + +#define TPM_RT_DAA_V0 0x00000009 /* The value is a DAA V0 parameter */ + +#define TPM_RT_DAA_V1 0x0000000A /* The value is a DAA V1 parameter */ + +/* 4.2 TPM_PAYLOAD_TYPE rev 87 + + This structure specifies the type of payload in various messages. +*/ + +#define TPM_PT_ASYM 0x01 /* The entity is an asymmetric key */ +#define TPM_PT_BIND 0x02 /* The entity is bound data */ +#define TPM_PT_MIGRATE 0x03 /* The entity is a migration blob */ +#define TPM_PT_MAINT 0x04 /* The entity is a maintenance blob */ +#define TPM_PT_SEAL 0x05 /* The entity is sealed data */ +#define TPM_PT_MIGRATE_RESTRICTED 0x06 /* The entity is a restricted-migration asymmetric key */ +#define TPM_PT_MIGRATE_EXTERNAL 0x07 /* The entity is a external migratable key */ +#define TPM_PT_CMK_MIGRATE 0x08 /* The entity is a CMK migratable blob */ +/* 0x09 - 0x7F Reserved for future use by TPM */ +/* 0x80 - 0xFF Vendor specific payloads */ + +/* 4.3 TPM_ENTITY_TYPE rev 100 + + This specifies the types of entity that are supported by the TPM. + + The LSB is used to indicate the entity type. The MSB is used to indicate the ADIP + encryption scheme when applicable. + + For compatibility with TPM 1.1, this mapping is maintained: + + 0x0001 specifies a keyHandle entity with XOR encryption + 0x0002 specifies an owner entity with XOR encryption + 0x0003 specifies some data entity with XOR encryption + 0x0004 specifies the SRK entity with XOR encryption + 0x0005 specifies a key entity with XOR encryption + + When the entity is not being used for ADIP encryption, the MSB MUST be 0x00. +*/ + +/* TPM_ENTITY_TYPE LSB Values (entity type) */ + +#define TPM_ET_KEYHANDLE 0x01 /* The entity is a keyHandle or key */ +#define TPM_ET_OWNER 0x02 /*0x40000001 The entity is the TPM Owner */ +#define TPM_ET_DATA 0x03 /* The entity is some data */ +#define TPM_ET_SRK 0x04 /*0x40000000 The entity is the SRK */ +#define TPM_ET_KEY 0x05 /* The entity is a key or keyHandle */ +#define TPM_ET_REVOKE 0x06 /*0x40000002 The entity is the RevokeTrust value */ +#define TPM_ET_DEL_OWNER_BLOB 0x07 /* The entity is a delegate owner blob */ +#define TPM_ET_DEL_ROW 0x08 /* The entity is a delegate row */ +#define TPM_ET_DEL_KEY_BLOB 0x09 /* The entity is a delegate key blob */ +#define TPM_ET_COUNTER 0x0A /* The entity is a counter */ +#define TPM_ET_NV 0x0B /* The entity is a NV index */ +#define TPM_ET_OPERATOR 0x0C /* The entity is the operator */ +#define TPM_ET_RESERVED_HANDLE 0x40 /* Reserved. This value avoids collisions with the handle + MSB setting.*/ + +/* TPM_ENTITY_TYPE MSB Values (ADIP encryption scheme) */ + +#define TPM_ET_XOR 0x00 /* XOR */ +#define TPM_ET_AES128_CTR 0x06 /* AES 128 bits in CTR mode */ + +/* 4.4 Handles rev 88 + + Handles provides pointers to TPM internal resources. Handles should provide the ability to locate + a value without collision. + + 1. The TPM MAY order and set a handle to any value the TPM determines is appropriate + + 2. The handle value SHALL provide assurance that collisions SHOULD not occur in 2^24 handles + + 4.4.1 Reserved Key Handles + + The reserved key handles. These values specify specific keys or specific actions for the TPM. +*/ + +/* 4.4.1 Reserved Key Handles rev 87 + + The reserved key handles. These values specify specific keys or specific actions for the TPM. + + TPM_KH_TRANSPORT indicates to TPM_EstablishTransport that there is no encryption key, and that + the "secret" wrapped parameters are actually passed unencrypted. +*/ + +#define TPM_KH_SRK 0x40000000 /* The handle points to the SRK */ +#define TPM_KH_OWNER 0x40000001 /* The handle points to the TPM Owner */ +#define TPM_KH_REVOKE 0x40000002 /* The handle points to the RevokeTrust value */ +#define TPM_KH_TRANSPORT 0x40000003 /* The handle points to the TPM_EstablishTransport static + authorization */ +#define TPM_KH_OPERATOR 0x40000004 /* The handle points to the Operator auth */ +#define TPM_KH_ADMIN 0x40000005 /* The handle points to the delegation administration + auth */ +#define TPM_KH_EK 0x40000006 /* The handle points to the PUBEK, only usable with + TPM_OwnerReadInternalPub */ + +/* 4.5 TPM_STARTUP_TYPE rev 87 + + To specify what type of startup is occurring. +*/ + +#define TPM_ST_CLEAR 0x0001 /* The TPM is starting up from a clean state */ +#define TPM_ST_STATE 0x0002 /* The TPM is starting up from a saved state */ +#define TPM_ST_DEACTIVATED 0x0003 /* The TPM is to startup and set the deactivated flag to + TRUE */ + +/* 4.6 TPM_STARTUP_EFFECTS rev 101 + + This structure lists for the various resources and sessions on a TPM the affect that TPM_Startup + has on the values. + + There are three ST_STATE options for keys (restore all, restore non-volatile, or restore none) + and two ST_CLEAR options (restore non-volatile or restore none). As bit 4 was insufficient to + describe the possibilities, it is deprecated. Software should use TPM_CAP_KEY_HANDLE to + determine which keys are loaded after TPM_Startup. + + 31-9 No information and MUST be FALSE + + 8 TPM_RT_DAA_TPM resources are initialized by TPM_Startup(ST_STATE) + 7 TPM_Startup has no effect on auditDigest + 6 auditDigest is set to all zeros on TPM_Startup(ST_CLEAR) but not on other types of TPM_Startup + 5 auditDigest is set to all zeros on TPM_Startup(any) + 4 TPM_RT_KEY Deprecated, as the meaning was subject to interpretation. (Was:TPM_RT_KEY resources + are initialized by TPM_Startup(ST_ANY)) + 3 TPM_RT_AUTH resources are initialized by TPM_Startup(ST_STATE) + 2 TPM_RT_HASH resources are initialized by TPM_Startup(ST_STATE) + 1 TPM_RT_TRANS resources are initialized by TPM_Startup(ST_STATE) + 0 TPM_RT_CONTEXT session (but not key) resources are initialized by TPM_Startup(ST_STATE) +*/ + + +#define TPM_STARTUP_EFFECTS_ST_STATE_RT_DAA 0x00000100 /* bit 8 */ +#define TPM_STARTUP_EFFECTS_STARTUP_NO_AUDITDIGEST 0x00000080 /* bit 7 */ +#define TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST 0x00000040 /* bit 6 */ +#define TPM_STARTUP_EFFECTS_STARTUP_AUDITDIGEST 0x00000020 /* bit 5 */ +#define TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY 0x00000010 /* bit 4 */ +#define TPM_STARTUP_EFFECTS_ST_STATE_RT_AUTH 0x00000008 /* bit 3 */ +#define TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH 0x00000004 /* bit 2 */ +#define TPM_STARTUP_EFFECTS_ST_STATE_RT_TRANS 0x00000002 /* bit 1 */ +#define TPM_STARTUP_EFFECTS_ST_STATE_RT_CONTEXT 0x00000001 /* bit 0 */ + +/* 4.7 TPM_PROTOCOL_ID rev 87 + + This value identifies the protocol in use. +*/ + +#define TPM_PID_NONE 0x0000 /* kgold - added */ +#define TPM_PID_OIAP 0x0001 /* The OIAP protocol. */ +#define TPM_PID_OSAP 0x0002 /* The OSAP protocol. */ +#define TPM_PID_ADIP 0x0003 /* The ADIP protocol. */ +#define TPM_PID_ADCP 0X0004 /* The ADCP protocol. */ +#define TPM_PID_OWNER 0X0005 /* The protocol for taking ownership of a TPM. */ +#define TPM_PID_DSAP 0x0006 /* The DSAP protocol */ +#define TPM_PID_TRANSPORT 0x0007 /*The transport protocol */ + +/* 4.8 TPM_ALGORITHM_ID rev 99 + + This table defines the types of algorithms that may be supported by the TPM. + + The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC, and TPM_ALG_MGF1 +*/ + +//#define TPM_ALG_RSA 0x00000001 /* The RSA algorithm. */ +/* #define TPM_ALG_DES 0x00000002 (was the DES algorithm) */ +/* #define TPM_ALG_3DES 0X00000003 (was the 3DES algorithm in EDE mode) */ +#define TPM_ALG_SHA 0x00000004 /* The SHA1 algorithm */ +//#define TPM_ALG_HMAC 0x00000005 /* The RFC 2104 HMAC algorithm */ +#define TPM_ALG_AES128 0x00000006 /* The AES algorithm, key size 128 */ +//#define TPM_ALG_MGF1 0x00000007 /* The XOR algorithm using MGF1 to create a string the size +//of the encrypted block */ +#define TPM_ALG_AES192 0x00000008 /* AES, key size 192 */ +#define TPM_ALG_AES256 0x00000009 /* AES, key size 256 */ +//#define TPM_ALG_XOR 0x0000000A /* XOR using the rolling nonces */ + +/* 4.9 TPM_PHYSICAL_PRESENCE rev 87 + +*/ + +#define TPM_PHYSICAL_PRESENCE_HW_DISABLE 0x0200 /* Sets the physicalPresenceHWEnable to FALSE + */ +#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE 0x0100 /* Sets the physicalPresenceCMDEnable to + FALSE */ +#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK 0x0080 /* Sets the physicalPresenceLifetimeLock to + TRUE */ +#define TPM_PHYSICAL_PRESENCE_HW_ENABLE 0x0040 /* Sets the physicalPresenceHWEnable to TRUE + */ +#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020 /* Sets the physicalPresenceCMDEnable to TRUE + */ +#define TPM_PHYSICAL_PRESENCE_NOTPRESENT 0x0010 /* Sets PhysicalPresence = FALSE */ +#define TPM_PHYSICAL_PRESENCE_PRESENT 0x0008 /* Sets PhysicalPresence = TRUE */ +#define TPM_PHYSICAL_PRESENCE_LOCK 0x0004 /* Sets PhysicalPresenceLock = TRUE */ + +#define TPM_PHYSICAL_PRESENCE_MASK 0xfc03 /* ~ OR of all above bits */ + +/* 4.10 TPM_MIGRATE_SCHEME rev 103 + + The scheme indicates how the StartMigrate command should handle the migration of the encrypted + blob. +*/ + +#define TPM_MS_MIGRATE 0x0001 /* A public key that can be used with all TPM + migration commands other than 'ReWrap' mode. */ +#define TPM_MS_REWRAP 0x0002 /* A public key that can be used for the ReWrap mode + of TPM_CreateMigrationBlob. */ +#define TPM_MS_MAINT 0x0003 /* A public key that can be used for the Maintenance + commands */ +#define TPM_MS_RESTRICT_MIGRATE 0x0004 /* The key is to be migrated to a Migration + Authority. */ +#define TPM_MS_RESTRICT_APPROVE 0x0005 /* The key is to be migrated to an entity approved by + a Migration Authority using double wrapping */ + +/* 4.11 TPM_EK_TYPE rev 87 + + This structure indicates what type of information that the EK is dealing with. +*/ + +#define TPM_EK_TYPE_ACTIVATE 0x0001 /* The blob MUST be TPM_EK_BLOB_ACTIVATE */ +#define TPM_EK_TYPE_AUTH 0x0002 /* The blob MUST be TPM_EK_BLOB_AUTH */ + +/* 4.12 TPM_PLATFORM_SPECIFIC rev 87 + + This enumerated type indicates the platform specific spec that the information relates to. +*/ + +#define TPM_PS_PC_11 0x0001 /* PC Specific version 1.1 */ +#define TPM_PS_PC_12 0x0002 /* PC Specific version 1.2 */ +#define TPM_PS_PDA_12 0x0003 /* PDA Specific version 1.2 */ +#define TPM_PS_Server_12 0x0004 /* Server Specific version 1.2 */ +#define TPM_PS_Mobile_12 0x0005 /* Mobil Specific version 1.2 */ + +/* 5.8 TPM_KEY_USAGE rev 101 + + This table defines the types of keys that are possible. Each value defines for what operation + the key can be used. Most key usages can be CMKs. See 4.2, TPM_PAYLOAD_TYPE. + + Each key has a setting defining the encryption and signature scheme to use. The selection of a + key usage value limits the choices of encryption and signature schemes. +*/ + +#define TPM_KEY_UNINITIALIZED 0x0000 /* NOTE: Added. This seems like a good place to indicate + that a TPM_KEY structure has not been initialized */ + +#define TPM_KEY_SIGNING 0x0010 /* This SHALL indicate a signing key. The [private] key + SHALL be used for signing operations, only. This means + that it MUST be a leaf of the Protected Storage key + hierarchy. */ + +#define TPM_KEY_STORAGE 0x0011 /* This SHALL indicate a storage key. The key SHALL be used + to wrap and unwrap other keys in the Protected Storage + hierarchy */ + +#define TPM_KEY_IDENTITY 0x0012 /* This SHALL indicate an identity key. The key SHALL be + used for operations that require a TPM identity, only. */ + +#define TPM_KEY_AUTHCHANGE 0X0013 /* This SHALL indicate an ephemeral key that is in use + during the ChangeAuthAsym process, only. */ + +#define TPM_KEY_BIND 0x0014 /* This SHALL indicate a key that can be used for TPM_Bind + and TPM_Unbind operations only. */ + +#define TPM_KEY_LEGACY 0x0015 /* This SHALL indicate a key that can perform signing and + binding operations. The key MAY be used for both signing + and binding operations. The TPM_KEY_LEGACY key type is to + allow for use by applications where both signing and + encryption operations occur with the same key. */ + +#define TPM_KEY_MIGRATE 0x0016 /* This SHALL indicate a key in use for TPM_MigrateKey */ + +/* 5.8.1 TPM_ENC_SCHEME Mandatory Key Usage Schemes rev 99 + + The TPM MUST check that the encryption scheme defined for use with the key is a valid scheme for + the key type, as follows: +*/ + +#define TPM_ES_NONE 0x0001 +#define TPM_ES_RSAESPKCSv15 0x0002 +#define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003 +#define TPM_ES_SYM_CTR 0x0004 +#define TPM_ES_SYM_OFB 0x0005 + +/* 5.8.1 TPM_SIG_SCHEME Mandatory Key Usage Schemes rev 99 + + The TPM MUST check that the signature scheme defined for use with the key is a valid scheme for + the key type, as follows: +*/ + +#define TPM_SS_NONE 0x0001 +#define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002 +#define TPM_SS_RSASSAPKCS1v15_DER 0x0003 +#define TPM_SS_RSASSAPKCS1v15_INFO 0x0004 + +/* 5.9 TPM_AUTH_DATA_USAGE rev 110 + + The indication to the TPM when authorization sessions for an entity are required. Future + versions may allow for more complex decisions regarding AuthData checking. +*/ + +#define TPM_AUTH_NEVER 0x00 /* This SHALL indicate that usage of the key without + authorization is permitted. */ + +#define TPM_AUTH_ALWAYS 0x01 /* This SHALL indicate that on each usage of the key the + authorization MUST be performed. */ + +#define TPM_NO_READ_PUBKEY_AUTH 0x03 /* This SHALL indicate that on commands that require the TPM to + use the the key, the authorization MUST be performed. For + commands that cause the TPM to read the public portion of the + key, but not to use the key (e.g. TPM_GetPubKey), the + authorization may be omitted. */ + +/* 5.10 TPM_KEY_FLAGS rev 110 + + This table defines the meanings of the bits in a TPM_KEY_FLAGS structure, used in + TPM_STORE_ASYMKEY and TPM_CERTIFY_INFO. + + The value of TPM_KEY_FLAGS MUST be decomposed into individual mask values. The presence of a mask + value SHALL have the effect described in the above table + + On input, all undefined bits MUST be zero. The TPM MUST return an error if any undefined bit is + set. On output, the TPM MUST set all undefined bits to zero. +*/ + +#define TPM_KEY_FLAGS_MASK 0x0000001f + +#define TPM_REDIRECTION 0x00000001 /* This mask value SHALL indicate the use of redirected + output. */ + +#define TPM_MIGRATABLE 0x00000002 /* This mask value SHALL indicate that the key is + migratable. */ + +#define TPM_ISVOLATILE 0x00000004 /* This mask value SHALL indicate that the key MUST be + unloaded upon execution of the + TPM_Startup(ST_Clear). This does not indicate that a + non-volatile key will remain loaded across + TPM_Startup(ST_Clear) events. */ + +#define TPM_PCRIGNOREDONREAD 0x00000008 /* When TRUE the TPM MUST NOT check digestAtRelease or + localityAtRelease for commands that read the public + portion of the key (e.g., TPM_GetPubKey) and MAY NOT + check digestAtRelease or localityAtRelease for + commands that use the public portion of the key + (e.g. TPM_Seal) + + When FALSE the TPM MUST check digestAtRelease and + localityAtRelease for commands that read or use the + public portion of the key */ + +#define TPM_MIGRATEAUTHORITY 0x00000010 /* When set indicates that the key is under control of a + migration authority. The TPM MUST only allow the + creation of a key with this flag in + TPM_MA_CreateKey */ + +/* 5.17 TPM_CMK_DELEGATE values rev 89 + + The bits of TPM_CMK_DELEGATE are flags that determine how the TPM responds to delegated requests + to manipulate a certified-migration-key, a loaded key with payload type TPM_PT_MIGRATE_RESTRICTED + or TPM_PT_MIGRATE_EXTERNAL.. + + 26:0 reserved MUST be 0 + + The default value of TPM_CMK_Delegate is zero (0) +*/ + +#define TPM_CMK_DELEGATE_SIGNING 0x80000000 /* When set to 1, this bit SHALL indicate that a + delegated command may manipulate a CMK of + TPM_KEY_USAGE == TPM_KEY_SIGNING */ +#define TPM_CMK_DELEGATE_STORAGE 0x40000000 /* When set to 1, this bit SHALL indicate that a + delegated command may manipulate a CMK of + TPM_KEY_USAGE == TPM_KEY_STORAGE */ +#define TPM_CMK_DELEGATE_BIND 0x20000000 /* When set to 1, this bit SHALL indicate that a + delegated command may manipulate a CMK of + TPM_KEY_USAGE == TPM_KEY_BIND */ +#define TPM_CMK_DELEGATE_LEGACY 0x10000000 /* When set to 1, this bit SHALL indicate that a + delegated command may manipulate a CMK of + TPM_KEY_USAGE == TPM_KEY_LEGACY */ +#define TPM_CMK_DELEGATE_MIGRATE 0x08000000 /* When set to 1, this bit SHALL indicate that a + delegated command may manipulate a CMK of + TPM_KEY_USAGE == TPM_KEY_MIGRATE */ + +/* 6. TPM_TAG (Command and Response Tags) rev 100 + + These tags indicate to the TPM the construction of the command either as input or as output. The + AUTH indicates that there are one or more AuthData values that follow the command + parameters. +*/ + +#define TPM_TAG_RQU_COMMAND 0x00C1 /* A command with no authentication. */ +#define TPM_TAG_RQU_AUTH1_COMMAND 0x00C2 /* An authenticated command with one authentication + handle */ +#define TPM_TAG_RQU_AUTH2_COMMAND 0x00C3 /* An authenticated command with two authentication + handles */ +#define TPM_TAG_RSP_COMMAND 0x00C4 /* A response from a command with no authentication + */ +#define TPM_TAG_RSP_AUTH1_COMMAND 0x00C5 /* An authenticated response with one authentication + handle */ +#define TPM_TAG_RSP_AUTH2_COMMAND 0x00C6 /* An authenticated response with two authentication + handles */ + +/* TIS 7.2 PCR Attributes + +*/ + +#define TPM_DEBUG_PCR 16 +#define TPM_LOCALITY_4_PCR 17 +#define TPM_LOCALITY_3_PCR 18 +#define TPM_LOCALITY_2_PCR 19 +#define TPM_LOCALITY_1_PCR 20 + +/* 10.9 TPM_KEY_CONTROL rev 87 + + Attributes that can control various aspects of key usage and manipulation. + + Allows for controlling of the key when loaded and how to handle TPM_Startup issues. +*/ + +#define TPM_KEY_CONTROL_OWNER_EVICT 0x00000001 /* Owner controls when the key is evicted + from the TPM. When set the TPM MUST + preserve key the key across all TPM_Init + invocations. */ + +/* 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions */ + +#define TPM_TRANSPORT_ENCRYPT 0x00000001 /* The session will provide encryption using + the internal encryption algorithm */ +#define TPM_TRANSPORT_LOG 0x00000002 /* The session will provide a log of all + operations that occur in the session */ +#define TPM_TRANSPORT_EXCLUSIVE 0X00000004 /* The transport session is exclusive and + any command executed outside the + transport session causes the invalidation + of the session */ + +/* 21.1 TPM_CAPABILITY_AREA rev 115 + + To identify a capability to be queried. +*/ + +#define TPM_CAP_ORD 0x00000001 /* Boolean value. TRUE indicates that the TPM supports + the ordinal. FALSE indicates that the TPM does not + support the ordinal. Unimplemented optional ordinals + and unused (unassigned) ordinals return FALSE. */ +#define TPM_CAP_ALG 0x00000002 /* Boolean value. TRUE means that the TPM supports the + asymmetric algorithm for TPM_Sign, TPM_Seal, + TPM_UnSeal and TPM_UnBind and related commands. FALSE + indicates that the asymmetric algorithm is not + supported for these types of commands. The TPM MAY + return TRUE or FALSE for other than asymmetric + algoroithms that it supports. Unassigned and + unsupported algorithm IDs return FALSE.*/ + +#define TPM_CAP_PID 0x00000003 /* Boolean value. TRUE indicates that the TPM supports + the protocol, FALSE indicates that the TPM does not + support the protocol. */ +#define TPM_CAP_FLAG 0x00000004 /* Return the TPM_PERMANENT_FLAGS structure or Return the + TPM_STCLEAR_FLAGS structure */ +#define TPM_CAP_PROPERTY 0x00000005 /* See following table for the subcaps */ +#define TPM_CAP_VERSION 0x00000006 /* TPM_STRUCT_VER structure. The Major and Minor must + indicate 1.1. The firmware revision MUST indicate + 0.0 */ +#define TPM_CAP_KEY_HANDLE 0x00000007 /* A TPM_KEY_HANDLE_LIST structure that enumerates all + key handles loaded on the TPM. */ +#define TPM_CAP_CHECK_LOADED 0x00000008 /* A Boolean value. TRUE indicates that the TPM has + enough memory available to load a key of the type + specified by TPM_KEY_PARMS. FALSE indicates that the + TPM does not have enough memory. */ +#define TPM_CAP_SYM_MODE 0x00000009 /* Subcap TPM_SYM_MODE + A Boolean value. TRUE indicates that the TPM supports + the TPM_SYM_MODE, FALSE indicates the TPM does not + support the mode. */ +#define TPM_CAP_KEY_STATUS 0x0000000C /* Boolean value of ownerEvict. The handle MUST point to + a valid key handle.*/ +#define TPM_CAP_NV_LIST 0x0000000D /* A list of TPM_NV_INDEX values that are currently + allocated NV storage through TPM_NV_DefineSpace. */ +#define TPM_CAP_MFR 0x00000010 /* Manufacturer specific. The manufacturer may provide + any additional information regarding the TPM and the + TPM state but MUST not expose any sensitive + information. */ +#define TPM_CAP_NV_INDEX 0x00000011 /* A TPM_NV_DATA_PUBLIC structure that indicates the + values for the TPM_NV_INDEX. Returns TPM_BADINDEX if + the index is not in the TPM_CAP_NV_LIST list. */ +#define TPM_CAP_TRANS_ALG 0x00000012 /* Boolean value. TRUE means that the TPM supports the + algorithm for TPM_EstablishTransport, + TPM_ExecuteTransport and + TPM_ReleaseTransportSigned. FALSE indicates that for + these three commands the algorithm is not supported." + */ +#define TPM_CAP_HANDLE 0x00000014 /* A TPM_KEY_HANDLE_LIST structure that enumerates all + handles currently loaded in the TPM for the given + resource type. */ +#define TPM_CAP_TRANS_ES 0x00000015 /* Boolean value. TRUE means the TPM supports the + encryption scheme in a transport session for at least + one algorithm.. */ +#define TPM_CAP_AUTH_ENCRYPT 0x00000017 /* Boolean value. TRUE indicates that the TPM supports + the encryption algorithm in OSAP encryption of + AuthData values */ +#define TPM_CAP_SELECT_SIZE 0x00000018 /* Boolean value. TRUE indicates that the TPM supports + the size for the given version. For instance a request + could ask for version 1.1 size 2 and the TPM would + indicate TRUE. For 1.1 size 3 the TPM would indicate + FALSE. For 1.2 size 3 the TPM would indicate TRUE. */ +#define TPM_CAP_DA_LOGIC 0x00000019 /* (OPTIONAL) + A TPM_DA_INFO or TPM_DA_INFO_LIMITED structure that + returns data according to the selected entity type + (e.g., TPM_ET_KEYHANDLE, TPM_ET_OWNER, TPM_ET_SRK, + TPM_ET_COUNTER, TPM_ET_OPERATOR, etc.). If the + implemented dictionary attack logic does not support + different secret types, the entity type can be + ignored. */ +#define TPM_CAP_VERSION_VAL 0x0000001A /* TPM_CAP_VERSION_INFO structure. The TPM fills in the + structure and returns the information indicating what + the TPM currently supports. */ + +#define TPM_CAP_FLAG_PERMANENT 0x00000108 /* Return the TPM_PERMANENT_FLAGS structure */ +#define TPM_CAP_FLAG_VOLATILE 0x00000109 /* Return the TPM_STCLEAR_FLAGS structure */ + +/* 21.2 CAP_PROPERTY Subcap values for CAP_PROPERTY rev 105 + + The TPM_CAP_PROPERTY capability has numerous subcap values. The definition for all subcap values + occurs in this table. + + TPM_CAP_PROP_MANUFACTURER returns a vendor ID unique to each manufacturer. The same value is + returned as the TPM_CAP_VERSION_INFO -> tpmVendorID. A company abbreviation such as a null + terminated stock ticker is a typical choice. However, there is no requirement that the value + contain printable characters. The document "TCG Vendor Naming" lists the vendor ID values. + + TPM_CAP_PROP_MAX_xxxSESS is a constant. At TPM_Startup(ST_CLEAR) TPM_CAP_PROP_xxxSESS == + TPM_CAP_PROP_MAX_xxxSESS. As sessions are created on the TPM, TPM_CAP_PROP_xxxSESS decreases + toward zero. As sessions are terminated, TPM_CAP_PROP_xxxSESS increases toward + TPM_CAP_PROP_MAX_xxxSESS. + + There is a similar relationship between the constants TPM_CAP_PROP_MAX_COUNTERS and + TPM_CAP_PROP_MAX_CONTEXT and the varying TPM_CAP_PROP_COUNTERS and TPM_CAP_PROP_CONTEXT. + + In one typical implementation where authorization and transport sessions reside in separate + pools, TPM_CAP_PROP_SESSIONS will be the sum of TPM_CAP_PROP_AUTHSESS and TPM_CAP_PROP_TRANSESS. + In another typical implementation where authorization and transport sessions share the same pool, + TPM_CAP_PROP_SESSIONS, TPM_CAP_PROP_AUTHSESS, and TPM_CAP_PROP_TRANSESS will all be equal. +*/ + +#define TPM_CAP_PROP_PCR 0x00000101 /* uint32_t value. Returns the number of PCR + registers supported by the TPM */ +#define TPM_CAP_PROP_DIR 0x00000102 /* uint32_t. Deprecated. Returns the number of + DIR, which is now fixed at 1 */ +#define TPM_CAP_PROP_MANUFACTURER 0x00000103 /* uint32_t value. Returns the vendor ID + unique to each TPM manufacturer. */ +#define TPM_CAP_PROP_KEYS 0x00000104 /* uint32_t value. Returns the number of 2048- + bit RSA keys that can be loaded. This may + vary with time and circumstances. */ +#define TPM_CAP_PROP_MIN_COUNTER 0x00000107 /* uint32_t. The minimum amount of time in + 10ths of a second that must pass between + invocations of incrementing the monotonic + counter. */ +#define TPM_CAP_PROP_AUTHSESS 0x0000010A /* uint32_t. The number of available + authorization sessions. This may vary with + time and circumstances. */ +#define TPM_CAP_PROP_TRANSESS 0x0000010B /* uint32_t. The number of available transport + sessions. This may vary with time and + circumstances. */ +#define TPM_CAP_PROP_COUNTERS 0x0000010C /* uint32_t. The number of available monotonic + counters. This may vary with time and + circumstances. */ +#define TPM_CAP_PROP_MAX_AUTHSESS 0x0000010D /* uint32_t. The maximum number of loaded + authorization sessions the TPM supports */ +#define TPM_CAP_PROP_MAX_TRANSESS 0x0000010E /* uint32_t. The maximum number of loaded + transport sessions the TPM supports. */ +#define TPM_CAP_PROP_MAX_COUNTERS 0x0000010F /* uint32_t. The maximum number of monotonic + counters under control of TPM_CreateCounter + */ +#define TPM_CAP_PROP_MAX_KEYS 0x00000110 /* uint32_t. The maximum number of 2048 RSA + keys that the TPM can support. The number + does not include the EK or SRK. */ +#define TPM_CAP_PROP_OWNER 0x00000111 /* BOOL. A value of TRUE indicates that the + TPM has successfully installed an owner. */ +#define TPM_CAP_PROP_CONTEXT 0x00000112 /* uint32_t. The number of available saved + session slots. This may vary with time and + circumstances. */ +#define TPM_CAP_PROP_MAX_CONTEXT 0x00000113 /* uint32_t. The maximum number of saved + session slots. */ +#define TPM_CAP_PROP_FAMILYROWS 0x00000114 /* uint32_t. The maximum number of rows in the + family table */ +#define TPM_CAP_PROP_TIS_TIMEOUT 0x00000115 /* A 4 element array of uint32_t values each + denoting the timeout value in microseconds + for the following in this order: + + TIMEOUT_A, TIMEOUT_B, TIMEOUT_C, TIMEOUT_D + + Where these timeouts are to be used is + determined by the platform specific TPM + Interface Specification. */ +#define TPM_CAP_PROP_STARTUP_EFFECT 0x00000116 /* The TPM_STARTUP_EFFECTS structure */ +#define TPM_CAP_PROP_DELEGATE_ROW 0x00000117 /* uint32_t. The maximum size of the delegate + table in rows. */ +#define TPM_CAP_PROP_MAX_DAASESS 0x00000119 /* uint32_t. The maximum number of loaded DAA + sessions (join or sign) that the TPM + supports */ +#define TPM_CAP_PROP_DAASESS 0x0000011A /* uint32_t. The number of available DAA + sessions. This may vary with time and + circumstances */ +#define TPM_CAP_PROP_CONTEXT_DIST 0x0000011B /* uint32_t. The maximum distance between + context count values. This MUST be at least + 2^16-1. */ +#define TPM_CAP_PROP_DAA_INTERRUPT 0x0000011C /* BOOL. A value of TRUE indicates that the + TPM will accept ANY command while executing + a DAA Join or Sign. + + A value of FALSE indicates that the TPM + will invalidate the DAA Join or Sign upon + the receipt of any command other than the + next join/sign in the session or a + TPM_SaveContext */ +#define TPM_CAP_PROP_SESSIONS 0X0000011D /* uint32_t. The number of available sessions + from the pool. This MAY vary with time and + circumstances. Pool sessions include + authorization and transport sessions. */ +#define TPM_CAP_PROP_MAX_SESSIONS 0x0000011E /* uint32_t. The maximum number of sessions + the TPM supports. */ +#define TPM_CAP_PROP_CMK_RESTRICTION 0x0000011F /* uint32_t TPM_Permanent_Data -> + restrictDelegate + */ +#define TPM_CAP_PROP_DURATION 0x00000120 /* A 3 element array of uint32_t values each + denoting the duration value in microseconds + of the duration of the three classes of + commands: Small, Medium and Long in the + following in this order: SMALL_DURATION, + MEDIUM_DURATION, LONG_DURATION */ +#define TPM_CAP_PROP_ACTIVE_COUNTER 0x00000122 /* TPM_COUNT_ID. The id of the current + counter. 0xff..ff if no counter is active + */ +#define TPM_CAP_PROP_MAX_NV_AVAILABLE 0x00000123 /*uint32_t. Deprecated. The maximum number + of NV space that can be allocated, MAY + vary with time and circumstances. This + capability was not implemented + consistently, and is replaced by + TPM_NV_INDEX_TRIAL. */ +#define TPM_CAP_PROP_INPUT_BUFFER 0x00000124 /* uint32_t. The maximum size of the TPM + input buffer or output buffer in + bytes. */ + +/* 21.4 Set_Capability Values rev 107 + */ + +#define TPM_SET_PERM_FLAGS 0x00000001 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_PERM_DATA 0x00000002 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_STCLEAR_FLAGS 0x00000003 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_STCLEAR_DATA 0x00000004 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_STANY_FLAGS 0x00000005 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_STANY_DATA 0x00000006 /* The ability to set a value is field specific and + a review of the structure will disclose the + ability and requirements to set a value */ +#define TPM_SET_VENDOR 0x00000007 /* This area allows the vendor to set specific areas + in the TPM according to the normal shielded + location requirements */ + +/* Set Capability sub caps */ + +/* TPM_PERMANENT_FLAGS */ + +#define TPM_PF_DISABLE 1 +#define TPM_PF_OWNERSHIP 2 +#define TPM_PF_DEACTIVATED 3 +#define TPM_PF_READPUBEK 4 +#define TPM_PF_DISABLEOWNERCLEAR 5 +#define TPM_PF_ALLOWMAINTENANCE 6 +#define TPM_PF_PHYSICALPRESENCELIFETIMELOCK 7 +#define TPM_PF_PHYSICALPRESENCEHWENABLE 8 +#define TPM_PF_PHYSICALPRESENCECMDENABLE 9 +#define TPM_PF_CEKPUSED 10 +#define TPM_PF_TPMPOST 11 +#define TPM_PF_TPMPOSTLOCK 12 +#define TPM_PF_FIPS 13 +#define TPM_PF_OPERATOR 14 +#define TPM_PF_ENABLEREVOKEEK 15 +#define TPM_PF_NV_LOCKED 16 +#define TPM_PF_READSRKPUB 17 +#define TPM_PF_TPMESTABLISHED 18 +#define TPM_PF_MAINTENANCEDONE 19 +#define TPM_PF_DISABLEFULLDALOGICINFO 20 + +/* TPM_STCLEAR_FLAGS */ + +#define TPM_SF_DEACTIVATED 1 +#define TPM_SF_DISABLEFORCECLEAR 2 +#define TPM_SF_PHYSICALPRESENCE 3 +#define TPM_SF_PHYSICALPRESENCELOCK 4 +#define TPM_SF_BGLOBALLOCK 5 + +/* TPM_STANY_FLAGS */ + +#define TPM_AF_POSTINITIALISE 1 +#define TPM_AF_LOCALITYMODIFIER 2 +#define TPM_AF_TRANSPORTEXCLUSIVE 3 +#define TPM_AF_TOSPRESENT 4 + +/* TPM_PERMANENT_DATA */ + +#define TPM_PD_REVMAJOR 1 +#define TPM_PD_REVMINOR 2 +#define TPM_PD_TPMPROOF 3 +#define TPM_PD_OWNERAUTH 4 +#define TPM_PD_OPERATORAUTH 5 +#define TPM_PD_MANUMAINTPUB 6 +#define TPM_PD_ENDORSEMENTKEY 7 +#define TPM_PD_SRK 8 +#define TPM_PD_DELEGATEKEY 9 +#define TPM_PD_CONTEXTKEY 10 +#define TPM_PD_AUDITMONOTONICCOUNTER 11 +#define TPM_PD_MONOTONICCOUNTER 12 +#define TPM_PD_PCRATTRIB 13 +#define TPM_PD_ORDINALAUDITSTATUS 14 +#define TPM_PD_AUTHDIR 15 +#define TPM_PD_RNGSTATE 16 +#define TPM_PD_FAMILYTABLE 17 +#define TPM_DELEGATETABLE 18 +#define TPM_PD_EKRESET 19 +#define TPM_PD_LASTFAMILYID 21 +#define TPM_PD_NOOWNERNVWRITE 22 +#define TPM_PD_RESTRICTDELEGATE 23 +#define TPM_PD_TPMDAASEED 24 +#define TPM_PD_DAAPROOF 25 + +/* TPM_STCLEAR_DATA */ + +#define TPM_SD_CONTEXTNONCEKEY 1 +#define TPM_SD_COUNTID 2 +#define TPM_SD_OWNERREFERENCE 3 +#define TPM_SD_DISABLERESETLOCK 4 +#define TPM_SD_PCR 5 +#define TPM_SD_DEFERREDPHYSICALPRESENCE 6 + +/* TPM_STCLEAR_DATA -> deferredPhysicalPresence bits */ + +#define TPM_DPP_UNOWNED_FIELD_UPGRADE 0x00000001 /* bit 0 TPM_FieldUpgrade */ + +/* TPM_STANY_DATA */ + +#define TPM_AD_CONTEXTNONCESESSION 1 +#define TPM_AD_AUDITDIGEST 2 +#define TPM_AD_CURRENTTICKS 3 +#define TPM_AD_CONTEXTCOUNT 4 +#define TPM_AD_CONTEXTLIST 5 +#define TPM_AD_SESSIONS 6 + +/* 17. Ordinals rev 110 + + Ordinals are 32 bit values of type TPM_COMMAND_CODE. The upper byte contains values that serve + as flag indicators, the next byte contains values indicating what committee designated the + ordinal, and the final two bytes contain the Command Ordinal Index. + + 3 2 1 + 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |P|C|V| Reserved| Purview | Command Ordinal Index | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Where: + + P is Protected/Unprotected command. When 0 the command is a Protected command, when 1 the + command is an Unprotected command. + + C is Non-Connection/Connection related command. When 0 this command passes through to either the + protected (TPM) or unprotected (TSS) components. + + V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the command is vendor + defined. + + All reserved area bits are set to 0. +*/ + +/* The following masks are created to allow for the quick definition of the commands */ + +#define TPM_PROTECTED_COMMAND 0x00000000 /* TPM protected command, specified in main specification + */ +#define TPM_UNPROTECTED_COMMAND 0x80000000 /* TSS command, specified in the TSS specification */ +#define TPM_CONNECTION_COMMAND 0x40000000 /* TSC command, protected connection commands are + specified in the main specification Unprotected + connection commands are specified in the TSS */ +#define TPM_VENDOR_COMMAND 0x20000000 /* Command that is vendor specific for a given TPM or + TSS. */ + + +/* The following Purviews have been defined: */ + +#define TPM_MAIN 0x00 /* Command is from the main specification */ +#define TPM_PC 0x01 /* Command is specific to the PC */ +#define TPM_PDA 0x02 /* Command is specific to a PDA */ +#define TPM_CELL_PHONE 0x03 /* Command is specific to a cell phone */ +#define TPM_SERVER 0x04 /* Command is specific to servers */ +#define TPM_PERIPHERAL 0x05 /* Command is specific to peripherals */ +//#define TPM_TSS 0x06 /* Command is specific to TSS */ + +/* Combinations for the main specification would be: */ + +#define TPM_PROTECTED_ORDINAL (TPM_PROTECTED_COMMAND | TPM_MAIN) +#define TPM_UNPROTECTED_ORDINAL (TPM_UNPROTECTED_COMMAND | TPM_MAIN) +#define TPM_CONNECTION_ORDINAL (TPM_CONNECTION_COMMAND | TPM_MAIN) + +/* Command ordinals */ + +#define TPM_ORD_ActivateIdentity 0x0000007A +#define TPM_ORD_AuthorizeMigrationKey 0x0000002B +#define TPM_ORD_CertifyKey 0x00000032 +#define TPM_ORD_CertifyKey2 0x00000033 +#define TPM_ORD_CertifySelfTest 0x00000052 +#define TPM_ORD_ChangeAuth 0x0000000C +#define TPM_ORD_ChangeAuthAsymFinish 0x0000000F +#define TPM_ORD_ChangeAuthAsymStart 0x0000000E +#define TPM_ORD_ChangeAuthOwner 0x00000010 +#define TPM_ORD_CMK_ApproveMA 0x0000001D +#define TPM_ORD_CMK_ConvertMigration 0x00000024 +#define TPM_ORD_CMK_CreateBlob 0x0000001B +#define TPM_ORD_CMK_CreateKey 0x00000013 +#define TPM_ORD_CMK_CreateTicket 0x00000012 +#define TPM_ORD_CMK_SetRestrictions 0x0000001C +#define TPM_ORD_ContinueSelfTest 0x00000053 +#define TPM_ORD_ConvertMigrationBlob 0x0000002A +#define TPM_ORD_CreateCounter 0x000000DC +#define TPM_ORD_CreateEndorsementKeyPair 0x00000078 +#define TPM_ORD_CreateMaintenanceArchive 0x0000002C +#define TPM_ORD_CreateMigrationBlob 0x00000028 +#define TPM_ORD_CreateRevocableEK 0x0000007F +#define TPM_ORD_CreateWrapKey 0x0000001F +#define TPM_ORD_DAA_Join 0x00000029 +#define TPM_ORD_DAA_Sign 0x00000031 +#define TPM_ORD_Delegate_CreateKeyDelegation 0x000000D4 +#define TPM_ORD_Delegate_CreateOwnerDelegation 0x000000D5 +#define TPM_ORD_Delegate_LoadOwnerDelegation 0x000000D8 +#define TPM_ORD_Delegate_Manage 0x000000D2 +#define TPM_ORD_Delegate_ReadTable 0x000000DB +#define TPM_ORD_Delegate_UpdateVerification 0x000000D1 +#define TPM_ORD_Delegate_VerifyDelegation 0x000000D6 +#define TPM_ORD_DirRead 0x0000001A +#define TPM_ORD_DirWriteAuth 0x00000019 +#define TPM_ORD_DisableForceClear 0x0000005E +#define TPM_ORD_DisableOwnerClear 0x0000005C +#define TPM_ORD_DisablePubekRead 0x0000007E +#define TPM_ORD_DSAP 0x00000011 +#define TPM_ORD_EstablishTransport 0x000000E6 +#define TPM_ORD_EvictKey 0x00000022 +#define TPM_ORD_ExecuteTransport 0x000000E7 +#define TPM_ORD_Extend 0x00000014 +#define TPM_ORD_FieldUpgrade 0x000000AA +#define TPM_ORD_FlushSpecific 0x000000BA +#define TPM_ORD_ForceClear 0x0000005D +#define TPM_ORD_GetAuditDigest 0x00000085 +#define TPM_ORD_GetAuditDigestSigned 0x00000086 +#define TPM_ORD_GetAuditEvent 0x00000082 +#define TPM_ORD_GetAuditEventSigned 0x00000083 +#define TPM_ORD_GetCapability 0x00000065 +#define TPM_ORD_GetCapabilityOwner 0x00000066 +#define TPM_ORD_GetCapabilitySigned 0x00000064 +#define TPM_ORD_GetOrdinalAuditStatus 0x0000008C +#define TPM_ORD_GetPubKey 0x00000021 +#define TPM_ORD_GetRandom 0x00000046 +#define TPM_ORD_GetTestResult 0x00000054 +#define TPM_ORD_GetTicks 0x000000F1 +#define TPM_ORD_IncrementCounter 0x000000DD +#define TPM_ORD_Init 0x00000097 +#define TPM_ORD_KeyControlOwner 0x00000023 +#define TPM_ORD_KillMaintenanceFeature 0x0000002E +#define TPM_ORD_LoadAuthContext 0x000000B7 +#define TPM_ORD_LoadContext 0x000000B9 +#define TPM_ORD_LoadKey 0x00000020 +#define TPM_ORD_LoadKey2 0x00000041 +#define TPM_ORD_LoadKeyContext 0x000000B5 +#define TPM_ORD_LoadMaintenanceArchive 0x0000002D +#define TPM_ORD_LoadManuMaintPub 0x0000002F +#define TPM_ORD_MakeIdentity 0x00000079 +#define TPM_ORD_MigrateKey 0x00000025 +#define TPM_ORD_NV_DefineSpace 0x000000CC +#define TPM_ORD_NV_ReadValue 0x000000CF +#define TPM_ORD_NV_ReadValueAuth 0x000000D0 +#define TPM_ORD_NV_WriteValue 0x000000CD +#define TPM_ORD_NV_WriteValueAuth 0x000000CE +#define TPM_ORD_OIAP 0x0000000A +#define TPM_ORD_OSAP 0x0000000B +#define TPM_ORD_OwnerClear 0x0000005B +#define TPM_ORD_OwnerReadInternalPub 0x00000081 +#define TPM_ORD_OwnerReadPubek 0x0000007D +#define TPM_ORD_OwnerSetDisable 0x0000006E +#define TPM_ORD_PCR_Reset 0x000000C8 +#define TPM_ORD_PcrRead 0x00000015 +#define TPM_ORD_PhysicalDisable 0x00000070 +#define TPM_ORD_PhysicalEnable 0x0000006F +#define TPM_ORD_PhysicalSetDeactivated 0x00000072 +#define TPM_ORD_Quote 0x00000016 +#define TPM_ORD_Quote2 0x0000003E +#define TPM_ORD_ReadCounter 0x000000DE +#define TPM_ORD_ReadManuMaintPub 0x00000030 +#define TPM_ORD_ReadPubek 0x0000007C +#define TPM_ORD_ReleaseCounter 0x000000DF +#define TPM_ORD_ReleaseCounterOwner 0x000000E0 +#define TPM_ORD_ReleaseTransportSigned 0x000000E8 +#define TPM_ORD_Reset 0x0000005A +#define TPM_ORD_ResetLockValue 0x00000040 +#define TPM_ORD_RevokeTrust 0x00000080 +#define TPM_ORD_SaveAuthContext 0x000000B6 +#define TPM_ORD_SaveContext 0x000000B8 +#define TPM_ORD_SaveKeyContext 0x000000B4 +#define TPM_ORD_SaveState 0x00000098 +#define TPM_ORD_Seal 0x00000017 +#define TPM_ORD_Sealx 0x0000003D +#define TPM_ORD_SelfTestFull 0x00000050 +#define TPM_ORD_SetCapability 0x0000003F +#define TPM_ORD_SetOperatorAuth 0x00000074 +#define TPM_ORD_SetOrdinalAuditStatus 0x0000008D +#define TPM_ORD_SetOwnerInstall 0x00000071 +#define TPM_ORD_SetOwnerPointer 0x00000075 +#define TPM_ORD_SetRedirection 0x0000009A +#define TPM_ORD_SetTempDeactivated 0x00000073 +#define TPM_ORD_SHA1Complete 0x000000A2 +#define TPM_ORD_SHA1CompleteExtend 0x000000A3 +#define TPM_ORD_SHA1Start 0x000000A0 +#define TPM_ORD_SHA1Update 0x000000A1 +#define TPM_ORD_Sign 0x0000003C +#define TPM_ORD_Startup 0x00000099 +#define TPM_ORD_StirRandom 0x00000047 +#define TPM_ORD_TakeOwnership 0x0000000D +#define TPM_ORD_Terminate_Handle 0x00000096 +#define TPM_ORD_TickStampBlob 0x000000F2 +#define TPM_ORD_UnBind 0x0000001E +#define TPM_ORD_Unseal 0x00000018 + +#define TSC_ORD_PhysicalPresence 0x4000000A +#define TSC_ORD_ResetEstablishmentBit 0x4000000B + +/* 19. NV storage structures */ + +/* 19.1 TPM_NV_INDEX rev 110 + + The index provides the handle to identify the area of storage. The reserved bits allow for a + segregation of the index name space to avoid name collisions. + + The TPM may check the resvd bits for zero. Thus, applications should set the bits to zero. + + The TCG defines the space where the high order bits (T, P, U) are 0. The other spaces are + controlled by the indicated entity. + + T is the TPM manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates a TPM + manufacturer specific value. + + P is the platform manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates that + the index is controlled by the platform manufacturer. + + U is for the platform user. 0 indicates a TCG defined value. 1 indicates that the index is + controlled by the platform user. + + The TPM_NV_INDEX is a 32-bit value. + 3 2 1 + 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|P|U|D| resvd | Purview | Index | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Where: + + 1. The TPM MAY return an error if the reserved area bits are not set to 0. + + 2. The TPM MUST accept all values for T, P, and U + + 3. D indicates defined. 1 indicates that the index is permanently defined and that any + TPM_NV_DefineSpace operation will fail after nvLocked is set TRUE. + + a. TCG reserved areas MAY have D set to 0 or 1 + + 4. Purview is the value used to indicate the platform specific area. This value is the + same as used for command ordinals. + + a. The TPM MUST reject purview values that the TPM cannot support. This means that an + index value for a PDA MUST be rejected by a TPM designed to work only on the PC Client. +*/ + +#define TPM_NV_INDEX_T_BIT 0x80000000 +#define TPM_NV_INDEX_P_BIT 0x40000000 +#define TPM_NV_INDEX_U_BIT 0x20000000 +#define TPM_NV_INDEX_D_BIT 0x10000000 +/* added kgold */ +#define TPM_NV_INDEX_RESVD 0x0f000000 +#define TPM_NV_INDEX_PURVIEW_BIT 16 +#define TPM_NV_INDEX_PURVIEW_MASK 0x00ff0000 + +/* 19.1.1 Required TPM_NV_INDEX values rev 97 + + The required index values must be found on each TPM regardless of platform. These areas are + always present and do not require a TPM_DefineSpace command to allocate. + + A platform specific specification may add additional required index values for the platform. + + The TPM MUST reserve the space as indicated for the required index values +*/ + +#define TPM_NV_INDEX_LOCK 0xFFFFFFFF /* This value turns on the NV authorization + protections. Once executed all NV areas use the + protections as defined. This value never resets. + + Attempting to execute TPM_NV_DefineSpace on this value + with non-zero size MAY result in a TPM_BADINDEX + response. + */ + +#define TPM_NV_INDEX0 0x00000000 /* This value allows for the setting of the bGlobalLock + flag, which is only reset on TPM_Startup(ST_Clear) + + Attempting to execute TPM_NV_WriteValue with a size other + than zero MAY result in the TPM_BADINDEX error code. + */ + +#define TPM_NV_INDEX_DIR 0x10000001 /* Size MUST be 20. This index points to the deprecated DIR + command area from 1.1. The TPM MUST map this reserved + space to be the area operated on by the 1.1 DIR commands. + */ + +/* 19.1.2 Reserved Index values rev 116 + + The reserved values are defined to avoid index collisions. These values are not in each and every + TPM. + + 1. The reserved index values are to avoid index value collisions. + 2. These index values require a TPM_DefineSpace to have the area for the index allocated + 3. A platform specific specification MAY indicate that reserved values are required. + 4. The reserved index values MAY have their D bit set by the TPM vendor to permanently +*/ + +#define TPM_NV_INDEX_TPM 0x0000Fxxx /* Reserved for TPM use */ +#define TPM_NV_INDEX_EKCert 0x1000F000 /* The Endorsement credential */ + +#define TPM_NV_INDEX_TPM_CC 0x0000F001 /* The TPM Conformance credential */ +#define TPM_NV_INDEX_PlatformCert 0x0000F002 /* The platform credential */ +#define TPM_NV_INDEX_Platform_CC 0x0000F003 /* The Platform conformance credential */ +#define TPM_NV_INDEX_TRIAL 0x0000F004 /* To try TPM_NV_DefineSpace without + actually allocating NV space */ + +#if 0 +#define TPM_NV_INDEX_PC 0x0001xxxx /* Reserved for PC Client use */ +#define TPM_NV_INDEX_GPIO_xx 0x000116xx /* Reserved for GPIO pins */ +#define TPM_NV_INDEX_PDA 0x0002xxxx /* Reserved for PDA use */ +#define TPM_NV_INDEX_MOBILE 0x0003xxxx /* Reserved for mobile use */ +#define TPM_NV_INDEX_SERVER 0x0004xxxx /* Reserved for Server use */ +#define TPM_NV_INDEX_PERIPHERAL 0x0005xxxx /* Reserved for peripheral use */ +#define TPM_NV_INDEX_TSS 0x0006xxxx /* Reserved for TSS use */ +#define TPM_NV_INDEX_GROUP_RESV 0x00xxxxxx /* Reserved for TCG WG use */ +#endif + +#define TPM_NV_INDEX_GPIO_00 0x00011600 /* GPIO-Express-00 */ + +#define TPM_NV_INDEX_GPIO_START 0x00011600 /* Reserved for GPIO pins */ +#define TPM_NV_INDEX_GPIO_END 0x000116ff /* Reserved for GPIO pins */ + +/* 19.2 TPM_NV_ATTRIBUTES rev 99 + + The attributes TPM_NV_PER_AUTHREAD and TPM_NV_PER_OWNERREAD cannot both be set to TRUE. + Similarly, the attributes TPM_NV_PER_AUTHWRITE and TPM_NV_PER_OWNERWRITE cannot both be set to + TRUE. +*/ + +#define TPM_NV_PER_READ_STCLEAR 0x80000000 /* 31: The value can be read until locked by a + read with a data size of 0. It can only be + unlocked by TPM_Startup(ST_Clear) or a + successful write. Lock held for each area in + bReadSTClear. */ +/* #define 30:19 Reserved */ +#define TPM_NV_PER_AUTHREAD 0x00040000 /* 18: The value requires authorization to read + */ +#define TPM_NV_PER_OWNERREAD 0x00020000 /* 17: The value requires TPM Owner authorization + to read. */ +#define TPM_NV_PER_PPREAD 0x00010000 /* 16: The value requires physical presence to + read */ +#define TPM_NV_PER_GLOBALLOCK 0x00008000 /* 15: The value is writable until a write to + index 0 is successful. The lock of this + attribute is reset by + TPM_Startup(ST_CLEAR). Lock held by SF -> + bGlobalLock */ +#define TPM_NV_PER_WRITE_STCLEAR 0x00004000 /* 14: The value is writable until a write to + the specified index with a datasize of 0 is + successful. The lock of this attribute is + reset by TPM_Startup(ST_CLEAR). Lock held for + each area in bWriteSTClear. */ +#define TPM_NV_PER_WRITEDEFINE 0x00002000 /* 13: Lock set by writing to the index with a + datasize of 0. Lock held for each area in + bWriteDefine. This is a persistent lock. */ +#define TPM_NV_PER_WRITEALL 0x00001000 /* 12: The value must be written in a single + operation */ +/* #define 11:3 Reserved for write additions */ +#define TPM_NV_PER_AUTHWRITE 0x00000004 /* 2: The value requires authorization to write + */ +#define TPM_NV_PER_OWNERWRITE 0x00000002 /* 1: The value requires TPM Owner authorization + to write */ +#define TPM_NV_PER_PPWRITE 0x00000001 /* 0: The value requires physical presence to + write */ + +/* 20.2.1 Owner Permission Settings rev 87 */ + +/* Per1 bits */ + +#define TPM_DELEGATE_PER1_MASK 0xffffffff /* mask of legal bits */ +#define TPM_DELEGATE_KeyControlOwner 31 +#define TPM_DELEGATE_SetOrdinalAuditStatus 30 +#define TPM_DELEGATE_DirWriteAuth 29 +#define TPM_DELEGATE_CMK_ApproveMA 28 +#define TPM_DELEGATE_NV_WriteValue 27 +#define TPM_DELEGATE_CMK_CreateTicket 26 +#define TPM_DELEGATE_NV_ReadValue 25 +#define TPM_DELEGATE_Delegate_LoadOwnerDelegation 24 +#define TPM_DELEGATE_DAA_Join 23 +#define TPM_DELEGATE_AuthorizeMigrationKey 22 +#define TPM_DELEGATE_CreateMaintenanceArchive 21 +#define TPM_DELEGATE_LoadMaintenanceArchive 20 +#define TPM_DELEGATE_KillMaintenanceFeature 19 +#define TPM_DELEGATE_OwnerReadInternalPub 18 +#define TPM_DELEGATE_ResetLockValue 17 +#define TPM_DELEGATE_OwnerClear 16 +#define TPM_DELEGATE_DisableOwnerClear 15 +#define TPM_DELEGATE_NV_DefineSpace 14 +#define TPM_DELEGATE_OwnerSetDisable 13 +#define TPM_DELEGATE_SetCapability 12 +#define TPM_DELEGATE_MakeIdentity 11 +#define TPM_DELEGATE_ActivateIdentity 10 +#define TPM_DELEGATE_OwnerReadPubek 9 +#define TPM_DELEGATE_DisablePubekRead 8 +#define TPM_DELEGATE_SetRedirection 7 +#define TPM_DELEGATE_FieldUpgrade 6 +#define TPM_DELEGATE_Delegate_UpdateVerification 5 +#define TPM_DELEGATE_CreateCounter 4 +#define TPM_DELEGATE_ReleaseCounterOwner 3 +#define TPM_DELEGATE_Delegate_Manage 2 +#define TPM_DELEGATE_Delegate_CreateOwnerDelegation 1 +#define TPM_DELEGATE_DAA_Sign 0 + +/* Per2 bits */ +#define TPM_DELEGATE_PER2_MASK 0x00000000 /* mask of legal bits */ +/* All reserved */ + +/* 20.2.3 Key Permission settings rev 85 */ + +/* Per1 bits */ + +#define TPM_KEY_DELEGATE_PER1_MASK 0x1fffffff /* mask of legal bits */ +#define TPM_KEY_DELEGATE_CMK_ConvertMigration 28 +#define TPM_KEY_DELEGATE_TickStampBlob 27 +#define TPM_KEY_DELEGATE_ChangeAuthAsymStart 26 +#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish 25 +#define TPM_KEY_DELEGATE_CMK_CreateKey 24 +#define TPM_KEY_DELEGATE_MigrateKey 23 +#define TPM_KEY_DELEGATE_LoadKey2 22 +#define TPM_KEY_DELEGATE_EstablishTransport 21 +#define TPM_KEY_DELEGATE_ReleaseTransportSigned 20 +#define TPM_KEY_DELEGATE_Quote2 19 +#define TPM_KEY_DELEGATE_Sealx 18 +#define TPM_KEY_DELEGATE_MakeIdentity 17 +#define TPM_KEY_DELEGATE_ActivateIdentity 16 +#define TPM_KEY_DELEGATE_GetAuditDigestSigned 15 +#define TPM_KEY_DELEGATE_Sign 14 +#define TPM_KEY_DELEGATE_CertifyKey2 13 +#define TPM_KEY_DELEGATE_CertifyKey 12 +#define TPM_KEY_DELEGATE_CreateWrapKey 11 +#define TPM_KEY_DELEGATE_CMK_CreateBlob 10 +#define TPM_KEY_DELEGATE_CreateMigrationBlob 9 +#define TPM_KEY_DELEGATE_ConvertMigrationBlob 8 +#define TPM_KEY_DELEGATE_Delegate_CreateKeyDelegation 7 +#define TPM_KEY_DELEGATE_ChangeAuth 6 +#define TPM_KEY_DELEGATE_GetPubKey 5 +#define TPM_KEY_DELEGATE_UnBind 4 +#define TPM_KEY_DELEGATE_Quote 3 +#define TPM_KEY_DELEGATE_Unseal 2 +#define TPM_KEY_DELEGATE_Seal 1 +#define TPM_KEY_DELEGATE_LoadKey 0 + +/* Per2 bits */ +#define TPM_KEY_DELEGATE_PER2_MASK 0x00000000 /* mask of legal bits */ +/* All reserved */ + +/* 20.3 TPM_FAMILY_FLAGS rev 87 + + These flags indicate the operational state of the delegation and family table. These flags + are additions to TPM_PERMANENT_FLAGS and are not stand alone values. +*/ + +#define TPM_DELEGATE_ADMIN_LOCK 0x00000002 /* TRUE: Some TPM_Delegate_XXX commands are locked and + return TPM_DELEGATE_LOCK + + FALSE: TPM_Delegate_XXX commands are available + + Default is FALSE */ +#define TPM_FAMFLAG_ENABLED 0x00000001 /* When TRUE the table is enabled. The default value is + FALSE. */ + +/* 20.14 TPM_FAMILY_OPERATION Values rev 87 + + These are the opFlag values used by TPM_Delegate_Manage. +*/ + +#define TPM_FAMILY_CREATE 0x00000001 /* Create a new family */ +#define TPM_FAMILY_ENABLE 0x00000002 /* Set or reset the enable flag for this family. */ +#define TPM_FAMILY_ADMIN 0x00000003 /* Prevent administration of this family. */ +#define TPM_FAMILY_INVALIDATE 0x00000004 /* Invalidate a specific family row. */ + +/* 21.9 TPM_DA_STATE rev 100 + + TPM_DA_STATE enumerates the possible states of the dictionary attack mitigation logic. +*/ + +#define TPM_DA_STATE_INACTIVE 0x00 /* The dictionary attack mitigation logic is currently + inactive */ +#define TPM_DA_STATE_ACTIVE 0x01 /* The dictionary attack mitigation logic is + active. TPM_DA_ACTION_TYPE (21.10) is in progress. */ + +/* 21.10 TPM_DA_ACTION_TYPE rev 100 + */ + +/* 31-4 Reserved No information and MUST be FALSE */ + +#define TPM_DA_ACTION_FAILURE_MODE 0x00000008 /* bit 3: The TPM is in failure mode. */ +#define TPM_DA_ACTION_DEACTIVATE 0x00000004 /* bit 2: The TPM is in the deactivated state. */ +#define TPM_DA_ACTION_DISABLE 0x00000002 /* bit 1: The TPM is in the disabled state. */ +#define TPM_DA_ACTION_TIMEOUT 0x00000001 /* bit 0: The TPM will be in a locked state for + TPM_DA_INFO -> actionDependValue seconds. This + value is dynamic, depending on the time the + lock has been active. */ + +/* 22. DAA Structures rev 91 + + All byte and bit areas are byte arrays treated as large integers +*/ + +#define DAA_SIZE_r0 43 +#define DAA_SIZE_r1 43 +#define DAA_SIZE_r2 128 +#define DAA_SIZE_r3 168 +#define DAA_SIZE_r4 219 +#define DAA_SIZE_NT 20 +#define DAA_SIZE_v0 128 +#define DAA_SIZE_v1 192 +#define DAA_SIZE_NE 256 +#define DAA_SIZE_w 256 +#define DAA_SIZE_issuerModulus 256 + +/* check that DAA_SIZE_issuerModulus will fit in DAA_scratch */ +#if (DAA_SIZE_issuerModulus != 256) +#error "DAA_SIZE_issuerModulus must be 256" +#endif + +/* 22.2 Constant definitions rev 91 */ + +#define DAA_power0 104 +#define DAA_power1 1024 + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmstructures12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmstructures12.h new file mode 100644 index 000000000000..2d8169ba68c0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmstructures12.h @@ -0,0 +1,2482 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Structures */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TPMSTRUCTURES12_H +#define TPMSTRUCTURES12_H + +#include +#include "tpmconstants12.h" +#include "tpmtypes12.h" + +/* Sanity check on build macros are centralized here, since any TPM will use this header */ + +#if !defined (TPM_POSIX) && !defined (TPM_WINDOWS) && !defined(TPM_SKIBOOT) +#error "Must define either TPM_POSIX TPM_SKIBOOT or TPM_WINDOWS" +#endif + +#define TPM_REVISION_MAX 9999 +#ifndef TPM_REVISION +#define TPM_REVISION TPM_REVISION_MAX +#endif + +/* 5.1 TPM_STRUCT_VER rev 100 + + This indicates the version of the structure or TPM. + + Version 1.2 deprecates the use of this structure in all other structures. The structure is not + deprecated as many of the structures that contain this structure are not deprecated. +*/ + +typedef struct tdTPM_STRUCT_VER { + BYTE major; /* This SHALL indicate the major version of the structure. MUST be 0x01 */ + BYTE minor; /* This SHALL indicate the minor version of the structure. MUST be 0x01 */ + BYTE revMajor; /* This MUST be 0x00 on output, ignored on input */ + BYTE revMinor; /* This MUST be 0x00 on output, ignored on input */ +} TPM_STRUCT_VER; + +/* 5.2 TPM_VERSION_BYTE rev 87 + + Allocating a byte for the version information is wasteful of space. The current allocation does + not provide sufficient resolution to indicate completely the version of the TPM. To allow for + backwards compatibility the size of the structure does not change from 1.1. + + To enable minor version, or revision, numbers with 2-digit resolution, the byte representing a + version splits into two BDC encoded nibbles. The ordering of the low and high order provides + backwards compatibility with existing numbering. + + An example of an implementation of this is; a version of 1.23 would have the value 2 in bit + positions 3-0 and the value 3 in bit positions 7-4. + + TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule + + 7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of + 0000-1001 + 3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of + 0000-1001 +*/ + +/* 5.3 TPM_VERSION rev 116 + + This structure provides information relative the version of the TPM. This structure should only + be in use by TPM_GetCapability to provide the information relative to the TPM. +*/ + +typedef struct tdTPM_VERSION { + TPM_VERSION_BYTE major; /* This SHALL indicate the major version of the TPM, mostSigVer MUST + be 0x1, leastSigVer MUST be 0x0 */ + TPM_VERSION_BYTE minor; /* This SHALL indicate the minor version of the TPM, mostSigVer MUST + be 0x1 or 0x2, leastSigVer MUST be 0x0 */ + BYTE revMajor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMajor */ + BYTE revMinor; /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMinor */ +} TPM_VERSION; + +/* 5.4 TPM_DIGEST rev 111 + + The digest value reports the result of a hash operation. + + In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160 bits. + + It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on + SHA-1. The reason for fixing is due to the internal use of the digest. It is the authorization + values, it provides the secrets for the HMAC and the size of 20 bytes determines the values that + can be stored and encrypted. For this reason, the size is fixed and any changes to this value + require a new version of the specification. + + The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or greater. + + For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize parameter is + therefore equal to 20. +*/ + +#define TPM_DIGEST_SIZE 20 +typedef BYTE TPM_DIGEST[TPM_DIGEST_SIZE]; + +/* Redefinitions */ + +typedef TPM_DIGEST TPM_CHOSENID_HASH; /* This SHALL be the digest of the chosen identityLabel and + privacyCA for a new TPM identity.*/ + +typedef TPM_DIGEST TPM_COMPOSITE_HASH; /* This SHALL be the hash of a list of PCR indexes and PCR + values that a key or data is bound to. */ + +typedef TPM_DIGEST TPM_DIRVALUE; /* This SHALL be the value of a DIR register */ + +typedef TPM_DIGEST TPM_HMAC; /* This shall be the output of the HMAC algorithm */ + +typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ + +typedef TPM_DIGEST TPM_AUDITDIGEST; /* This SHALL be the value of the current internal audit + state */ + +/* 5.5 TPM_NONCE rev 99 + + A nonce is a random value that provides protection from replay and other attacks. Many of the + commands and protocols in the specification require a nonce. This structure provides a consistent + view of what a nonce is. +*/ + +#define TPM_NONCE_SIZE 20 +typedef BYTE TPM_NONCE[TPM_NONCE_SIZE]; + +typedef TPM_NONCE TPM_DAA_TPM_SEED; /* This SHALL be a random value generated by a TPM + immediately after the EK is installed in that TPM, + whenever an EK is installed in that TPM */ +typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; /* This SHALL be a random value */ + +/* 5.6 TPM_AUTHDATA rev 87 + + The authorization data is the information that is saved or passed to provide proof of ownership + of an entity. For version 1 this area is always 20 bytes. +*/ + +#define TPM_AUTHDATA_SIZE 20 +typedef BYTE TPM_AUTHDATA[TPM_AUTHDATA_SIZE]; + +#define TPM_SECRET_SIZE 20 +typedef BYTE TPM_SECRET[TPM_SECRET_SIZE]; + +typedef TPM_AUTHDATA TPM_ENCAUTH; /* A cipher text (encrypted) version of authorization data. The + encryption mechanism depends on the context. */ + +#if 0 /* FIXME */ +/* 5.11 TPM_CHANGEAUTH_VALIDATE rev 87 + + This structure provides an area that will stores the new authorization data and the challenger's + nonce. +*/ + +typedef struct tdTPM_CHANGEAUTH_VALIDATE { + TPM_SECRET newAuthSecret; /* This SHALL be the new authorization data for the target entity */ + TPM_NONCE n1; /* This SHOULD be a nonce, to enable the caller to verify that the + target TPM is on-line. */ +} TPM_CHANGEAUTH_VALIDATE; + +#endif + + +/* PCR */ + +/* NOTE: The TPM requires and the code assumes a multiple of CHAR_BIT (8). 48 registers (6 bytes) + may be a bad number, as it makes TPM_PCR_INFO and TPM_PCR_INFO_LONG indistinguishable in the + first two bytes. */ + +#define TPM_NUM_PCR 24 /* Use PC Client specification values */ + +#if (CHAR_BIT != 8) +#error "CHAR_BIT must be 8" +#endif + +#if ((TPM_NUM_PCR % 8) != 0) +#error "TPM_NUM_PCR must be a multiple of 8" +#endif + +#define TPM_DEBUG_PCR 16 + +/* 8.1 TPM_PCR_SELECTION rev 110 + + This structure provides a standard method of specifying a list of PCR registers. +*/ + +typedef struct tdTPM_PCR_SELECTION { + uint16_t sizeOfSelect; /* The size in bytes of the pcrSelect structure */ + BYTE pcrSelect[TPM_NUM_PCR/CHAR_BIT]; /* This SHALL be a bit map that indicates if a PCR + is active or not */ +} TPM_PCR_SELECTION; + +#if 0 +/* 8.2 TPM_PCR_COMPOSITE rev 97 + + The composite structure provides the index and value of the PCR register to be used when creating + the value that SEALS an entity to the composite. +*/ + +typedef struct tdTPM_PCR_COMPOSITE { + TPM_PCR_SELECTION select; /* This SHALL be the indication of which PCR values are active */ +#if 0 + uint32_t valueSize; /* This SHALL be the size of the pcrValue field (not the number of + PCR's) */ + TPM_PCRVALUE *pcrValue; /* This SHALL be an array of TPM_PCRVALUE structures. The values + come in the order specified by the select parameter and are + concatenated into a single blob */ +#endif + TPM_SIZED_BUFFER pcrValue; +} TPM_PCR_COMPOSITE; + +/* 8.3 TPM_PCR_INFO rev 87 + + The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the + sealing of data, to a set of PCRs. +*/ + +typedef struct tdTPM_PCR_INFO { + TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs to which the + data or key is bound. */ + TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and + PCR values to verify when revealing Sealed Data + or using a key that was wrapped to PCRs. NOTE: + This is passed in by the host, and used as + authorization to use the key */ + TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the + PCR values, at the time when the sealing is + performed. NOTE: This is generated at key + creation, but is just informative to the host, + not used for authorization */ +} TPM_PCR_INFO; + +#endif + +/* 8.6 TPM_LOCALITY_SELECTION rev 87 + + When used with localityAtCreation only one bit is set and it corresponds to the locality of the + command creating the structure. + + When used with localityAtRelease the bits indicate which localities CAN perform the release. +*/ + +typedef BYTE TPM_LOCALITY_SELECTION; + +#define TPM_LOC_FOUR 0x10 /* Locality 4 */ +#define TPM_LOC_THREE 0x08 /* Locality 3 */ +#define TPM_LOC_TWO 0x04 /* Locality 2 */ +#define TPM_LOC_ONE 0x02 /* Locality 1 */ +#define TPM_LOC_ZERO 0x01 /* Locality 0. This is the same as the legacy interface. */ + +#define TPM_LOC_ALL 0x1f /* kgold - added all localities */ +#define TPM_LOC_MAX 4 /* kgold - maximum value for TPM_MODIFIER_INDICATOR */ + +/* 8.4 TPM_PCR_INFO_LONG rev 109 + + The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the + sealing of data, to a set of PCRs. + + The LONG version includes information necessary to properly define the configuration that creates + the blob using the PCR selection. +*/ + +/* Marshaled TPM_PCR_INFO_LONG */ + +typedef struct tdTPM_PCR_INFO_LONG { + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_PCR_INFO_LONG */ + TPM_LOCALITY_SELECTION localityAtCreation; /* This SHALL be the locality modifier of the + function that creates the PCR info structure */ + TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to + reveal Sealed Data or use a key that was wrapped + to PCRs */ + TPM_PCR_SELECTION creationPCRSelection; /* This SHALL be the selection of PCRs active when + the blob is created */ + TPM_PCR_SELECTION releasePCRSelection; /* This SHALL be the selection of PCRs to which the + data or key is bound. */ + TPM_COMPOSITE_HASH digestAtCreation; /* This SHALL be the composite digest value of the + PCR values, at the time when the sealing is + performed. */ + TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and + PCR values to verify when revealing Sealed Data + or using a key that was wrapped to PCRs. */ +} TPM_PCR_INFO_LONG; + +#if 0 +typedef struct { + UINT32 PCRInfoSize; + TPM_PCR_INFO_LONG PCRInfo; +} TPM4B_TPM_PCR_INFO_LONG; + +#endif + +/* 8.5 TPM_PCR_INFO_SHORT rev 87 + + This structure is for defining a digest at release when the only information that is necessary is + the release configuration. +*/ + +typedef struct tdTPM_PCR_INFO_SHORT { + TPM_PCR_SELECTION pcrSelection; /* This SHALL be the selection of PCRs that specifies the + digestAtRelease */ + TPM_LOCALITY_SELECTION localityAtRelease; /* This SHALL be the locality modifier required to + release the information. This value must not be + zero (0). */ + TPM_COMPOSITE_HASH digestAtRelease; /* This SHALL be the digest of the PCR indices and + PCR values to verify when revealing auth data */ +} TPM_PCR_INFO_SHORT; + +#if 0 +/* 8.8 TPM_PCR_ATTRIBUTES rev 107 + + These attributes are available on a per PCR basis. + + The TPM is not required to maintain this structure internally to the TPM. + + When a challenger evaluates a PCR an understanding of this structure is vital to the proper + understanding of the platform configuration. As this structure is static for all platforms of the + same type the structure does not need to be reported with each quote. +*/ + +typedef struct tdTPM_PCR_ATTRIBUTES { + TPM_BOOL pcrReset; /* A value of TRUE SHALL indicate that the PCR register can be reset + using the TPM_PCR_RESET command. */ + TPM_LOCALITY_SELECTION pcrExtendLocal; /* An indication of which localities can perform + extends on the PCR. */ + TPM_LOCALITY_SELECTION pcrResetLocal; /* An indication of which localities can reset the + PCR */ +} TPM_PCR_ATTRIBUTES; + +/* + 9. Storage Structures +*/ + +/* 9.1 TPM_STORED_DATA rev 87 + + The definition of this structure is necessary to ensure the enforcement of security properties. + + This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and + values that must be present to properly unseal the data. + + This structure only provides 1.1 data store and uses PCR_INFO + + 1. This structure is created during the TPM_Seal process. The confidential data is encrypted + using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the + public information in the structure to validate the current configuration and release the + decrypted data + + 2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO +*/ + +typedef struct tdTPM_STORED_DATA { + TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ + TPM_SIZED_BUFFER sealInfo; +#if 0 + uint32_t sealInfoSize; /* Size of the sealInfo parameter */ + BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO or a 0 length + array if the data is not bound to PCRs. */ +#endif + TPM_SIZED_BUFFER encData; +#if 0 + uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ + BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing + the confidential part of the data. */ +#endif + /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ + TPM_PCR_INFO *tpm_seal_info; +} TPM_STORED_DATA; + + +/* 9.2 TPM_STORED_DATA12 rev 101 + + The definition of this structure is necessary to ensure the enforcement of security properties. + This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and + values that must be present to properly unseal the data. + + 1. This structure is created during the TPM_Seal process. The confidential data is encrypted + using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the + public information in the structure to validate the current configuration and release the + decrypted data. + + 2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG +*/ + +typedef struct tdTPM_STORED_DATA12 { + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_STORED_DATA12 */ + TPM_ENTITY_TYPE et; /* The type of blob */ + TPM_SIZED_BUFFER sealInfo; +#if 0 + uint32_t sealInfoSize; /* Size of the sealInfo parameter */ + BYTE* sealInfo; /* This SHALL be a structure of type TPM_PCR_INFO_LONG or a 0 length + array if the data is not bound to PCRs. */ +#endif + TPM_SIZED_BUFFER encData; +#if 0 + uint32_t encDataSize; /* This SHALL be the size of the encData parameter */ + BYTE* encData; /* This shall be an encrypted TPM_SEALED_DATA structure containing + the confidential part of the data. */ +#endif + /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ + TPM_PCR_INFO_LONG *tpm_seal_info_long; +} TPM_STORED_DATA12; + +/* 9.3 TPM_SEALED_DATA rev 87 + + This structure contains confidential information related to sealed data, including the data + itself. + + 1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this structure contains + a digest of the containing TPM_STORED_DATA structure. + + 2. The digest calculation does not include the encDataSize and encData parameters. +*/ + +typedef struct tdTPM_SEALED_DATA { + TPM_PAYLOAD_TYPE payload; /* This SHALL indicate the payload type of TPM_PT_SEAL */ + TPM_SECRET authData; /* This SHALL be the authorization data for this value */ + TPM_SECRET tpmProof; /* This SHALL be a copy of TPM_PERMANENT_FLAGS -> tpmProof */ + TPM_DIGEST storedDigest; /* This SHALL be a digest of the TPM_STORED_DATA structure, + excluding the fields TPM_STORED_DATA -> encDataSize and + TPM_STORED_DATA -> encData. */ + TPM_SIZED_BUFFER data; /* This SHALL be the data to be sealed */ +#if 0 + uint32_t dataSize; /* This SHALL be the size of the data parameter */ + BYTE* data; /* This SHALL be the data to be sealed */ +#endif +} TPM_SEALED_DATA; + +#endif + + +/* 9.4 TPM_SYMMETRIC_KEY rev 87 + + This structure describes a symmetric key, used during the process "Collating a Request for a + Trusted Platform Module Identity". +*/ + +typedef struct tdTPM_SYMMETRIC_KEY { + TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the symmetric key. */ + TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the key will be + used for encryption operations. */ + uint16_t size; /* This SHALL be the size of the data parameter in bytes */ + BYTE data[MAX_SYM_KEY_BYTES]; /* This SHALL be the symmetric key data */ +} TPM_SYMMETRIC_KEY; + +#if 0 + +/* 9.5 TPM_BOUND_DATA rev 87 + + This structure is defined because it is used by a TPM_UnBind command in a consistency check. + + The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key + shouldn't be used for storage, and so on. These heuristics are used because of the potential + threats that arise when the same key is used in different ways. The heuristics minimize the + number of ways in which a given key can be used. + + One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should always be + used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM function, so the + only choice is to perform a check for the correct payload type when a blob is unwrapped by a key + of type TPM_KEY_BIND. This requires the blob to have internal structure. + + Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not include the size + of payloadData. This is to maximise the size of payloadData that can be encrypted when + TPM_BOUND_DATA is encrypted in a single block. When using TPM-UnBind to obtain payloadData, the + size of payloadData is deduced as a natural result of the (RSA) decryption process. + + 1. This structure MUST be used for creating data when (wrapping with a key of type TPM_KEY_BIND) + or (wrapping using the encryption algorithm TPM_ES_RSAESOAEP_SHA1_MGF1). If it is not, the + TPM_UnBind command will fail. +*/ + +typedef struct tdTPM_BOUND_DATA { + TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ + TPM_PAYLOAD_TYPE payload; /* This SHALL be the value TPM_PT_BIND */ + uint32_t payloadDataSize; /* NOTE: added, not part of serialization */ + BYTE *payloadData; /* The bound data */ +} TPM_BOUND_DATA; + +#endif + +/* + 10. TPM_KEY Complex +*/ + +/* 10.1.1 TPM_RSA_KEY_PARMS rev 87 + + This structure describes the parameters of an RSA key. +*/ + +typedef struct tdTPM_RSA_KEY_PARMS { + uint32_t keyLength; /* This specifies the size of the RSA key in bits */ + uint32_t numPrimes; /* This specifies the number of prime factors used by this RSA key. */ + uint32_t exponentSize; /* This SHALL be the size of the exponent. If the key is using the + the default public exponent then the exponentSize MUST be 0. */ + uint8_t exponent[4]; /* The public exponent of this key */ +} TPM_RSA_KEY_PARMS; + +/* 10.1.2 TPM_SYMMETRIC_KEY_PARMS rev 87 + + This structure describes the parameters for symmetric algorithms +*/ + +typedef struct tdTPM_SYMMETRIC_KEY_PARMS { + uint32_t keyLength; /* This SHALL indicate the length of the key in bits */ + uint32_t blockSize; /* This SHALL indicate the block size of the algorithm*/ + TPM2B_IV iv; /* The initialization vector */ +} TPM_SYMMETRIC_KEY_PARMS; + +/* 10.1 TPM_KEY_PARMS rev 87 + + This provides a standard mechanism to define the parameters used to generate a key pair, and to + store the parts of a key shared between the public and private key parts. +*/ + +typedef union { + TPM_RSA_KEY_PARMS rsaParms; + TPM_SYMMETRIC_KEY_PARMS symParms; +} TPMU_PARMS; + +/* Marshaled TPMU_PARMS */ + +#if 0 +typedef struct { + UINT32 parmSize; + TPMU_PARMS parms; +} TPM4B_PARMS; +#endif + +typedef struct { + TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */ + TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt + information */ + TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform + digital signatures */ + TPMU_PARMS parms; +} TPM_KEY_PARMS; + +#if 0 + +/* 10.7 TPM_STORE_PRIVKEY rev 87 + + This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct a private + key which can be unambiguously used. +*/ + +#if 0 +typedef struct tdTPM_STORE_PRIVKEY { + uint32_t keyLength; /* This SHALL be the length of the key field. */ + BYTE* key; /* This SHALL be a structure interpreted according to the algorithm Id in + the corresponding TPM_KEY structure. */ +} TPM_STORE_PRIVKEY; +#endif + +/* NOTE: Hard coded for RSA keys. This will change if other algorithms are supported */ + +typedef struct tdTPM_STORE_PRIVKEY { + TPM_SIZED_BUFFER d_key; /* private key */ + TPM_SIZED_BUFFER p_key; /* private prime factor */ + TPM_SIZED_BUFFER q_key; /* private prime factor */ +} TPM_STORE_PRIVKEY; + +/* 10.6 TPM_STORE_ASYMKEY rev 87 + + The TPM_STORE_ASYMKEY structure provides the area to identify the confidential information + related to a key. This will include the private key factors for an asymmetric key. + + The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure containing a 2048 + bit RSA key can be done in one operation if the encrypting key is 2048 bits. + + Using typical RSA notation the structure would include P, and when loading the key include the + unencrypted P*Q which would be used to recover the Q value. + + To accommodate the future use of multiple prime RSA keys the specification of additional prime + factors is an optional capability. + + This structure provides the basis of defining the protection of the private key. Changes in this + structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure (section 10.8). +*/ + +typedef struct tdTPM_STORE_ASYMKEY { + TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_ASYM to indicate an asymmetric + key. If used in TPM_CMK_ConvertMigration the value SHALL + be TPM_PT_MIGRATE_EXTERNAL. If used in TPM_CMK_CreateKey + the value SHALL be TPM_PT_MIGRATE_RESTRICTED */ + TPM_SECRET usageAuth; /* This SHALL be the authorization data necessary to + authorize the use of this value */ + TPM_SECRET migrationAuth; /* This SHALL be the migration authorization data for a + migratable key, or the TPM secret value tpmProof for a + non-migratable key created by the TPM. + + If the TPM sets this parameter to the value tpmProof, + then the TPM_KEY.keyFlags.migratable of the corresponding + TPM_KEY structure MUST be set to 0. + + If this parameter is set to the migration authorization + data for the key in parameter PrivKey, then the + TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY + structure SHOULD be set to 1. */ + TPM_DIGEST pubDataDigest; /* This SHALL be the digest of the corresponding TPM_KEY + structure, excluding the fields TPM_KEY.encSize and + TPM_KEY.encData. + + When TPM_KEY -> pcrInfoSize is 0 then the digest + calculation has no input from the pcrInfo field. The + pcrInfoSize field MUST always be part of the digest + calculation. + */ + TPM_STORE_PRIVKEY privKey; /* This SHALL be the private key data. The privKey can be a + variable length which allows for differences in the key + format. The maximum size of the area would be 151 + bytes. */ +} TPM_STORE_ASYMKEY; + +/* 10.8 TPM_MIGRATE_ASYMKEY rev 87 + + The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors of a + asymmetric key while the key is migrating between TPM's. + + This structure provides the basis of defining the protection of the private key. + + k1k2 - 132 privkey.key (128 + 4) + k1 - 20, OAEP seed + k2 - 112, partPrivKey + TPM_STORE_PRIVKEY 4 partPrivKey.keyLength + 108 partPrivKey.key (128 - 20) +*/ + +typedef struct tdTPM_MIGRATE_ASYMKEY { + TPM_PAYLOAD_TYPE payload; /* This SHALL set to TPM_PT_MIGRATE or TPM_PT_CMK_MIGRATE to + indicate an migrating asymmetric key or TPM_PT_MAINT to indicate + a maintenance key. */ + TPM_SECRET usageAuth; /* This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY + structure. */ + TPM_DIGEST pubDataDigest; /* This SHALL be a copy of the pubDataDigest from the + TPM_STORE_ASYMKEY structure. */ +#if 0 + uint32_t partPrivKeyLen; /* This SHALL be the size of the partPrivKey field */ + BYTE *partPrivKey; /* This SHALL be the k2 area as described in TPM_CreateMigrationBlob + */ +#endif + TPM_SIZED_BUFFER partPrivKey; +} TPM_MIGRATE_ASYMKEY; + +#endif + +/* 10.4 TPM_STORE_PUBKEY + + This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to 1382 construct a + public key which can be unambiguously used. +*/ + +typedef struct tdTPM_STORE_PUBKEY { + UINT32 keyLength; /* This SHALL be the length of the key field. */ + BYTE key[MAX_RSA_KEY_BYTES]; /* This SHALL be a structure interpreted according to the + algorithm Id in the corresponding TPM_KEY_PARMS + structure. */ +} TPM_STORE_PUBKEY; + +/* 10.3 TPM_KEY12 rev 87 + + This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG structures and the + new structure tagging. In all other aspects this is the same structure. +*/ + +typedef struct tdTPM_KEY12 { + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_KEY12 */ + uint16_t fill; /* MUST be 0x0000 */ + TPM_KEY_USAGE keyUsage; /* This SHALL be the TPM key usage that determines the operations + permitted with this key */ + TPM_KEY_FLAGS keyFlags; /* This SHALL be the indication of migration, redirection etc. */ + TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL Indicate the conditions where it is required + that authorization be presented. */ + TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding the algorithm for + this key */ + TPM_PCR_INFO_LONG PCRInfo; + TPM_STORE_PUBKEY pubKey; /* This SHALL be the public portion of the key */ + TPM_STORE_PUBKEY encData; /* This SHALL be an encrypted TPM_STORE_ASYMKEY structure + TPM_MIGRATE_ASYMKEY structure */ +} TPM_KEY12; + +/* 10.5 TPM_PUBKEY rev 99 + + The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It contains all + the information necessary for its unambiguous usage. It is possible to construct this structure + from a TPM_KEY, using the algorithmParms and pubKey fields. + + The pubKey member of this structure shall contain the public key for a specific algorithm. +*/ + +typedef struct tdTPM_PUBKEY { + TPM_KEY_PARMS algorithmParms; /* This SHALL be the information regarding this key */ + TPM_STORE_PUBKEY pubKey; /* This SHALL be the public key information */ +} TPM_PUBKEY; + +#if 0 + +/* 5.b. The TPM must support a minimum of 2 key slots. */ + +#define TPM_KEY_HANDLES 16 /* entries in global TPM_KEY_HANDLE_ENTRY array */ + +/* TPM_GetCapability uses a uint_16 for the number of key slots */ + +#if (TPM_KEY_HANDLES > 0xffff) +#error "TPM_KEY_HANDLES must be less than 0x10000" +#endif + +/* The TPM does not have to support any minumum number of owner evict keys. Adjust this value to + match the amount of NV space available. An owner evict key consumes about 512 bytes. + + A value greater than (TPM_KEY_HANDLES - 2) is useless, as the TPM reserves 2 key slots for + non-owner evict keys to avoid blocking. +*/ + +#define TPM_OWNER_EVICT_KEY_HANDLES 2 +#if (TPM_OWNER_EVICT_KEY_HANDLES > (TPM_KEY_HANDLES - 2)) +#error "TPM_OWNER_EVICT_KEY_HANDLES too large for TPM_KEY_HANDLES" +#endif + +/* This is the version used by the TPM implementation. It is part of the global TPM state */ + +/* kgold: Added TPM_KEY member. There needs to be a mapping between a key handle + and the pointer to TPM_KEY objects, and this seems to be the right place for it. */ + +typedef struct tdTPM_KEY_HANDLE_ENTRY { + TPM_KEY_HANDLE handle; /* Handles for a key currently loaded in the TPM */ + TPM_KEY *key; /* Pointer to the key object */ + TPM_BOOL parentPCRStatus; /* TRUE if parent of this key uses PCR's */ + TPM_KEY_CONTROL keyControl; /* Attributes that can control various aspects of key usage and + manipulation. */ +} TPM_KEY_HANDLE_ENTRY; + +/* 5.12 TPM_MIGRATIONKEYAUTH rev 87 + + This structure provides the proof that the associated public key has TPM Owner authorization to + be a migration key. +*/ + +typedef struct tdTPM_MIGRATIONKEYAUTH { + TPM_PUBKEY migrationKey; /* This SHALL be the public key of the migration facility */ + TPM_MIGRATE_SCHEME migrationScheme; /* This shall be the type of migration operation.*/ + TPM_DIGEST digest; /* This SHALL be the digest value of the concatenation of + migration key, migration scheme and tpmProof */ +} TPM_MIGRATIONKEYAUTH; + +/* 5.13 TPM_COUNTER_VALUE rev 87 + + This structure returns the counter value. For interoperability, the value size should be 4 bytes. +*/ + +#define TPM_COUNTER_LABEL_SIZE 4 +#define TPM_COUNT_ID_NULL 0xffffffff /* unused value TPM_CAP_PROP_ACTIVE_COUNTER expects this + value if no counter is active */ +#define TPM_COUNT_ID_ILLEGAL 0xfffffffe /* after releasing an active counter */ + +typedef struct tdTPM_COUNTER_VALUE { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_COUNTER_VALUE */ +#endif + BYTE label[TPM_COUNTER_LABEL_SIZE]; /* The label for the counter */ + TPM_ACTUAL_COUNT counter; /* The 32-bit counter value. */ + /* NOTE: Added. TPMWG email says the specification structure is the public part, but these are + vendor specific private members. */ + TPM_SECRET authData; /* Authorization secret for counter */ + TPM_BOOL valid; + TPM_DIGEST digest; /* for OSAP comparison */ +} TPM_COUNTER_VALUE; + +/* 5.14 TPM_SIGN_INFO Structure rev 102 + + This is an addition in 1.2 and is the structure signed for certain commands (e.g., + TPM_ReleaseTransportSigned). Some commands have a structure specific to that command (e.g., + TPM_Quote uses TPM_QUOTE_INFO) and do not use TPM_SIGN_INFO. + + TPM_Sign uses this structure when the signature scheme is TPM_SS_RSASSAPKCS1v15_INFO. +*/ + +#define TPM_SIGN_INFO_FIXED_SIZE 4 + +typedef struct tdTPM_SIGN_INFO { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_SIGNINFO */ +#endif + BYTE fixed[TPM_SIGN_INFO_FIXED_SIZE]; /* The ASCII text that identifies what function was + performing the signing operation*/ + TPM_NONCE replay; /* Nonce provided by caller to prevent replay attacks */ +#if 0 + uint32_t dataLen; /* The length of the data area */ + BYTE* data; /* The data that is being signed */ +#endif + TPM_SIZED_BUFFER data; /* The data that is being signed */ +} TPM_SIGN_INFO; + +/* 5.15 TPM_MSA_COMPOSITE Structure rev 87 + + TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to Migration + Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the migrationAuth value of a + certified-migration-key (CMK), and any of the Migration Authorities specified in that instance is + able to approve the migration of that certified-migration-key. + + TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and MAY support + larger values of MSAlist. +*/ + +typedef struct tdTPM_MSA_COMPOSITE { + uint32_t MSAlist; /* The number of migAuthDigests. MSAlist MUST be one (1) or + greater. */ + TPM_DIGEST *migAuthDigest; /* An arbitrary number of digests of public keys belonging + to Migration Authorities. */ +} TPM_MSA_COMPOSITE; + +/* 5.16 TPM_CMK_AUTH + + The signed digest of TPM_CMK_AUTH is a ticket to prove that the entity with public key + "migrationAuthority" has approved the public key "destination Key" as a migration destination for + the key with public key "sourceKey". + + Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to + "migrationAuthority". + + To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority", + "destinationKey" and "sourceKey". +*/ + +typedef struct tdTPM_CMK_AUTH { + TPM_DIGEST migrationAuthorityDigest; /* The digest of the public key of a Migration + Authority */ + TPM_DIGEST destinationKeyDigest; /* The digest of a TPM_PUBKEY structure that is an + approved destination key for the private key + associated with "sourceKey"*/ + TPM_DIGEST sourceKeyDigest; /* The digest of a TPM_PUBKEY structure whose + corresponding private key is approved by the + Migration Authority to be migrated as a child to + the destinationKey. */ +} TPM_CMK_AUTH; + +#endif + +/* 5.18 TPM_SELECT_SIZE rev 87 + + This structure provides the indication for the version and sizeOfSelect structure in GetCapability +*/ + +typedef struct tdTPM_SELECT_SIZE { + BYTE major; /* This SHALL indicate the major version of the TPM. This MUST be 0x01 */ + BYTE minor; /* This SHALL indicate the minor version of the TPM. This MAY be 0x01 or + 0x02 */ + uint16_t reqSize; /* This SHALL indicate the value for a sizeOfSelect field in the + TPM_SELECTION structure */ +} TPM_SELECT_SIZE; + +#if 0 + +/* 5.19 TPM_CMK_MIGAUTH rev 89 + + Structure to keep track of the CMK migration authorization +*/ + +typedef struct tdTPM_CMK_MIGAUTH { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MIGAUTH */ +#endif + TPM_DIGEST msaDigest; /* The digest of a TPM_MSA_COMPOSITE structure containing the + migration authority public key and parameters. */ + TPM_DIGEST pubKeyDigest; /* The hash of the associated public key */ +} TPM_CMK_MIGAUTH; + +/* 5.20 TPM_CMK_SIGTICKET rev 87 + + Structure to keep track of the CMK migration authorization +*/ + +typedef struct tdTPM_CMK_SIGTICKET { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_SIGTICKET */ +#endif + TPM_DIGEST verKeyDigest; /* The hash of a TPM_PUBKEY structure containing the public key and + parameters of the key that can verify the ticket */ + TPM_DIGEST signedData; /* The ticket data */ +} TPM_CMK_SIGTICKET; + +/* 5.21 TPM_CMK_MA_APPROVAL rev 87 + + Structure to keep track of the CMK migration authorization +*/ + +typedef struct tdTPM_CMK_MA_APPROVAL { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* Set to TPM_TAG_CMK_MA_APPROVAL */ +#endif + TPM_DIGEST migrationAuthorityDigest; /* The hash of a TPM_MSA_COMPOSITE structure + containing the hash of one or more migration + authority public keys and parameters. */ +} TPM_CMK_MA_APPROVAL; + +/* 20.2 Delegate Definitions rev 101 + + The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner can + delegate to a trusted process by setting that bit. Each delegation bit setting is independent of + any other delegation bit setting in a row. + + If a TPM command is not listed in the following table, then the TPM Owner cannot delegate that + capability to a trusted process. For the TPM commands that are listed in the following table, if + the bit associated with a TPM command is set to zero in the row of the table that identifies a + trusted process, then that process has not been delegated to use that TPM command. + + The minimum granularity for delegation is at the ordinal level. It is not possible to delegate an + option of an ordinal. This implies that if the options present a difficulty and there is a need + to separate the delegations then there needs to be a split into two separate ordinals. +*/ + +#define TPM_DEL_OWNER_BITS 0x00000001 +#define TPM_DEL_KEY_BITS 0x00000002 + +typedef struct tdTPM_DELEGATIONS { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATIONS */ +#endif + uint32_t delegateType; /* Owner or key */ + uint32_t per1; /* The first block of permissions */ + uint32_t per2; /* The second block of permissions */ +} TPM_DELEGATIONS; + +/* 20.4 TPM_FAMILY_LABEL rev 85 + + Used in the family table to hold a one-byte numeric value (sequence number) that software can map + to a string of bytes that can be displayed or used by applications. + + This is not sensitive data. +*/ + +#if 0 +typedef struct tdTPM_FAMILY_LABEL { + BYTE label; /* A sequence number that software can map to a string of bytes that can be + displayed or used by the applications. This MUST not contain sensitive + information. */ +} TPM_FAMILY_LABEL; +#endif + +typedef BYTE TPM_FAMILY_LABEL; /* NOTE: No need for a structure here */ + +/* 20.5 TPM_FAMILY_TABLE_ENTRY rev 101 + + The family table entry is an individual row in the family table. There are no sensitive values in + a family table entry. + + Each family table entry contains values to facilitate table management: the familyID sequence + number value that associates a family table row with one or more delegate table rows, a + verification sequence number value that identifies when rows in the delegate table were last + verified, and BYTE family label value that software can map to an ASCII text description of the + entity using the family table entry +*/ + +typedef struct tdTPM_FAMILY_TABLE_ENTRY { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_FAMILY_TABLE_ENTRY */ +#endif + TPM_FAMILY_LABEL familyLabel; /* A sequence number that software can map to a string of + bytes that can be displayed of used by the applications. + This MUST not contain sensitive informations. */ + TPM_FAMILY_ID familyID; /* The family ID in use to tie values together. This is not + a sensitive value. */ + TPM_FAMILY_VERIFICATION verificationCount; /* The value inserted into delegation rows to + indicate that they are the current generation of + rows. Used to identify when a row in the delegate + table was last verified. This is not a sensitive + value. */ + TPM_FAMILY_FLAGS flags; /* See section on TPM_FAMILY_FLAGS. */ + /* NOTE Added */ + TPM_BOOL valid; +} TPM_FAMILY_TABLE_ENTRY; + +/* 20.6 TPM_FAMILY_TABLE rev 87 + + The family table is stored in a TPM shielded location. There are no confidential values in the + family table. The family table contains a minimum of 8 rows. +*/ + +#define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8 + +typedef struct tdTPM_FAMILY_TABLE { + TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; +} TPM_FAMILY_TABLE; + +/* 20.7 TPM_DELEGATE_LABEL rev 87 + + Used in both the delegate table and the family table to hold a string of bytes that can be + displayed or used by applications. This is not sensitive data. +*/ + +#if 0 +typedef struct tdTPM_DELEGATE_LABEL { + BYTE label; /* A byte that can be displayed or used by the applications. This MUST not + contain sensitive information. */ +} TPM_DELEGATE_LABEL; +#endif + +typedef BYTE TPM_DELEGATE_LABEL; /* NOTE: No need for structure */ + +/* 20.8 TPM_DELEGATE_PUBLIC rev 101 + + The information of a delegate row that is public and does not have any sensitive information. + + PCR_INFO_SHORT is appropriate here as the command to create this is done using owner + authorization, hence the owner authorized the command and the delegation. There is no need to + validate what configuration was controlling the platform during the blob creation. +*/ + +typedef struct tdTPM_DELEGATE_PUBLIC { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_PUBLIC */ +#endif + TPM_DELEGATE_LABEL rowLabel; /* This SHALL be the label for the row. It + MUST not contain any sensitive information. */ + TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL be the designation of the process that can use + the permission. This is a not sensitive + value. PCR_SELECTION may be NULL. + + If selected the pcrInfo MUST be checked on each use of + the delegation. Use of the delegation is where the + delegation is passed as an authorization handle. */ + TPM_DELEGATIONS permissions; /* This SHALL be the permissions that are allowed to the + indicated process. This is not a sensitive value. */ + TPM_FAMILY_ID familyID; /* This SHALL be the family ID that identifies which family + the row belongs to. This is not a sensitive value. */ + TPM_FAMILY_VERIFICATION verificationCount; /* A copy of verificationCount from the associated + family table. This is not a sensitive value. */ +} TPM_DELEGATE_PUBLIC; + + +/* 20.9 TPM_DELEGATE_TABLE_ROW rev 101 + + A row of the delegate table. +*/ + +typedef struct tdTPM_DELEGATE_TABLE_ROW { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_DELEGATE_TABLE_ROW */ +#endif + TPM_DELEGATE_PUBLIC pub; /* This SHALL be the public information for a table row. */ + TPM_SECRET authValue; /* This SHALL be the authorization value that can use the + permissions. This is a sensitive value. */ + /* NOTE Added */ + TPM_BOOL valid; +} TPM_DELEGATE_TABLE_ROW; + +/* 20.10 TPM_DELEGATE_TABLE rev 87 + + This is the delegate table. The table contains a minimum of 2 rows. + + This will be an entry in the TPM_PERMANENT_DATA structure. +*/ + +#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 + +typedef struct tdTPM_DELEGATE_TABLE { + TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; /* The array of delegations */ +} TPM_DELEGATE_TABLE; + +/* 20.11 TPM_DELEGATE_SENSITIVE rev 115 + + The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains sensitive + information. + + This structure is normative for loading unencrypted blobs before there is an owner. It is + informative for TPM_CreateOwnerDelegation and TPM_LoadOwnerDelegation after there is an owner and + encrypted blobs are used, since the structure is under complete control of the TPM. +*/ + +typedef struct tdTPM_DELEGATE_SENSITIVE { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELEGATE_SENSITIVE */ +#endif + TPM_SECRET authValue; /* AuthData value */ +} TPM_DELEGATE_SENSITIVE; + +/* 20.12 TPM_DELEGATE_OWNER_BLOB rev 87 + + This data structure contains all the information necessary to externally store a set of owner + delegation rights that can subsequently be loaded or used by this TPM. + + The encryption mechanism for the sensitive area is a TPM choice. The TPM may use asymmetric + encryption and the SRK for the key. The TPM may use symmetric encryption and a secret key known + only to the TPM. +*/ + +typedef struct tdTPM_DELEGATE_OWNER_BLOB { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_OWNER_BLOB */ +#endif + TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ + TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire structure */ + TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT + contain any sensitive information. This would include any + IV material for symmetric encryption */ + TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted + TPM_DELEGATE_SENSITIVE */ +} TPM_DELEGATE_OWNER_BLOB; + +/* 20.13 TPM_DELEGATE_KEY_BLOB rev 87 + + A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation information for user + keys. As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash of the corresponding public key + value to the public information. +*/ + +typedef struct tdTPM_DELEGATE_KEY_BLOB { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This MUST be TPM_TAG_DELG_KEY_BLOB */ +#endif + TPM_DELEGATE_PUBLIC pub; /* The public information for this blob */ + TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire + structure */ + TPM_DIGEST pubKeyDigest; /* The digest, that uniquely identifies the key for which + this usage delegation applies. */ + TPM_SIZED_BUFFER additionalArea; /* An area that the TPM can add to the blob which MUST NOT + contain any sensitive information. This would include any + IV material for symmetric encryption */ + TPM_SIZED_BUFFER sensitiveArea; /* The area that contains the encrypted + TPM_DELEGATE_SENSITIVE */ +} TPM_DELEGATE_KEY_BLOB; + +/* 15.1 TPM_CURRENT_TICKS rev 110 + + This structure holds the current number of time ticks in the TPM. The value is the number of time + ticks from the start of the current session. Session start is a variable function that is + platform dependent. Some platforms may have batteries or other power sources and keep the TPM + clock session across TPM initialization sessions. + + The element of the TPM_CURRENT_TICKS structure provides the number of microseconds per + tick. The platform manufacturer must satisfy input clock requirements set by the TPM vendor to + ensure the accuracy of the tickRate. + + No external entity may ever set the current number of time ticks held in TPM_CURRENT_TICKS. This + value is always reset to 0 when a new clock session starts and increments under control of the + TPM. + + Maintaining the relationship between the number of ticks counted by the TPM and some real world + clock is a task for external software. +*/ + +/* This is not a true UINT64, but a special structure to hold currentTicks */ + +typedef struct tdTPM_UINT64 { + uint32_t sec; + uint32_t usec; +} TPM_UINT64; + +typedef struct tdTPM_CURRENT_TICKS { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_CURRENT_TICKS */ +#endif + TPM_UINT64 currentTicks; /* The number of ticks since the start of this tick session */ + /* upper is seconds, lower is useconds */ + uint16_t tickRate; /* The number of microseconds per tick. The maximum resolution of + the TPM tick counter is thus 1 microsecond. The minimum + resolution SHOULD be 1 millisecond. */ + TPM_NONCE tickNonce; /* TPM_NONCE tickNonce The nonce created by the TPM when resetting + the currentTicks to 0. This indicates the beginning of a time + session. This value MUST be valid before the first use of + TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just + prior to first use. */ + /* NOTE Added */ + TPM_UINT64 initialTime; /* Time from TPM_GetTimeOfDay() */ +} TPM_CURRENT_TICKS; + +/* + 13. Transport Structures +*/ + +/* 13.1 TPM _TRANSPORT_PUBLIC rev 87 + + The public information relative to a transport session +*/ + +typedef struct tdTPM_TRANSPORT_PUBLIC { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_PUBLIC */ +#endif + TPM_TRANSPORT_ATTRIBUTES transAttributes; /* The attributes of this session */ + TPM_ALGORITHM_ID algId; /* This SHALL be the algorithm identifier of the + symmetric key. */ + TPM_ENC_SCHEME encScheme; /* This SHALL fully identify the manner in which the + key will be used for encryption operations. */ +} TPM_TRANSPORT_PUBLIC; + +/* 13.2 TPM_TRANSPORT_INTERNAL rev 88 + + The internal information regarding transport session +*/ + +#define TPM_MIN_TRANS_SESSIONS 3 + +typedef struct tdTPM_TRANSPORT_INTERNAL { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_INTERNAL */ +#endif + TPM_AUTHDATA authData; /* The shared secret for this session */ + TPM_TRANSPORT_PUBLIC transPublic; /* The public information of this session */ + TPM_TRANSHANDLE transHandle; /* The handle for this session */ + TPM_NONCE transNonceEven; /* The even nonce for the rolling protocol */ + TPM_DIGEST transDigest; /* The log of transport events */ + /* added kgold */ + TPM_BOOL valid; /* entry is valid */ +} TPM_TRANSPORT_INTERNAL; + +/* 13.3 TPM_TRANSPORT_LOG_IN rev 87 + + The logging of transport commands occurs in two steps, before execution with the input + parameters and after execution with the output parameters. + + This structure is in use for input log calculations. +*/ + +typedef struct tdTPM_TRANSPORT_LOG_IN { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_IN */ +#endif + TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject to the + rules of the command using this structure. To find the exact + calculation refer to the actions in the command using this + structure. */ + TPM_DIGEST pubKeyHash; /* The hash of any keys in the transport command */ +} TPM_TRANSPORT_LOG_IN; + +/* 13.4 TPM_TRANSPORT_LOG_OUT rev 88 + + The logging of transport commands occurs in two steps, before execution with the input parameters + and after execution with the output parameters. + + This structure is in use for output log calculations. + + This structure is in use for the INPUT logging during releaseTransport. +*/ + +typedef struct tdTPM_TRANSPORT_LOG_OUT { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_LOG_OUT */ +#endif + TPM_CURRENT_TICKS currentTicks; /* The current tick count. This SHALL be the value of the + current TPM tick counter. */ + TPM_DIGEST parameters; /* The actual parameters contained in the digest are subject + to the rules of the command using this structure. To find + the exact calculation refer to the actions in the command + using this structure. */ + TPM_MODIFIER_INDICATOR locality; /* The locality that called TPM_ExecuteTransport */ +} TPM_TRANSPORT_LOG_OUT; + +/* 13.5 TPM_TRANSPORT_AUTH structure rev 87 + + This structure provides the validation for the encrypted AuthData value. +*/ + +typedef struct tdTPM_TRANSPORT_AUTH { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_TRANSPORT_AUTH */ +#endif + TPM_AUTHDATA authData; /* The AuthData value */ +} TPM_TRANSPORT_AUTH; + +/* 22.3 TPM_DAA_ISSUER rev 91 + + This structure is the abstract representation of non-secret settings controlling a DAA + context. The structure is required when loading public DAA data into a TPM. TPM_DAA_ISSUER + parameters are normally held outside the TPM as plain text data, and loaded into a TPM when a DAA + session is required. A TPM_DAA_ISSUER structure contains no integrity check: the TPM_DAA_ISSUER + structure at time of JOIN is indirectly verified by the issuer during the JOIN process, and a + digest of the verified TPM_DAA_ISSUER structure is held inside the TPM_DAA_TPM structure created + by the JOIN process. Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and + used to verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored + in its native form to reduce command complexity. +*/ + +typedef struct tdTPM_DAA_ISSUER { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_ISSUER */ +#endif + TPM_DIGEST DAA_digest_R0; /* A digest of the parameter "R0", which is not secret and may be + common to many TPMs. */ + TPM_DIGEST DAA_digest_R1; /* A digest of the parameter "R1", which is not secret and may be + common to many TPMs. */ + TPM_DIGEST DAA_digest_S0; /* A digest of the parameter "S0", which is not secret and may be + common to many TPMs. */ + TPM_DIGEST DAA_digest_S1; /* A digest of the parameter "S1", which is not secret and may be + common to many TPMs. */ + TPM_DIGEST DAA_digest_n; /* A digest of the parameter "n", which is not secret and may be + common to many TPMs. */ + TPM_DIGEST DAA_digest_gamma; /* A digest of the parameter "gamma", which is not secret + and may be common to many TPMs. */ + BYTE DAA_generic_q[26]; /* The parameter q, which is not secret and may be common to + many TPMs. Note that q is slightly larger than a digest, + but is stored in its native form to simplify the + TPM_DAA_join command. Otherwise, JOIN requires 3 input + parameters. */ +} TPM_DAA_ISSUER; + +/* 22.4 TPM_DAA_TPM rev 91 + + This structure is the abstract representation of TPM specific parameters used during a DAA + context. TPM-specific DAA parameters may be stored outside the TPM, and hence this + structure is needed to save private DAA data from a TPM, or load private DAA data into a + TPM. + + If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format that + can be interpreted only by the TPM created it. This is to ensure that secret parameters are + rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form a + self-consistent set. + + TPM_DAA_TPM includes a digest of the public DAA parameters that were used during creation of the + TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is being used with the public + DAA parameters used to create the TPM_DAA_TPM structure. Parameters DAA_digest_v0 and + DAA_digest_v1 are digests of public DAA_private_v0 and DAA_private_v1 parameters, and used to + verify that the correct private parameters have been loaded. + + Parameter DAA_count is stored in its native form, because it is smaller than a digest, and is + required to enforce consistency. +*/ + +typedef struct tdTPM_DAA_TPM { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_TPM */ +#endif + TPM_DIGEST DAA_digestIssuer; /* A digest of a TPM_DAA_ISSUER structure that contains the + parameters used to generate this TPM_DAA_TPM + structure. */ + TPM_DIGEST DAA_digest_v0; /* A digest of the parameter "v0", which is secret and specific to + this TPM. "v0" is generated during a JOIN phase. */ + TPM_DIGEST DAA_digest_v1; /* A digest of the parameter "v1", which is secret and specific to + this TPM. "v1" is generated during a JOIN phase. */ + TPM_DIGEST DAA_rekey; /* A digest related to the rekeying process, which is not secret but + is specific to this TPM, and must be consistent across JOIN/SIGN + sessions. "rekey" is generated during a JOIN phase. */ + uint32_t DAA_count; /* The parameter "count", which is not secret but must be consistent + across JOIN/SIGN sessions. "count" is an input to the TPM from + the host system. */ +} TPM_DAA_TPM; + +/* 22.5 TPM_DAA_CONTEXT rev 91 + + TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM. This + entire section is informative as the TPM does not expose this structure. TPM_DAA_CONTEXT + includes a digest of the public and private DAA parameters that were used during creation of the + TPM_DAA_CONTEXT structure. This is needed to verify that a TPM_DAA_CONTEXT is being used with the + public and private DAA parameters used to create the TPM_DAA_CONTEXT structure. +*/ + +typedef struct tdTPM_DAA_CONTEXT { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_CONTEXT */ +#endif + TPM_DIGEST DAA_digestContext; /* A digest of parameters used to generate this + structure. The parameters vary, depending on whether the + session is a JOIN session or a SIGN session. */ + TPM_DIGEST DAA_digest; /* A running digest of certain parameters generated during DAA + computation; operationally the same as a PCR (which holds a + running digest of integrity metrics). */ + TPM_DAA_CONTEXT_SEED DAA_contextSeed; /* The seed used to generate other DAA + session parameters */ + BYTE DAA_scratch[256]; /* Memory used to hold different parameters at different + times of DAA computation, but only one parameter at a + time. The maximum size of this field is 256 bytes */ + BYTE DAA_stage; /* A counter, indicating the stage of DAA computation that was most + recently completed. The value of the counter is zero if the TPM + currently contains no DAA context. + + When set to zero (0) the TPM MUST clear all other fields in this + structure. + + The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) */ + TPM_BOOL DAA_scratch_null; +} TPM_DAA_CONTEXT; + +/* 22.6 TPM_DAA_JOINDATA rev 91 + + This structure is the abstract representation of data that exists only during a specific JOIN + session. +*/ + +typedef struct tdTPM_DAA_JOINDATA { + BYTE DAA_join_u0[128]; /* A TPM-specific secret "u0", used during the JOIN phase, + and discarded afterwards. */ + BYTE DAA_join_u1[138]; /* A TPM-specific secret "u1", used during the JOIN phase, + and discarded afterwards. */ + TPM_DIGEST DAA_digest_n0; /* A digest of the parameter "n0", which is an RSA public key with + exponent 2^16 +1 */ +} TPM_DAA_JOINDATA; + +/* DAA Session structure + +*/ + +#define TPM_MIN_DAA_SESSIONS 2 + +typedef struct tdTPM_DAA_SESSION_DATA { + TPM_DAA_ISSUER DAA_issuerSettings; /* A set of DAA issuer parameters controlling a DAA + session. (non-secret) */ + TPM_DAA_TPM DAA_tpmSpecific; /* A set of DAA parameters associated with a + specific TPM. (secret) */ + TPM_DAA_CONTEXT DAA_session; /* A set of DAA parameters associated with a DAA + session. (secret) */ + TPM_DAA_JOINDATA DAA_joinSession; /* A set of DAA parameters used only during the JOIN + phase of a DAA session, and generated by the + TPM. (secret) */ + /* added kgold */ + TPM_HANDLE daaHandle; /* DAA session handle */ + TPM_BOOL valid; /* array entry is valid */ + /* FIXME should have handle type Join or Sign */ +} TPM_DAA_SESSION_DATA; + +/* 22.8 TPM_DAA_BLOB rev 98 + + The structure passed during the join process +*/ + +typedef struct tdTPM_DAA_BLOB { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_BLOB */ +#endif + TPM_RESOURCE_TYPE resourceType; /* The resource type: enc(DAA_tpmSpecific) or enc(v0) or + enc(v1) */ + BYTE label[16]; /* Label for identification of the blob. Free format + area. */ + TPM_DIGEST blobIntegrity; /* The integrity of the entire blob including the sensitive + area. This is a HMAC calculation with the entire + structure (including sensitiveData) being the hash and + daaProof is the secret */ + TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define + and reload the context. The information held in this area + MUST NOT expose any information held in shielded + locations. This should include any IV for symmetric + encryption */ + TPM_SIZED_BUFFER sensitiveData; /* A TPM_DAA_SENSITIVE structure */ +#if 0 + uint32_t additionalSize; + [size_is(additionalSize)] BYTE* additionalData; + uint32_t sensitiveSize; + [size_is(sensitiveSize)] BYTE* sensitiveData; +#endif +} TPM_DAA_BLOB; + +/* 22.9 TPM_DAA_SENSITIVE rev 91 + + The encrypted area for the DAA parameters +*/ + +typedef struct tdTPM_DAA_SENSITIVE { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DAA_SENSITIVE */ +#endif + TPM_SIZED_BUFFER internalData; /* DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 */ +#if 0 + uint32_t internalSize; + [size_is(internalSize)] BYTE* internalData; +#endif +} TPM_DAA_SENSITIVE; + +#endif + +/* 7.1 TPM_PERMANENT_FLAGS rev 110 + + These flags maintain state information for the TPM. The values are not affected by any + TPM_Startup command. + + The flag history includes: + + Rev 62 specLevel 1 errataRev 0: 15 BOOLs + Rev 85 specLevel 2 errataRev 0: 19 BOOLs + Added: nvLocked, readSRKPub, tpmEstablished, maintenanceDone + Rev 94 specLevel 2 errataRev 1: 19 BOOLs + Rev 103 specLevel 2 errataRev 2: 20 BOOLs + Added: disableFullDALogicInfo +*/ + +typedef struct tdTPM_PERMANENT_FLAGS { + TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_FLAGS */ + TPM_BOOL disable; /* disable The state of the disable flag. The default state is TRUE + */ + TPM_BOOL ownership; /* The ability to install an owner. The default state is TRUE. */ + TPM_BOOL deactivated; /* The state of the inactive flag. The default state is TRUE. */ + TPM_BOOL readPubek; /* The ability to read the PUBEK without owner authorization. The + default state is TRUE. + + set TRUE on owner clear + set FALSE on take owner, disablePubekRead + */ + TPM_BOOL disableOwnerClear; /* Whether the owner authorized clear commands are active. The + default state is FALSE. */ + TPM_BOOL allowMaintenance; /* Whether the TPM Owner may create a maintenance archive. The + default state is TRUE. */ + TPM_BOOL physicalPresenceLifetimeLock; /* This bit can only be set to TRUE; it cannot be set to + FALSE except during the manufacturing process. + + FALSE: The state of either physicalPresenceHWEnable or + physicalPresenceCMDEnable MAY be changed. (DEFAULT) + + TRUE: The state of either physicalPresenceHWEnable or + physicalPresenceCMDEnable MUST NOT be changed for the + life of the TPM. */ + TPM_BOOL physicalPresenceHWEnable; /* FALSE: Disable the hardware signal indicating physical + presence. (DEFAULT) + + TRUE: Enables the hardware signal indicating physical + presence. */ + TPM_BOOL physicalPresenceCMDEnable; /* FALSE: Disable the command indicating physical + presence. (DEFAULT) + + TRUE: Enables the command indicating physical + presence. */ + TPM_BOOL CEKPUsed; /* TRUE: The PRIVEK and PUBEK were created using + TPM_CreateEndorsementKeyPair. + + FALSE: The PRIVEK and PUBEK were created using a manufacturer's + process. NOTE: This flag has no default value as the key pair + MUST be created by one or the other mechanism. */ + TPM_BOOL TPMpost; /* TRUE: After TPM_Startup, if there is a call to + TPM_ContinueSelfTest the TPM MUST execute the actions of + TPM_SelfTestFull + + FALSE: After TPM_Startup, if there is a call to + TPM_ContinueSelfTest the TPM MUST execute TPM_ContinueSelfTest + + If the TPM supports the implicit invocation of + TPM_ContinueSelftTest upon the use of an untested resource, the + TPM MUST use the TPMPost flag to call either TPM_ContinueSelfTest + or TPM_SelfTestFull + + The TPM manufacturer sets this bit during TPM manufacturing and + the bit is unchangeable after shipping the TPM + + The default state is FALSE */ + TPM_BOOL TPMpostLock; /* With the clarification of TPMPost TPMpostLock is now + unnecessary. + This flag is now deprecated */ + TPM_BOOL FIPS; /* TRUE: This TPM operates in FIPS mode + FALSE: This TPM does NOT operate in FIPS mode */ + TPM_BOOL tpmOperator; /* TRUE: The operator authorization value is valid + FALSE: the operator authorization value is not set */ + TPM_BOOL enableRevokeEK; /* TRUE: The TPM_RevokeTrust command is active + FALSE: the TPM RevokeTrust command is disabled */ + TPM_BOOL nvLocked; /* TRUE: All NV area authorization checks are active + FALSE: No NV area checks are performed, except for maxNVWrites. + FALSE is the default value */ + TPM_BOOL readSRKPub; /* TRUE: GetPubKey will return the SRK pub key + FALSE: GetPubKey will not return the SRK pub key + Default SHOULD be FALSE */ + TPM_BOOL tpmEstablished; /* TRUE: TPM_HASH_START has been executed at some time + FALSE: TPM_HASH_START has not been executed at any time + Default is FALSE - resets using TPM_ResetEstablishmentBit */ + TPM_BOOL maintenanceDone; /* TRUE: A maintenance archive has been created for the current + SRK */ + TPM_BOOL disableFullDALogicInfo; /* TRUE: The full dictionary attack TPM_GetCapability info is + deactivated. The returned structure is TPM_DA_INFO_LIMITED. + FALSE: The full dictionary attack TPM_GetCapability info is + activated. The returned structure is TPM_DA_INFO. + Default is FALSE. + */ + /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized + structure */ +} TPM_PERMANENT_FLAGS; + +/* 7.2 TPM_STCLEAR_FLAGS rev 109 + + These flags maintain state that is reset on each TPM_Startup(ST_Clear) command. The values are + not affected by TPM_Startup(ST_State) commands. +*/ + +typedef struct tdTPM_STCLEAR_FLAGS { + TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_FLAGS */ + TPM_BOOL deactivated; /* Prevents the operation of most capabilities. There is no + default state. It is initialized by TPM_Startup to the + same value as TPM_PERMANENT_FLAGS -> + deactivated. TPM_SetTempDeactivated sets it to TRUE. */ + TPM_BOOL disableForceClear; /* Prevents the operation of TPM_ForceClear when TRUE. The + default state is FALSE. TPM_DisableForceClear sets it to + TRUE. */ + TPM_BOOL physicalPresence; /* Command assertion of physical presence. The default state + is FALSE. This flag is affected by the + TSC_PhysicalPresence command but not by the hardware + signal. */ + TPM_BOOL physicalPresenceLock; /* Indicates whether changes to the TPM_STCLEAR_FLAGS -> + physicalPresence flag are permitted. + TPM_Startup(ST_CLEAR) sets PhysicalPresenceLock to its + default state of FALSE (allow changes to the + physicalPresence flag). When TRUE, the physicalPresence + flag is FALSE. TSC_PhysicalPresence can change the state + of physicalPresenceLock. */ + TPM_BOOL bGlobalLock; /* Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE + when a write to NV_Index =0 is successful */ + /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized + structure */ +} TPM_STCLEAR_FLAGS; + +#if 0 + + +/* 7.3 TPM_STANY_FLAGS rev 87 + + These flags reset on any TPM_Startup command. +*/ + +typedef struct tdTPM_STANY_FLAGS { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_FLAGS */ +#endif + TPM_BOOL postInitialise; /* Prevents the operation of most capabilities. There is no default + state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it + to FALSE. */ + TPM_MODIFIER_INDICATOR localityModifier; /*This SHALL indicate for each command the presence of + a locality modifier for the command. It MUST be set + to NULL after the TPM executes each command. */ +#if 0 + TPM_BOOL transportExclusive; /* Defaults to FALSE. TRUE when there is an exclusive transport + session active. Execution of ANY command other than + TPM_ExecuteTransport or TPM_ReleaseTransportSigned MUST + invalidate the exclusive transport session. + */ +#endif + TPM_TRANSHANDLE transportExclusive; /* Defaults to 0x00000000, Set to the handle when an + exclusive transport session is active */ + TPM_BOOL TOSPresent; /* Defaults to FALSE + Set to TRUE on TPM_HASH_START + set to FALSE using setCapability */ + /* NOTE: Added kgold */ + TPM_BOOL stateSaved; /* Defaults to FALSE + Set to TRUE on TPM_SaveState + Set to FALSE on any other ordinal + + This is an optimization flag, so the file need not be deleted if + it does not exist. + */ +} TPM_STANY_FLAGS; + +/* 7.4 TPM_PERMANENT_DATA rev 105 + + This structure contains the data fields that are permanently held in the TPM and not affected by + TPM_Startup(any). + + Many of these fields contain highly confidential and privacy sensitive material. The TPM must + maintain the protections around these fields. +*/ + +#define TPM_MIN_COUNTERS 4 /* the minimum number of counters is 4 */ +#define TPM_DELEGATE_KEY TPM_KEY +#define TPM_MAX_NV_WRITE_NOOWNER 64 + +/* Although the ordinal is 32 bits, only the lower 8 bits seem to be used. So for now, define an + array of 256/8 bytes for ordinalAuditStatus - kgold */ + +#define TPM_ORDINALS_MAX 256 /* assumes a multiple of CHAR_BIT */ +#define TPM_AUTHDIR_SIZE 1 /* Number of DIR registers */ + +#ifdef TPM_VTPM + +/* Substructure of TPM_PERMANENT_DATA for VTPM instance data + + */ + +typedef struct tdTPM_PERMANENT_INSTANCE_DATA { + uint32_t creationMask; /* creationMask from TPM_CreateInstance */ + TPM_INSTANCE_HANDLE parentHandle; /* instance handle of this instance's parent instance */ + TPM_SIZED_BUFFER childHandles; /* instance handle list of this instance's children */ + TPM_NONCE migrationNonce; /* Controls state import using TPM_SetInstanceData */ + TPM_DIGEST migrationDigest; /* Digest of all migrated data structures */ + TPM_BOOL sourceLock; /* Lock instance before export migration */ + TPM_BOOL destinationLock; /* Lock instance before import migration */ + +} TPM_PERMANENT_INSTANCE_DATA; + +#endif /* TPM_VTPM */ + +#ifdef TPM_VENDOR + +/* + WEC_CFG_STRUCT +*/ + +/* Winbond preconfiguration */ + +typedef struct tdTPM_WEC_CFG_STRUCT { + BYTE lowBaseAddress; /* reserved - keep FFh value */ + BYTE highBaseAddress; /* reserved - keep FFh value */ + BYTE altCfg; /* GPIO alternate configuration */ + BYTE direction; /* direction (input/output) of GPIO pins */ + BYTE pullUp; /* pull-up of GPIO input pins */ + BYTE pushPull; /* push-pull of open drain of GPIO output pins */ + BYTE cfg_a; /* hardware physical presence, 32 khz clock */ + BYTE cfg_b; /* reserved - keep FFh value */ + BYTE cfg_c; /* reserved - keep FFh value */ + BYTE cfg_d; /* reserved - keep FFh value */ + BYTE cfg_e; /* reserved - keep FFh value */ + BYTE cfg_f; /* software binding */ + BYTE cfg_g; /* tplPost flagm N_FAILS and WEC_GetTpmStatus */ + BYTE cfg_h; /* LpcSelfTest and FIPS flags */ + BYTE cfg_i; /* reserved - keep FFh value */ + BYTE cfg_j; /* reserved - keep FFh value */ +} TPM_WEC_CFG_STRUCT; + +#endif /*TPM_VENDOR */ + + +typedef struct tdTPM_PERMANENT_DATA { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_PERMANENT_DATA */ +#endif + BYTE revMajor; /* This is the TPM major revision indicator. This SHALL be set by + the TPME, only. The default value is manufacturer-specific. */ + BYTE revMinor; /* This is the TPM minor revision indicator. This SHALL be set by + the TPME, only. The default value is manufacturer-specific. */ + TPM_SECRET tpmProof; /* This is a random number that each TPM maintains to validate blobs + in the SEAL and other processes. The default value is + manufacturer-specific. */ + TPM_NONCE EKReset; /* Nonce held by TPM to validate TPM_RevokeTrust. This value is set + as the next 20 bytes from the TPM RNG when the EK is set + (was fipsReset - kgold) */ + TPM_SECRET ownerAuth; /* This is the TPM-Owner's authorization data. The default value is + manufacturer-specific. */ + TPM_SECRET operatorAuth; /* The value that allows the execution of the SetTempDeactivated + command */ + TPM_DIRVALUE authDIR; /* The array of TPM Owner authorized DIR. Points to the same + location as the NV index value. (kgold - was array of 1) */ +#ifndef TPM_NOMAINTENANCE + TPM_PUBKEY manuMaintPub; /* This is the manufacturer's public key to use in the maintenance + operations. The default value is manufacturer-specific. */ +#endif + TPM_KEY endorsementKey; /* This is the TPM's endorsement key pair. */ + TPM_KEY srk; /* This is the TPM's StorageRootKey. */ + TPM_SYMMETRIC_KEY_TOKEN contextKey; /* This is the key in use to perform context saves. The key + may be symmetric or asymmetric. The key size is + predicated by the algorithm in use. */ + TPM_SYMMETRIC_KEY_TOKEN delegateKey; /* This key encrypts delegate rows that are stored + outside the TPM. */ + TPM_COUNTER_VALUE auditMonotonicCounter; /* This SHALL be the audit monotonic counter for the + TPM. This value starts at 0 and increments + according to the rules of auditing */ + TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS]; /* This SHALL be the monotonic + counters for the TPM. The + individual counters start and + increment according to the rules + of monotonic counters. */ + TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; /* The attributes for all of the PCR registers + supported by the TPM. */ + BYTE ordinalAuditStatus[TPM_ORDINALS_MAX/CHAR_BIT]; /* Table indicating which ordinals are being + audited. */ +#if 0 + /* kgold - The xcrypto RNG is good enough that this is not needed */ + BYTE* rngState; /* State information describing the random number + generator. */ +#endif + TPM_FAMILY_TABLE familyTable; /* The family table in use for delegations */ + TPM_DELEGATE_TABLE delegateTable; /* The delegate table */ + uint32_t lastFamilyID; /* A value that sets the high water mark for family ID's. Set to 0 + during TPM manufacturing and never reset. */ + uint32_t noOwnerNVWrite; /* The count of NV writes that have occurred when there is no TPM + Owner. + + This value starts at 0 in manufacturing and after each + TPM_OwnerClear. If the value exceeds 64 the TPM returns + TPM_MAXNVWRITES to any command attempting to manipulate the NV + storage. */ + TPM_CMK_DELEGATE restrictDelegate; /* The settings that allow for the delegation and + use on CMK keys. Default value is false. */ + TPM_DAA_TPM_SEED tpmDAASeed; /* This SHALL be a random value generated after generation + of the EK. + + tpmDAASeed does not change during TPM Owner changes. If + the EK is removed (RevokeTrust) then the TPM MUST + invalidate the tpmDAASeed. The owner can force a change + in the value through TPM_SetCapability. + + (linked to daaProof) */ + TPM_NONCE daaProof; /* This is a random number that each TPM maintains to validate blobs + in the DAA processes. The default value is manufacturer-specific. + + The value is not changed when the owner is changed. It is + changed when the EK changes. The owner can force a change in the + value through TPM_SetCapability. */ + unsigned char *daaBlobKey; /* This is the key in use to perform DAA encryption and decryption. + The key may be symmetric or asymmetric. The key size is + predicated by the algorithm in use. + + This value MUST be changed when daaProof changes. + + This key MUST NOT be a copy of the EK or SRK. + + (linked to daaProof) */ + /* NOTE: added kgold */ + TPM_BOOL ownerInstalled; /* TRUE: The TPM has an owner installed. + FALSE: The TPM has no owner installed. (default) */ + BYTE tscOrdinalAuditStatus; /* extra byte to track TSC ordinals */ +#ifdef TPM_VTPM /* VTPM specific ordinals */ + uint32_t instanceOrdinalAuditStatus1; /* extra longs to track vendor specific ordinals */ + uint32_t instanceOrdinalAuditStatus2; +#endif + TPM_BOOL allowLoadMaintPub; /* TRUE allows the TPM_LoadManuMaintPub command */ + +#ifdef TPM_VTPM + TPM_PERMANENT_INSTANCE_DATA instanceData; /* substructure for VTPM instance data */ +#endif +#ifdef TPM_VENDOR + TPM_WEC_CFG_STRUCT wecPreConfig; /* Winbond preconfiguration data */ + TPM_BOOL preConfigSet; /* TRUE if the structure has been set through + WEC_PreConfig */ +#endif +} TPM_PERMANENT_DATA; + +#define TPM_MIN_AUTH_SESSIONS 3 + +/* NOTE: Vendor specific */ + +typedef struct tdTPM_AUTH_SESSION_DATA { + /* vendor specific */ + TPM_AUTHHANDLE handle; /* Handle for a session */ + TPM_PROTOCOL_ID protocolID; /* TPM_PID_OIAP, TPM_PID_OSAP, TPM_PID_DSAP */ + TPM_ENT_TYPE entityTypeByte; /* The type of entity in use (TPM_ET_SRK, TPM_ET_OWNER, + TPM_ET_KEYHANDLE ... */ + TPM_ADIP_ENC_SCHEME adipEncScheme; /* ADIP encryption scheme */ + TPM_NONCE nonceEven; /* OIAP, OSAP, DSAP */ + TPM_SECRET sharedSecret; /* OSAP */ + TPM_DIGEST entityDigest; /* OSAP tracks which entity established the OSAP session */ + TPM_DELEGATE_PUBLIC pub; /* DSAP */ + TPM_BOOL valid; /* added kgold: array entry is valid */ +} TPM_AUTH_SESSION_DATA; + +#ifdef TPM_VTPM +/* 3.3.2 TPM_PCR_LIST + + TPM_PCR_LIST is a structure saved by TPM_SetupInstance and returned by TPM_GetCapability. +*/ + +typedef struct tdTPM_PCR_LIST { + TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ + TPM_DIGEST inDigest; /* The digest representing the event to be recorded. */ + BYTE eventID; /* Identifier for measurements */ +#if 0 + uint32_t nameSize; /* The size of the name area */ + BYTE* name; /* Name of an initial measurement */ +#endif + TPM_SIZED_BUFFER name; +} TPM_PCR_LIST; + +/* TPM_PCR_LIST_TIMESTAMP + + TPM_PCR_LIST_TIMESTAMP is a structure saved by the TPM when logging PCR extensions and returned + by TPM_GetCapability. +*/ + +typedef struct tdTPM_PCR_LIST_TIMESTAMP { + TPM_COMMAND_CODE ordinal; /* The ordinal that altered the PCR */ + TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ + TPM_DIGEST digest; /* The digest representing the recorded PCR Extension */ + uint32_t timestamp_hi; /* time of the log entry */ + uint32_t timestamp_lo; +} TPM_PCR_LIST_TIMESTAMP; + +/* TPM_PCR_LIST_TIMESTAMP_INST + + TPM_PCR_LIST_TIMESTAMP_INST is a structure created by the TPM when notifying clients of PCR + extensions. +*/ + +typedef struct tdTPM_PCR_LIST_TIMESTAMP_INST { + TPM_INSTANCE_HANDLE instance; /* instance handle */ + TPM_COMMAND_CODE ordinal; /* The ordinal that altered the PCR */ + TPM_PCRINDEX pcrIndex; /* Index to a PCR register */ + TPM_DIGEST digest; /* The digest representing the recorded PCR Extensions. */ + uint32_t timestamp_hi; /* time of the log entry */ + uint32_t timestamp_lo; +} TPM_PCR_LIST_TIMESTAMP_INST; + +/* Added for virtual TPM support */ + +typedef struct tdTPM_VTPM_INSTANCE { + TPM_SYMMETRIC_KEY_TOKEN instanceEncKey; /* symmetric key to encrypt instance migration + blobs */ + TPM_SECRET instanceHmacKey; /* secret used to MAC instance migration blobs */ + TPM_SIZED_BUFFER pcrList; /* PCR lists from TPM_SetupInstance */ + TPM_PCR_SELECTION logPCRSelection; /* Indices of PCRs that should be saved for logging */ + TPM_PCR_SELECTION subscribePCRSelection; /* Indices of PCRs that should be reported to a + subscriber */ + uint32_t logLengthMax; /* Upper limit on the length of the buffer (number of + measurements) used for logging of measurements */ + uint32_t logLength; /* number of measurements in the log */ + TPM_BOOL logOverflow; /* pcrMeasurementLog has overflowed */ + uint32_t subscribeSequenceNumber; /* count of measurements sent to subscriber */ +} TPM_VTPM_INSTANCE; + +#endif /* TPM_VTPM */ + +/* 3. contextList MUST support a minimum of 16 entries, it MAY support more. */ +#define TPM_MIN_SESSION_LIST 16 + +/* 7.5 TPM_STCLEAR_DATA rev 101 + + This is an informative structure and not normative. It is purely for convenience of writing the + spec. + + Most of the data in this structure resets on TPM_Startup(ST_Clear). A TPM may implement rules + that provide longer-term persistence for the data. The TPM reflects how it handles the data in + various TPM_GetCapability fields including startup effects. +*/ + +typedef struct tdTPM_STCLEAR_DATA { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_STCLEAR_DATA */ +#endif + TPM_NONCE contextNonceKey; /* This is the nonce in use to properly identify saved key context + blobs This SHALL be set to all zeros on each TPM_Startup + (ST_Clear). + */ + TPM_COUNT_ID countID; /* This is the handle for the current monotonic counter. This SHALL + be set to zero on each TPM_Startup(ST_Clear). */ + uint32_t ownerReference; /* Points to where to obtain the owner secret in OIAP and OSAP + commands. This allows a TSS to manage 1.1 applications on a 1.2 + TPM where delegation is in operation. */ + TPM_BOOL disableResetLock; /* Disables TPM_ResetLockValue upon authorization failure. + The value remains TRUE for the timeout period. + + Default is FALSE. + + The value is in the STCLEAR_DATA structure as the + implementation of this flag is TPM vendor specific. */ + TPM_PCRVALUE PCRS[TPM_NUM_PCR]; /* Platform configuration registers */ +#if (TPM_REVISION >= 103) /* added for rev 103 */ + uint32_t deferredPhysicalPresence; /* The value can save the assertion of physicalPresence. + Individual bits indicate to its ordinal that + physicalPresence was previously asserted when the + software state is such that it can no longer be asserted. + Set to zero on each TPM_Startup(ST_Clear). */ +#endif + /* NOTE: Added for dictionary attack mitigation */ + uint32_t authFailCount; /* number of authorization failures without a TPM_ResetLockValue */ + uint32_t authFailTime; /* time of threshold failure in seconds */ + /* NOTE: Moved from TPM_STANY_DATA. Saving this state is optional. This implementation + does. */ + TPM_AUTH_SESSION_DATA authSessions[TPM_MIN_AUTH_SESSIONS]; /* List of current + sessions. Sessions can be OSAP, + OIAP, DSAP and Transport */ + /* NOTE: Added for transport */ + TPM_TRANSPORT_INTERNAL transSessions[TPM_MIN_TRANS_SESSIONS]; + /* 22.7 TPM_STANY_DATA Additions (for DAA) - moved to TPM_STCLEAR_DATA for startup state */ + TPM_DAA_SESSION_DATA daaSessions[TPM_MIN_DAA_SESSIONS]; + /* 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same + time. */ + TPM_NONCE contextNonceSession; /* This is the nonce in use to properly identify saved + session context blobs. This MUST be set to all zeros on + each TPM_Startup (ST_Clear). The nonce MAY be set to + null on TPM_Startup( any). */ + uint32_t contextCount; /* This is the counter to avoid session context blob replay + attacks. This MUST be set to 0 on each TPM_Startup + (ST_Clear). The value MAY be set to 0 on TPM_Startup + (any). */ + uint32_t contextList[TPM_MIN_SESSION_LIST]; /* This is the list of outstanding session blobs. + All elements of this array MUST be set to 0 on + each TPM_Startup (ST_Clear). The values MAY be + set to 0 on TPM_Startup (any). */ + /* NOTE Added auditDigest effect, saved with ST_STATE */ + TPM_DIGEST auditDigest; /* This is the extended value that is the audit log. This + SHALL be set to all zeros at the start of each audit + session. */ + /* NOTE Storage for the ordinal response */ + TPM_STORE_BUFFER ordinalResponse; /* outgoing response buffer for this ordinal */ + uint32_t responseCount; /* increments after each response */ +} TPM_STCLEAR_DATA; + +/* 7.6 TPM_STANY_DATA rev 87 + + This is an informative structure and not normative. It is purely for convenience of writing the + spec. + + Most of the data in this structure resets on TPM_Startup(ST_State). A TPM may implement rules + that provide longer-term persistence for the data. The TPM reflects how it handles the data in + various getcapability fields including startup effects. +*/ + +typedef struct tdTPM_STANY_DATA { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_STANY_DATA */ +#endif + TPM_CURRENT_TICKS currentTicks; /* This is the current tick counter. This is reset to 0 + according to the rules when the TPM can tick. See the + section on the tick counter for details. */ +} TPM_STANY_DATA; + +/* 11. Signed Structures */ + +/* 11.1 TPM_CERTIFY_INFO rev 101 + + When the TPM certifies a key, it must provide a signature with a TPM identity key on information + that describes that key. This structure provides the mechanism to do so. + + Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other + signature headers. +*/ + +typedef struct tdTPM_CERTIFY_INFO { + TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ + TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified. The + upper byte MUST be zero */ + TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding + parameter in the TPM_KEY structure that describes the + public key that is being certified. The upper byte MUST + be zero */ + TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified */ + TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified */ + TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> + key in a TPM_KEY representation of the key to be + certified */ + TPM_NONCE data; /* This SHALL be externally provided data. */ + TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a + PCR */ + TPM_SIZED_BUFFER pcrInfo; /* */ +#if 0 + uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value + of zero indicates that the key is not wrapped to a PCR */ + BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO structure. */ +#endif + /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ + TPM_PCR_INFO *tpm_pcr_info; +} TPM_CERTIFY_INFO; + +/* 11.2 TPM_CERTIFY_INFO2 rev 101 + + When the TPM certifies a key, it must provide a signature with a TPM identity key on information + that describes that key. This structure provides the mechanism to do so. + + Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other + signature headers. +*/ + +typedef struct tdTPM_CERTIFY_INFO2 { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CERTIFY_INFO2 */ +#endif + BYTE fill; /* MUST be 0x00 */ + TPM_PAYLOAD_TYPE payloadType; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified */ + TPM_KEY_USAGE keyUsage; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified. The + upper byte MUST be zero */ + TPM_KEY_FLAGS keyFlags; /* This SHALL be set to the same value as the corresponding + parameter in the TPM_KEY structure that describes the + public key that is being certified. The upper byte MUST + be zero. */ + TPM_AUTH_DATA_USAGE authDataUsage; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified */ + TPM_KEY_PARMS algorithmParms; /* This SHALL be the same value that would be set in a + TPM_KEY representation of the key to be certified */ + TPM_DIGEST pubkeyDigest; /* This SHALL be a digest of the value TPM_KEY -> pubKey -> + key in a TPM_KEY representation of the key to be + certified */ + TPM_NONCE data; /* This SHALL be externally provided data. */ + TPM_BOOL parentPCRStatus; /* This SHALL indicate if any parent key was wrapped to a + PCR */ +#if 0 + uint32_t PCRInfoSize; /* This SHALL be the size of the pcrInfo parameter. A value + of zero indicates that the key is not wrapped to a PCR */ + BYTE* PCRInfo; /* This SHALL be the TPM_PCR_INFO_SHORT structure. */ +#endif + TPM_SIZED_BUFFER pcrInfo; +#if 0 + uint32_t migrationAuthoritySize; /* This SHALL be the size of migrationAuthority */ + BYTE *migrationAuthority; /* If the key to be certified has [payload == + TPM_PT_MIGRATE_RESTRICTED or payload + ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the + digest of the TPM_MSA_COMPOSITE and has TYPE == + TPM_DIGEST. Otherwise it is NULL. */ +#endif + TPM_SIZED_BUFFER migrationAuthority; + /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */ + TPM_PCR_INFO_SHORT *tpm_pcr_info_short; +} TPM_CERTIFY_INFO2; + +/* 11.3 TPM_QUOTE_INFO rev 87 + + This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. +*/ + +typedef struct tdTPM_QUOTE_INFO { + TPM_STRUCT_VER version; /* This MUST be 1.1.0.0 */ + BYTE fixed[4]; /* This SHALL always be the string 'QUOT' */ + TPM_COMPOSITE_HASH digestValue; /* This SHALL be the result of the composite hash algorithm + using the current values of the requested PCR indices. */ + TPM_NONCE externalData; /* 160 bits of externally supplied data */ +} TPM_QUOTE_INFO; + +#endif + +/* 11.4 TPM_QUOTE_INFO2 rev 87 + + This structure provides the mechanism for the TPM to quote the current values of a list of PCRs. +*/ + +typedef struct tdTPM_QUOTE_INFO2 { + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_QUOTE_INFO2 */ + BYTE fixed[4]; /* This SHALL always be the string 'QUT2' */ + TPM_NONCE externalData; /* 160 bits of externally supplied data */ + TPM_PCR_INFO_SHORT infoShort; /* */ +} TPM_QUOTE_INFO2; + +/* 12.1 TPM_EK_BLOB rev 87 + + This structure provides a wrapper to each type of structure that will be in use when the + endorsement key is in use. +*/ + +typedef struct tdTPM_EK_BLOB { + TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB */ + TPM_EK_TYPE ekType; /* This SHALL be set to reflect the type of blob in use */ + uint32_t blobSize; /* The size of the blob field */ + BYTE blob[MAX_COMMAND_SIZE]; /* The blob of information depending on the type */ +} TPM_EK_BLOB; + +/* 12.2 TPM_EK_BLOB_ACTIVATE rev 87 + + This structure contains the symmetric key to encrypt the identity credential. This structure + always is contained in a TPM_EK_BLOB. +*/ + +typedef struct tdTPM_EK_BLOB_ACTIVATE { + TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_ACTIVATE */ + TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt + the TPM_IDENTITY_CREDENTIAL */ + TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM identity public key + that is being certified by the CA */ + TPM_PCR_INFO_SHORT pcrInfo; /* This SHALL indicate the PCR's and localities */ +} TPM_EK_BLOB_ACTIVATE; + +#if 0 + +/* 12.3 TPM_EK_BLOB_AUTH rev 87 + + This structure contains the symmetric key to encrypt the identity credential. This structure + always is contained in a TPM_EK_BLOB. +*/ + +typedef struct tdTPM_EK_BLOB_AUTH { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_EK_BLOB_AUTH */ +#endif + TPM_SECRET authValue; /* This SHALL be the authorization value */ +} TPM_EK_BLOB_AUTH; + +/* 12.5 TPM_IDENTITY_CONTENTS rev 87 + + TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy CA + during the certification process. +*/ + +typedef struct tdTPM_IDENTITY_CONTENTS { + TPM_STRUCT_VER ver; /* This MUST be 1.1.0.0 */ + uint32_t ordinal; /* This SHALL be the ordinal of the TPM_MakeIdentity + command. */ + TPM_CHOSENID_HASH labelPrivCADigest; /* This SHALL be the result of hashing the chosen + identityLabel and privacyCA for the new TPM + identity */ + TPM_PUBKEY identityPubKey; /* This SHALL be the public key structure of the identity + key */ +} TPM_IDENTITY_CONTENTS; + +/* 12.8 TPM_ASYM_CA_CONTENTS rev 87 + + This structure contains the symmetric key to encrypt the identity credential. +*/ + +typedef struct tdTPM_ASYM_CA_CONTENTS { + TPM_SYMMETRIC_KEY sessionKey; /* This SHALL be the session key used by the CA to encrypt + the TPM_IDENTITY_CREDENTIAL */ + TPM_DIGEST idDigest; /* This SHALL be the digest of the TPM_PUBKEY of the key + that is being certified by the CA */ +} TPM_ASYM_CA_CONTENTS; + +/* + 14. Audit Structures +*/ + +/* 14.1 TPM_AUDIT_EVENT_IN rev 87 + + This structure provides the auditing of the command upon receipt of the command. It provides the + information regarding the input parameters. +*/ + +typedef struct tdTPM_AUDIT_EVENT_IN { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_IN */ +#endif + TPM_DIGEST inputParms; /* Digest value according to the HMAC digest rules of the + "above the line" parameters (i.e. the first HMAC digest + calculation). When there are no HMAC rules, the input + digest includes all parameters including and after the + ordinal. */ + TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ +} TPM_AUDIT_EVENT_IN; + +/* 14.2 TPM_AUDIT_EVENT_OUT rev 87 + + This structure reports the results of the command execution. It includes the return code and the + output parameters. +*/ + +typedef struct tdTPM_AUDIT_EVENT_OUT { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* TPM_TAG_AUDIT_EVENT_OUT */ +#endif + TPM_DIGEST outputParms; /* Digest value according to the HMAC digest rules of the + "above the line" parameters (i.e. the first HMAC digest + calculation). When there are no HMAC rules, the output + digest includes the return code, the ordinal, and all + parameters after the return code. */ + TPM_COUNTER_VALUE auditCount; /* The current value of the audit monotonic counter */ +} TPM_AUDIT_EVENT_OUT; + +/* + 18. Context structures +*/ + +/* 18.1 TPM_CONTEXT_BLOB rev 102 + + This is the header for the wrapped context. The blob contains all information necessary to reload + the context back into the TPM. + + The additional data is used by the TPM manufacturer to save information that will assist in the + reloading of the context. This area must not contain any shielded data. For instance, the field + could contain some size information that allows the TPM more efficient loads of the context. The + additional area could not contain one of the primes for a RSA key. + + To ensure integrity of the blob when using symmetric encryption the TPM vendor could use some + valid cipher chaining mechanism. To ensure the integrity without depending on correct + implementation, the TPM_CONTEXT_BLOB structure uses a HMAC of the entire structure using tpmProof + as the secret value. + + Since both additionalData and sensitiveData are informative, any or all of additionalData + could be moved to sensitiveData. +*/ + +#define TPM_CONTEXT_LABEL_SIZE 16 + +typedef struct tdTPM_CONTEXT_BLOB { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXTBLOB */ +#endif + TPM_RESOURCE_TYPE resourceType; /* The resource type */ + TPM_HANDLE handle; /* Previous handle of the resource */ + BYTE label[TPM_CONTEXT_LABEL_SIZE]; /* Label for identification of the blob. Free format + area. */ + uint32_t contextCount; /* MUST be TPM_STANY_DATA -> contextCount when creating the + structure. This value is ignored for context blobs that + reference a key. */ + TPM_DIGEST integrityDigest; /* The integrity of the entire blob including the sensitive + area. This is a HMAC calculation with the entire + structure (including sensitiveData) being the hash and + tpmProof is the secret */ +#if 0 + uint32_t additionalSize; + [size_is(additionalSize)] BYTE* additionalData; + uint32_t sensitiveSize; + [size_is(sensitiveSize)] BYTE* sensitiveData; +#endif + TPM_SIZED_BUFFER additionalData; /* Additional information set by the TPM that helps define + and reload the context. The information held in this area + MUST NOT expose any information held in shielded + locations. This should include any IV for symmetric + encryption */ + TPM_SIZED_BUFFER sensitiveData; /* The normal information for the resource that can be + exported */ +} TPM_CONTEXT_BLOB; + +/* 18.2 TPM_CONTEXT_SENSITIVE rev 87 + + The internal areas that the TPM needs to encrypt and store off the TPM. + + This is an informative structure and the TPM can implement in any manner they wish. +*/ + +typedef struct tdTPM_CONTEXT_SENSITIVE { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CONTEXT_SENSITIVE */ +#endif + TPM_NONCE contextNonce; /* On context blobs other than keys this MUST be + TPM_STANY_DATA - > contextNonceSession For keys the value + is TPM_STCLEAR_DATA -> contextNonceKey */ +#if 0 + uint32_t internalSize; + [size_is(internalSize)] BYTE* internalData; +#endif + TPM_SIZED_BUFFER internalData; /* The internal data area */ +} TPM_CONTEXT_SENSITIVE; + +#endif + +/* 19.2 TPM_NV_ATTRIBUTES rev 99 + + This structure allows the TPM to keep track of the data and permissions to manipulate the area. +*/ + +typedef struct tdTPM_NV_ATTRIBUTES { + TPM_STRUCTURE_TAG tag; /* TPM_TAG_NV_ATTRIBUTES */ + uint32_t attributes; /* The attribute area */ +} TPM_NV_ATTRIBUTES; + +/* 19.3 TPM_NV_DATA_PUBLIC rev 110 + + This structure represents the public description and controls on the NV area. + + bReadSTClear and bWriteSTClear are volatile, in that they are set FALSE at TPM_Startup(ST_Clear). + bWriteDefine is persistent, in that it remains TRUE through startup. + + A pcrSelect of 0 indicates that the digestAsRelease is not checked. In this case, the TPM is not + required to consume NVRAM space to store the digest, although it may do so. When + TPM_GetCapability (TPM_CAP_NV_INDEX) returns the structure, a TPM that does not store the digest + can return zero. A TPM that does store the digest may return either the digest or zero. +*/ + +typedef struct tdTPM_NV_DATA_PUBLIC { + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_PUBLIC */ + TPM12_NV_INDEX nvIndex; /* The index of the data area */ + TPM_PCR_INFO_SHORT pcrInfoRead; /* The PCR selection that allows reading of the area */ + TPM_PCR_INFO_SHORT pcrInfoWrite; /* The PCR selection that allows writing of the area */ + TPM_NV_ATTRIBUTES permission; /* The permissions for manipulating the area */ + TPM_BOOL bReadSTClear; /* Set to FALSE on each TPM_Startup(ST_Clear) and set to + TRUE after a ReadValuexxx with datasize of 0 */ + TPM_BOOL bWriteSTClear; /* Set to FALSE on each TPM_Startup(ST_CLEAR) and set to + TRUE after a WriteValuexxx with a datasize of 0. */ + TPM_BOOL bWriteDefine; /* Set to FALSE after TPM_NV_DefineSpace and set to TRUE + after a successful WriteValuexxx with a datasize of 0 */ + uint32_t dataSize; /* The size of the data area in bytes */ +} TPM_NV_DATA_PUBLIC; + +#if 0 + +/* 19.4 TPM_NV_DATA_SENSITIVE rev 101 + + This is an internal structure that the TPM uses to keep the actual NV data and the controls + regarding the area. +*/ + +typedef struct tdTPM_NV_DATA_SENSITIVE { +#ifdef TPM_USE_TAG_IN_STRUCTURE + TPM_STRUCTURE_TAG tag; /* This SHALL be TPM_TAG_NV_DATA_SENSITIVE */ +#endif + TPM_NV_DATA_PUBLIC pubInfo; /* The public information regarding this area */ + TPM_AUTHDATA authValue; /* The authorization value to manipulate the value */ + BYTE *data; /* The data area. This MUST not contain any sensitive information as + the TPM does not provide any confidentiality on the data. */ + /* NOTE Added kg */ + TPM_DIGEST digest; /* for OSAP comparison */ +} TPM_NV_DATA_SENSITIVE; + +typedef struct tdTPM_NV_INDEX_ENTRIES { + uint32_t nvIndexCount; /* number of entries */ + TPM_NV_DATA_SENSITIVE *tpm_nvindex_entry; /* array of TPM_NV_DATA_SENSITIVE */ +} TPM_NV_INDEX_ENTRIES; + +/* TPM_NV_DATA_ST + + This is a cache of the the NV defined space volatile flags, used during error rollback +*/ + +typedef struct tdTPM_NV_DATA_ST { + TPM12_NV_INDEX nvIndex; /* The index of the data area */ + TPM_BOOL bReadSTClear; + TPM_BOOL bWriteSTClear; +} TPM_NV_DATA_ST; + +#endif + +/* + 21. Capability areas +*/ + +/* 21.6 TPM_CAP_VERSION_INFO rev 99 + + This structure is an output from a TPM_GetCapability -> TPM_CAP_VERSION_VAL request. TPM returns + the current version and revision of the TPM. + + The specLevel and errataRev are defined in the document "Specification and File Naming + Conventions" + + The tpmVendorID is a value unique to each vendor. It is defined in the document "TCG Vendor + Naming". + + The vendor specific area allows the TPM vendor to provide support for vendor options. The TPM + vendor may define the area to the TPM vendor's needs. +*/ + +typedef struct tdTPM_CAP_VERSION_INFO { + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_CAP_VERSION_INFO */ + TPM_VERSION version; /* The version and revision */ + uint16_t specLevel; /* A number indicating the level of ordinals supported */ + BYTE errataRev; /* A number indicating the errata version of the specification */ + BYTE tpmVendorID[4]; /* The vendor ID unique to each TPM manufacturer. */ + uint16_t vendorSpecificSize; /* The size of the vendor specific area */ + BYTE vendorSpecific[MAX_COMMAND_SIZE]; /* Vendor specific information */ +} TPM_CAP_VERSION_INFO; + +/* 21.10 TPM_DA_ACTION_TYPE rev 100 + + This structure indicates the action taken when the dictionary attack mitigation logic is active, + when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. +*/ + +typedef struct tdTPM_DA_ACTION_TYPE { + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_ACTION_TYPE */ + uint32_t actions; /* The action taken when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. */ +} TPM_DA_ACTION_TYPE; + +/* 21.7 TPM_DA_INFO rev 100 + + This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if + TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is FALSE. + + It returns static information describing the TPM response to authorization failures that might + indicate a dictionary attack and dynamic information regarding the current state of the + dictionary attack mitigation logic. +*/ + +typedef struct tdTPM_DA_INFO { + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO */ + TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation + logic. See 21.9. */ + uint16_t currentCount; /* Dynamic. The actual count of the authorization failure counter + for the selected entity type */ + uint16_t thresholdCount; /* Static. Dictionary attack mitigation threshold count for the + selected entity type */ + TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes + thresholdCount. See 21.10. */ + uint32_t actionDependValue; /* Dynamic. Action being taken when the dictionary attack + mitigation logic is active. E.g., when actionAtThreshold is + TPM_DA_ACTION_TIMEOUT, this is the lockout time remaining in + seconds. */ + uint32_t vendorDataSize; + uint8_t vendorData[2048]; /* Vendor specific data field */ +} TPM_DA_INFO; + +/* 21.8 TPM_DA_INFO_LIMITED rev 100 + + This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if + TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is TRUE. + + It returns static information describing the TPM response to authorization failures that might + indicate a dictionary attack and dynamic information regarding the current state of the + dictionary attack mitigation logic. This structure omits information that might aid an attacker. +*/ + +typedef struct tdTPM_DA_INFO_LIMITED { + TPM_STRUCTURE_TAG tag; /* MUST be TPM_TAG_DA_INFO_LIMITED */ + TPM_DA_STATE state; /* Dynamic. The actual state of the dictionary attack mitigation + logic. See 21.9. */ + TPM_DA_ACTION_TYPE actionAtThreshold; /* Static Action of the TPM when currentCount passes + thresholdCount. See 21.10. */ + uint32_t vendorDataSize; + uint8_t vendorData[2048]; /* Vendor specific data field */ +} TPM_DA_INFO_LIMITED; + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmtypes12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmtypes12.h new file mode 100644 index 000000000000..0b1ed083a69d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tpmtypes12.h @@ -0,0 +1,148 @@ +/********************************************************************************/ +/* */ +/* TPM Types */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tpmtypes12.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2006, 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TPMTYPES12_H +#define TPMTYPES12_H + +#include + +#ifdef TPM_WINDOWS +#include +#include +#endif +#if defined (TPM_POSIX) || defined (TPM_SYSTEM_P) +#include /* for byte order conversions */ +#endif + +#include + +/* 2.2.1 Basic data types rev 87 */ +//typedef unsigned char BYTE; /* Basic byte used to transmit all character fields. */ +typedef unsigned char TPM_BOOL; /* TRUE/FALSE field. TRUE = 0x01, FALSE = 0x00 Use TPM_BOOL + because MS VC++ defines BOOL on Windows */ + +/* 2.2.2 Boolean types rev 107 */ + +#undef TRUE +#define TRUE 0x01 /* Assertion */ +#undef FALSE +#define FALSE 0x00 /* Contradiction */ + +/* 2.2.3 Helper redefinitions rev 101 + + The following definitions are to make the definitions more explicit and easier to read. + + NOTE: They cannot be changed without breaking the serialization. +*/ + +typedef BYTE TPM_AUTH_DATA_USAGE; /* Indicates the conditions where it is required that + authorization be presented. */ +typedef BYTE TPM_PAYLOAD_TYPE; /* The information as to what the payload is in an encrypted + structure */ +typedef BYTE TPM_VERSION_BYTE; /* The version info breakdown */ +typedef BYTE TPM_DA_STATE; /* The state of the dictionary attack mitigation logic */ + +/* added kgold */ +typedef BYTE TPM_ENT_TYPE; /* LSB of TPM_ENTITY_TYPE */ +typedef BYTE TPM_ADIP_ENC_SCHEME; /* MSB of TPM_ENTITY_TYPE */ + +typedef uint16_t TPM_PROTOCOL_ID; /* The protocol in use. */ +typedef uint16_t TPM_STARTUP_TYPE; /* Indicates the start state. */ +typedef uint16_t TPM_ENC_SCHEME; /* The definition of the encryption scheme. */ +typedef uint16_t TPM_SIG_SCHEME; /* The definition of the signature scheme. */ +typedef uint16_t TPM_MIGRATE_SCHEME; /* The definition of the migration scheme */ +typedef uint16_t TPM_PHYSICAL_PRESENCE; /* Sets the state of the physical presence mechanism. */ +typedef uint16_t TPM_ENTITY_TYPE; /* Indicates the types of entity that are supported by the + TPM. */ +typedef uint16_t TPM_KEY_USAGE; /* Indicates the permitted usage of the key. */ +typedef uint16_t TPM_EK_TYPE; /* The type of asymmetric encrypted structure in use by the + endorsement key */ +typedef uint16_t TPM_STRUCTURE_TAG; /* The tag for the structure */ +typedef uint16_t TPM_PLATFORM_SPECIFIC; /* The platform specific spec to which the information + relates to */ +typedef uint32_t TPM_COMMAND_CODE; /* The command ordinal. */ +typedef uint32_t TPM_CAPABILITY_AREA; /* Identifies a TPM capability area. */ +typedef uint32_t TPM_KEY_FLAGS; /* Indicates information regarding a key. */ +//typedef uint32_t TPM_ALGORITHM_ID; /* Indicates the type of algorithm. */ +//typedef uint32_t TPM_MODIFIER_INDICATOR; /* The locality modifier */ +typedef uint32_t TPM_ACTUAL_COUNT; /* The actual number of a counter. */ +typedef uint32_t TPM_TRANSPORT_ATTRIBUTES; /* Attributes that define what options are in use + for a transport session */ +typedef uint32_t TPM_AUTHHANDLE; /* Handle to an authorization session */ +typedef uint32_t TPM_DIRINDEX; /* Index to a DIR register */ +typedef uint32_t TPM_KEY_HANDLE; /* The area where a key is held assigned by the TPM. */ +typedef uint32_t TPM_PCRINDEX; /* Index to a PCR register */ +typedef uint32_t TPM_RESULT; /* The return code from a function */ +typedef uint32_t TPM_RESOURCE_TYPE; /* The types of resources that a TPM may have using internal + resources */ +typedef uint32_t TPM_KEY_CONTROL; /* Allows for controlling of the key when loaded and how to + handle TPM_Startup issues */ +typedef uint32_t TPM12_NV_INDEX; /* The index into the NV storage area */ +typedef uint32_t TPM_FAMILY_ID; /* The family ID. Families ID's are automatically assigned a + sequence number by the TPM. A trusted process can set the + FamilyID value in an individual row to zero, which + invalidates that row. The family ID resets to zero on + each change of TPM Owner. */ +typedef uint32_t TPM_FAMILY_VERIFICATION; /* A value used as a label for the most recent + verification of this family. Set to zero when not + in use. */ +typedef uint32_t TPM_STARTUP_EFFECTS; /* How the TPM handles var */ +typedef uint32_t TPM_SYM_MODE; /* The mode of a symmetric encryption */ +typedef uint32_t TPM_FAMILY_FLAGS; /* The family flags */ +typedef uint32_t TPM_DELEGATE_INDEX; /* The index value for the delegate NV table */ +typedef uint32_t TPM_CMK_DELEGATE; /* The restrictions placed on delegation of CMK + commands */ +typedef uint32_t TPM_COUNT_ID; /* The ID value of a monotonic counter */ +typedef uint32_t TPM_REDIT_COMMAND; /* A command to execute */ +typedef uint32_t TPM_TRANSHANDLE; /* A transport session handle */ +//typedef uint32_t TPM_HANDLE; /* A generic handle could be key, transport etc. */ +typedef uint32_t TPM_FAMILY_OPERATION; /* What operation is happening */ +#ifdef TPM_VTPM +typedef uint32_t TPM_INSTANCE_HANDLE; /* Handle to a virtual TPM instance */ +typedef uint32_t TPM_CREATION_MASK; /* TPM_CreateInstance creation mask */ +#endif + +/* Not in specification */ + +typedef uint16_t TPM_TAG; /* The command and response tags */ + +typedef unsigned char * TPM_SYMMETRIC_KEY_TOKEN; /* abstract symmetric key token */ +typedef unsigned char * TPM_BIGNUM; /* abstract bignum */ + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tss.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tss.h new file mode 100644 index 000000000000..36816d6d4cb2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tss.h @@ -0,0 +1,112 @@ +/********************************************************************************/ +/* */ +/* TSS Primary API */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSS_H +#define TSS_H + +#include +#include +#include + +/* include this as a convenience to applications */ +#include +#include + +typedef struct TSS_CONTEXT TSS_CONTEXT; + +#define TPM_TRACE_LEVEL 1 +#define TPM_DATA_DIR 2 +#define TPM_COMMAND_PORT 3 +#define TPM_PLATFORM_PORT 4 +#define TPM_SERVER_NAME 5 +#define TPM_INTERFACE_TYPE 6 +#define TPM_DEVICE 7 +#define TPM_ENCRYPT_SESSIONS 8 +#define TPM_SERVER_TYPE 9 + +#ifdef __cplusplus +extern "C" { +#endif + + /* extra parameters as required */ + + /* TPM 2.0 */ + + typedef struct { + const char *bindPassword; + TPM2B_DIGEST salt; + } StartAuthSession_Extra; + + typedef union { + StartAuthSession_Extra StartAuthSession; + } EXTRA_PARAMETERS; + + /* TPM 1.2 */ + + typedef struct { + const char *usagePassword; + } OSAP_Extra; + + typedef union { + OSAP_Extra OSAP; + } EXTRA12_PARAMETERS; + + LIB_EXPORT + TPM_RC TSS_Create(TSS_CONTEXT **tssContext); + + LIB_EXPORT + TPM_RC TSS_Delete(TSS_CONTEXT *tssContext); + + LIB_EXPORT + TPM_RC TSS_Execute(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra, + TPM_CC commandCode, + ...); + + LIB_EXPORT + TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext, + int property, + const char *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscrypto.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscrypto.h new file mode 100644 index 000000000000..5bf559106186 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscrypto.h @@ -0,0 +1,164 @@ +/********************************************************************************/ +/* */ +/* TSS Library Dependent Crypto Support */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API should be stable, but is less guaranteed. + + It is useful for applications that need some basic crypto functions. +*/ + +#ifndef TSSCRYPTO_H +#define TSSCRYPTO_H + +#include +#include + +#ifndef TPM_TSS_NORSA +#include +#endif +#ifndef TPM_TSS_NOECC +#include +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + LIB_EXPORT + TPM_RC TSS_Crypto_Init(void); + + LIB_EXPORT + TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest, + va_list ap); + LIB_EXPORT + TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest, + const TPM2B_KEY *hmacKey, + va_list ap); + LIB_EXPORT void TSS_XOR(unsigned char *out, + const unsigned char *in1, + const unsigned char *in2, + size_t length); + LIB_EXPORT + TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size); + + LIB_EXPORT + TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen, + const unsigned char *from, uint32_t fLen, + const unsigned char *p, + int plen, + TPMI_ALG_HASH halg); +#ifndef TPM_TSS_NORSA + LIB_EXPORT + void TSS_RsaFree(void *rsaKey); + + LIB_EXPORT + TPM_RC TSS_RSAPublicEncrypt(unsigned char* encrypt_data, + size_t encrypt_data_size, + const unsigned char *decrypt_data, + size_t decrypt_data_size, + unsigned char *narr, + uint32_t nbytes, + unsigned char *earr, + uint32_t ebytes, + unsigned char *p, + int pl, + TPMI_ALG_HASH halg); + /* + deprecated OpenSSL specific functions + */ +#ifndef TPM_TSS_NO_OPENSSL + + LIB_EXPORT + TPM_RC TSS_RsaNew(void **rsaKey); + + LIB_EXPORT + TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key, /* freed by caller */ + const unsigned char *narr, /* public modulus */ + uint32_t nbytes, + const unsigned char *earr, /* public exponent */ + uint32_t ebytes); +#endif /* TPM_TSS_NO_OPENSSL */ + + /* crypto library independent */ + LIB_EXPORT + TPM_RC TSS_RSAGeneratePublicTokenI(void **rsa_pub_key, /* freed by caller */ + const unsigned char *narr, /* public modulus */ + uint32_t nbytes, + const unsigned char *earr, /* public exponent */ + uint32_t ebytes); + +#endif +#ifndef TPM_TSS_NOECC + TPM_RC TSS_ECC_Salt(TPM2B_DIGEST *salt, + TPM2B_ENCRYPTED_SECRET *encryptedSalt, + TPMT_PUBLIC *publicArea); + +#endif + TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize); + TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize); + TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey, + void *tssSessionDecKey); + TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey, + unsigned char **encrypt_data, + uint32_t *encrypt_length, + const unsigned char *decrypt_data, + uint32_t decrypt_length); + TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey, + unsigned char **decrypt_data, + uint32_t *decrypt_length, + const unsigned char *encrypt_data, + uint32_t encrypt_length); + TPM_RC TSS_AES_EncryptCFB(uint8_t *dOut, + uint32_t keySizeInBits, + uint8_t *key, + uint8_t *iv, + uint32_t dInSize, + uint8_t *dIn); + TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut, + uint32_t keySizeInBits, + uint8_t *key, + uint8_t *iv, + uint32_t dInSize, + uint8_t *dIn); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscryptoh.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscryptoh.h new file mode 100644 index 000000000000..1628d7746a88 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsscryptoh.h @@ -0,0 +1,100 @@ +/********************************************************************************/ +/* */ +/* TSS Library Independent Crypto Support */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API should be stable, but is less guaranteed. + + It is useful for applications that need some basic crypto functions. +*/ + +#ifndef TSSCRYPTOH_H +#define TSSCRYPTOH_H + +#ifdef __cplusplus +extern "C" { +#endif + + LIB_EXPORT + uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + + LIB_EXPORT + TPM_RC TSS_Hash_Generate(TPMT_HA *digest, + ...); + + LIB_EXPORT + TPM_RC TSS_HMAC_Generate(TPMT_HA *digest, + const TPM2B_KEY *hmacKey, + ...); + LIB_EXPORT + TPM_RC TSS_HMAC_Verify(TPMT_HA *expect, + const TPM2B_KEY *hmacKey, + UINT32 sizeInBytes, + ...); + LIB_EXPORT + TPM_RC TSS_KDFA(uint8_t *keyStream, + TPM_ALG_ID hashAlg, + const TPM2B *key, + const char *label, + const TPM2B *contextU, + const TPM2B *contextV, + uint32_t sizeInBits); + + LIB_EXPORT + TPM_RC TSS_KDFE(uint8_t *keyStream, + TPM_ALG_ID hashAlg, + const TPM2B *key, + const char *label, + const TPM2B *contextU, + const TPM2B *contextV, + uint32_t sizeInBits); + + uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID symmetricAlg, + uint16_t keySizeInBits) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror.h new file mode 100644 index 000000000000..a530744167f8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror.h @@ -0,0 +1,115 @@ +/********************************************************************************/ +/* */ +/* TSS Error Codes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a public header. That defines TSS error codes. + + tss.h includes it for convenience. +*/ + +#ifndef TSSERROR_H +#define TSSERROR_H + +/* the base for these errors is 11 << 16 = 000bxxxx */ + +#define TSS_RC_OUT_OF_MEMORY 0x000b0001 /* Out of memory,(malloc failed) */ +#define TSS_RC_ALLOC_INPUT 0x000b0002 /* The input to an allocation is not NULL */ +#define TSS_RC_MALLOC_SIZE 0x000b0003 /* The malloc size is too large or zero */ +#define TSS_RC_INSUFFICIENT_BUFFER 0x000b0004 /* A buffer was insufficient for a copy */ +#define TSS_RC_BAD_PROPERTY 0x000b0005 /* The property parameter is out of range */ +#define TSS_RC_BAD_PROPERTY_VALUE 0x000b0006 /* The property value is invalid */ +#define TSS_RC_INSUPPORTED_INTERFACE 0x000b0007 /* The TPM interface type is not supported */ +#define TSS_RC_NO_CONNECTION 0x000b0008 /* Failure connecting to lower layer */ +#define TSS_RC_BAD_CONNECTION 0x000b0009 /* Failure communicating with lower layer */ +#define TSS_RC_MALFORMED_RESPONSE 0x000b000a /* A response packet was fundamentally malformed */ +#define TSS_RC_NULL_PARAMETER 0x000b000b /* A required parameter was NULL */ +#define TSS_RC_NOT_IMPLEMENTED 0x000b000c /* TSS function is not implemented */ +#define TSS_RC_BAD_READ_VALUE 0x000b000d /* Actual read value different from expected */ +#define TSS_RC_FILE_OPEN 0x000b0010 /* The file could not be opened */ +#define TSS_RC_FILE_SEEK 0x000b0011 /* A file seek failed */ +#define TSS_RC_FILE_FTELL 0x000b0012 /* A file ftell failed */ +#define TSS_RC_FILE_READ 0x000b0013 /* A file read failed */ +#define TSS_RC_FILE_CLOSE 0x000b0014 /* A file close failed */ +#define TSS_RC_FILE_WRITE 0x000b0015 /* A file write failed */ +#define TSS_RC_FILE_REMOVE 0x000b0016 /* A file remove failed */ +#define TSS_RC_RNG_FAILURE 0x000b0020 /* Random number generator failed */ +#define TSS_RC_BAD_PWAP_NONCE 0x000b0030 /* Bad PWAP response nonce */ +#define TSS_RC_BAD_PWAP_ATTRIBUTES 0x000b0031 /* Bad PWAP response attributes */ +#define TSS_RC_BAD_PWAP_HMAC 0x000b0032 /* Bad PWAP response HMAC */ +#define TSS_RC_NAME_NOT_IMPLEMENTED 0x000b0040 /* Name calculation not implemented for handle type */ +#define TSS_RC_MALFORMED_NV_PUBLIC 0x000b0041 /* The NV public structure does not match the name */ +#define TSS_RC_NAME_FILENAME 0x000b0042 /* The name filename function has inconsistent arguments */ +#define TSS_RC_MALFORMED_PUBLIC 0x000b0043 /* The public structure does not match the name */ +#define TSS_RC_DECRYPT_SESSIONS 0x000b0050 /* More than one command decrypt session */ +#define TSS_RC_ENCRYPT_SESSIONS 0x000b0051 /* More than one response encrypt session */ +#define TSS_RC_NO_DECRYPT_PARAMETER 0x000b0052 /* Command has no decrypt parameter */ +#define TSS_RC_NO_ENCRYPT_PARAMETER 0x000b0053 /* Response has no encrypt parameter */ +#define TSS_RC_BAD_DECRYPT_ALGORITHM 0x000b0054 /* Session had an unimplemented decrypt symmetric algorithm */ +#define TSS_RC_BAD_ENCRYPT_ALGORITHM 0x000b0055 /* Session had an unimplemented encrypt symmetric algorithm */ +#define TSS_RC_AES_ENCRYPT_FAILURE 0x000b0056 /* AES encryption failed */ +#define TSS_RC_AES_DECRYPT_FAILURE 0x000b0057 /* AES decryption failed */ +#define TSS_RC_BAD_ENCRYPT_SIZE 0x000b0058 /* Parameter encryption size mismatch */ +#define TSS_RC_AES_KEYGEN_FAILURE 0x000b0059 /* AES key generation failed */ +#define TSS_RC_SESSION_NUMBER 0x000b005a /* session number out of range */ +#define TSS_RC_BAD_SALT_KEY 0x000b0060 /* tpmKey is unsuitable for salt */ +#define TSS_RC_KDFA_FAILED 0x000b0070 /* KDFa function failed */ +#define TSS_RC_HMAC 0x000b0071 /* An HMAC calculation failed */ +#define TSS_RC_HMAC_SIZE 0x000b0072 /* Response HMAC is the wrong size */ +#define TSS_RC_HMAC_VERIFY 0x000b0073 /* HMAC does not verify */ +#define TSS_RC_BAD_HASH_ALGORITHM 0x000b0074 /* Unimplemented hash algorithm */ +#define TSS_RC_HASH 0x000b0075 /* A hash calculation failed */ +#define TSS_RC_RSA_KEY_CONVERT 0x000b0076 /* RSA key conversion failed */ +#define TSS_RC_RSA_PADDING 0x000b0077 /* RSA add padding failed */ +#define TSS_RC_RSA_ENCRYPT 0x000b0078 /* RSA public encrypt failed */ +#define TSS_RC_BIGNUM 0x000b0079 /* BIGNUM operation failed */ +#define TSS_RC_RSA_SIGNATURE 0x000b007a /* RSA signature is bad */ +#define TSS_RC_EC_SIGNATURE 0x000b007b /* EC signature is bad */ +#define TSS_RC_EC_KEY_CONVERT 0x000b007c /* EC key conversion failed */ +#define TSS_RC_BAD_SIGNATURE_ALGORITHM 0x000b007d /* Unimplemented signature algorithm */ +#define TSS_RC_X509_ERROR 0x000b007e /* X509 parse error */ +#define TSS_RC_PEM_ERROR 0x000b007f /* PEM parse error */ +#define TSS_RC_COMMAND_UNIMPLEMENTED 0x000b0080 /* Unimplemented command */ +#define TSS_RC_IN_PARAMETER 0x000b0081 /* Bad in parameter to TSS_Execute */ +#define TSS_RC_OUT_PARAMETER 0x000b0082 /* Bad out parameter to TSS_Execute */ +#define TSS_RC_BAD_HANDLE_NUMBER 0x000b0083 /* Bad handle number for this command */ +#define TSS_RC_KDFE_FAILED 0x000b0084 /* KDFe function failed */ +#define TSS_RC_EC_EPHEMERAL_FAILURE 0x000b0085 /* Failed while making or using EC ephemeral key */ +#define TSS_RC_FAIL 0x000b0086 /* TSS internal failure */ +#define TSS_RC_NO_SESSION_SLOT 0x000b0090 /* TSS context has no session slot for handle */ +#define TSS_RC_NO_OBJECTPUBLIC_SLOT 0x000b0091 /* TSS context has no object public slot for handle */ +#define TSS_RC_NO_NVPUBLIC_SLOT 0x000b0092 /* TSS context has no NV public slot for handle */ +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror12.h new file mode 100644 index 000000000000..46d2e3f67189 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsserror12.h @@ -0,0 +1,248 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 Error Response */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2006, 2010. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TPM_ERROR_H +#define TPM_ERROR_H + +/* 16. Return codes rev 99 + + The TPM has five types of return code. One indicates successful operation and four indicate + failure. TPM_SUCCESS (00000000) indicates successful execution. The failure reports are: + TPM defined fatal errors (00000001 to 000003FF), vendor defined fatal errors (00000400 to + 000007FF), TPM defined non-fatal errors (00000800 to 00000BFF), and vendor defined + non-fatal errors (00000C00 to 00000FFF). + + The range of vendor defined non-fatal errors was determined by the TSS-WG, which defined + XXXX YCCC with XXXX as OS specific and Y defining the TSS SW stack layer (0: TPM layer) + + All failure cases return only a non-authenticated fixed set of information. This is because + the failure may have been due to authentication or other factors, and there is no possibility + of producing an authenticated response. + + Fatal errors also terminate any authorization sessions. This is a result of returning only the + error code, as there is no way to return the nonces necessary to maintain an authorization + session. Non-fatal errors do not terminate authorization sessions. + + The return code MUST use the following base. The return code MAY be TCG defined or vendor + defined. */ + +#define TPM_BASE 0x0 /* The start of TPM return codes */ +#define TPM_SUCCESS TPM_BASE /* Successful completion of the operation */ +#define TPM_VENDOR_ERROR TPM_Vendor_Specific32 /* Mask to indicate that the error code is + vendor specific for vendor specific + commands. */ +#define TPM_NON_FATAL 0x00000800 /* Mask to indicate that the error code is a non-fatal + failure. */ + +/* TPM-defined fatal error codes */ + +#define TPM_AUTHFAIL TPM_BASE + 1 /* Authentication failed */ +#define TPM_BADINDEX TPM_BASE + 2 /* The index to a PCR, DIR or other register is + incorrect */ +#define TPM_BAD_PARAMETER TPM_BASE + 3 /* One or more parameter is bad */ +#define TPM_AUDITFAILURE TPM_BASE + 4 /* An operation completed successfully but the auditing + of that operation failed. */ +#define TPM_CLEAR_DISABLED TPM_BASE + 5 /* The clear disable flag is set and all clear + operations now require physical access */ +#define TPM_DEACTIVATED TPM_BASE + 6 /* The TPM is deactivated */ +#define TPM_DISABLED TPM_BASE + 7 /* The TPM is disabled */ +#define TPM_DISABLED_CMD TPM_BASE + 8 /* The target command has been disabled */ +#define TPM_FAIL TPM_BASE + 9 /* The operation failed */ +#define TPM_BAD_ORDINAL TPM_BASE + 10 /* The ordinal was unknown or inconsistent */ +#define TPM_INSTALL_DISABLED TPM_BASE + 11 /* The ability to install an owner is disabled */ +#define TPM_INVALID_KEYHANDLE TPM_BASE + 12 /* The key handle presented was invalid */ +#define TPM_KEYNOTFOUND TPM_BASE + 13 /* The target key was not found */ +#define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 /* Unacceptable encryption scheme */ +#define TPM_MIGRATEFAIL TPM_BASE + 15 /* Migration authorization failed */ +#define TPM_INVALID_PCR_INFO TPM_BASE + 16 /* PCR information could not be interpreted */ +#define TPM_NOSPACE TPM_BASE + 17 /* No room to load key. */ +#define TPM_NOSRK TPM_BASE + 18 /* There is no SRK set */ +#define TPM_NOTSEALED_BLOB TPM_BASE + 19 /* An encrypted blob is invalid or was not created by + this TPM */ +#define TPM_OWNER_SET TPM_BASE + 20 /* There is already an Owner */ +#define TPM_RESOURCES TPM_BASE + 21 /* The TPM has insufficient internal resources to + perform the requested action. */ +#define TPM_SHORTRANDOM TPM_BASE + 22 /* A random string was too short */ +#define TPM_SIZE TPM_BASE + 23 /* The TPM does not have the space to perform the + operation. */ +#define TPM_WRONGPCRVAL TPM_BASE + 24 /* The named PCR value does not match the current PCR + value. */ +#define TPM_BAD_PARAM_SIZE TPM_BASE + 25 /* The paramSize argument to the command has the + incorrect value */ +#define TPM_SHA_THREAD TPM_BASE + 26 /* There is no existing SHA-1 thread. */ +#define TPM_SHA_ERROR TPM_BASE + 27 /* The calculation is unable to proceed because the + existing SHA-1 thread has already encountered an + error. */ +#define TPM_FAILEDSELFTEST TPM_BASE + 28 /* Self-test has failed and the TPM has shutdown. */ +#define TPM_AUTH2FAIL TPM_BASE + 29 /* The authorization for the second key in a 2 key + function failed authorization */ +#define TPM_BADTAG TPM_BASE + 30 /* The tag value sent to for a command is invalid */ +#define TPM_IOERROR TPM_BASE + 31 /* An IO error occurred transmitting information to + the TPM */ +#define TPM_ENCRYPT_ERROR TPM_BASE + 32 /* The encryption process had a problem. */ +#define TPM_DECRYPT_ERROR TPM_BASE + 33 /* The decryption process did not complete. */ +#define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 /* An invalid handle was used. */ +#define TPM_NO_ENDORSEMENT TPM_BASE + 35 /* The TPM does not a EK installed */ +#define TPM_INVALID_KEYUSAGE TPM_BASE + 36 /* The usage of a key is not allowed */ +#define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 /* The submitted entity type is not allowed */ +#define TPM_INVALID_POSTINIT TPM_BASE + 38 /* The command was received in the wrong sequence + relative to TPM_Init and a subsequent TPM_Startup + */ +#define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 /* Signed data cannot include additional DER + information */ +#define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 /* The key properties in TPM_KEY_PARMs are not + supported by this TPM */ +#define TPM_BAD_MIGRATION TPM_BASE + 41 /* The migration properties of this key are incorrect. + */ +#define TPM_BAD_SCHEME TPM_BASE + 42 /* The signature or encryption scheme for this key is + incorrect or not permitted in this situation. */ +#define TPM_BAD_DATASIZE TPM_BASE + 43 /* The size of the data (or blob) parameter is bad or + inconsistent with the referenced key */ +#define TPM_BAD_MODE TPM_BASE + 44 /* A mode parameter is bad, such as capArea or + subCapArea for TPM_GetCapability, physicalPresence + parameter for TPM_PhysicalPresence, or + migrationType for TPM_CreateMigrationBlob. */ +#define TPM_BAD_PRESENCE TPM_BASE + 45 /* Either the physicalPresence or physicalPresenceLock + bits have the wrong value */ +#define TPM_BAD_VERSION TPM_BASE + 46 /* The TPM cannot perform this version of the + capability */ +#define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 /* The TPM does not allow for wrapped transport + sessions */ +#define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 /* TPM audit construction failed and the + underlying command was returning a failure + code also */ +#define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 /* TPM audit construction failed and the underlying + command was returning success */ +#define TPM_NOTRESETABLE TPM_BASE + 50 /* Attempt to reset a PCR register that does not have + the resettable attribute */ +#define TPM_NOTLOCAL TPM_BASE + 51 /* Attempt to reset a PCR register that requires + locality and locality modifier not part of command + transport */ +#define TPM_BAD_TYPE TPM_BASE + 52 /* Make identity blob not properly typed */ +#define TPM_INVALID_RESOURCE TPM_BASE + 53 /* When saving context identified resource type does + not match actual resource */ +#define TPM_NOTFIPS TPM_BASE + 54 /* The TPM is attempting to execute a command only + available when in FIPS mode */ +#define TPM_INVALID_FAMILY TPM_BASE + 55 /* The command is attempting to use an invalid family + ID */ +#define TPM_NO_NV_PERMISSION TPM_BASE + 56 /* The permission to manipulate the NV storage is not + available */ +#define TPM_REQUIRES_SIGN TPM_BASE + 57 /* The operation requires a signed command */ +#define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 /* Wrong operation to load an NV key */ +#define TPM_AUTH_CONFLICT TPM_BASE + 59 /* NV_LoadKey blob requires both owner and blob + authorization */ +#define TPM_AREA_LOCKED TPM_BASE + 60 /* The NV area is locked and not writable */ +#define TPM_BAD_LOCALITY TPM_BASE + 61 /* The locality is incorrect for the attempted + operation */ +#define TPM_READ_ONLY TPM_BASE + 62 /* The NV area is read only and can't be written to + */ +#define TPM_PER_NOWRITE TPM_BASE + 63 /* There is no protection on the write to the NV area + */ +#define TPM_FAMILYCOUNT TPM_BASE + 64 /* The family count value does not match */ +#define TPM_WRITE_LOCKED TPM_BASE + 65 /* The NV area has already been written to */ +#define TPM_BAD_ATTRIBUTES TPM_BASE + 66 /* The NV area attributes conflict */ +#define TPM_INVALID_STRUCTURE TPM_BASE + 67 /* The structure tag and version are invalid or + inconsistent */ +#define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 /* The key is under control of the TPM Owner and can + only be evicted by the TPM Owner. */ +#define TPM_BAD_COUNTER TPM_BASE + 69 /* The counter handle is incorrect */ +#define TPM_NOT_FULLWRITE TPM_BASE + 70 /* The write is not a complete write of the area */ +#define TPM_CONTEXT_GAP TPM_BASE + 71 /* The gap between saved context counts is too large + */ +#define TPM_MAXNVWRITES TPM_BASE + 72 /* The maximum number of NV writes without an owner + has been exceeded */ +#define TPM_NOOPERATOR TPM_BASE + 73 /* No operator authorization value is set */ +#define TPM_RESOURCEMISSING TPM_BASE + 74 /* The resource pointed to by context is not loaded + */ +#define TPM_DELEGATE_LOCK TPM_BASE + 75 /* The delegate administration is locked */ +#define TPM_DELEGATE_FAMILY TPM_BASE + 76 /* Attempt to manage a family other then the delegated + family */ +#define TPM_DELEGATE_ADMIN TPM_BASE + 77 /* Delegation table management not enabled */ +#define TPM_TRANSPORT_NOTEXCLUSIVE TPM_BASE + 78 /* There was a command executed outside of an + exclusive transport session */ +#define TPM_OWNER_CONTROL TPM_BASE + 79 /* Attempt to context save a owner evict controlled + key */ +#define TPM_DAA_RESOURCES TPM_BASE + 80 /* The DAA command has no resources available to + execute the command */ +#define TPM_DAA_INPUT_DATA0 TPM_BASE + 81 /* The consistency check on DAA parameter inputData0 + has failed. */ +#define TPM_DAA_INPUT_DATA1 TPM_BASE + 82 /* The consistency check on DAA parameter inputData1 + has failed. */ +#define TPM_DAA_ISSUER_SETTINGS TPM_BASE + 83 /* The consistency check on DAA_issuerSettings has + failed. */ +#define TPM_DAA_TPM_SETTINGS TPM_BASE + 84 /* The consistency check on DAA_tpmSpecific has + failed. */ +#define TPM_DAA_STAGE TPM_BASE + 85 /* The atomic process indicated by the submitted DAA + command is not the expected process. */ +#define TPM_DAA_ISSUER_VALIDITY TPM_BASE + 86 /* The issuer's validity check has detected an + inconsistency */ +#define TPM_DAA_WRONG_W TPM_BASE + 87 /* The consistency check on w has failed. */ +#define TPM_BAD_HANDLE TPM_BASE + 88 /* The handle is incorrect */ +#define TPM_BAD_DELEGATE TPM_BASE + 89 /* Delegation is not correct */ +#define TPM_BADCONTEXT TPM_BASE + 90 /* The context blob is invalid */ +#define TPM_TOOMANYCONTEXTS TPM_BASE + 91 /* Too many contexts held by the TPM */ +#define TPM_MA_TICKET_SIGNATURE TPM_BASE + 92 /* Migration authority signature validation failure + */ +#define TPM_MA_DESTINATION TPM_BASE + 93 /* Migration destination not authenticated */ +#define TPM_MA_SOURCE TPM_BASE + 94 /* Migration source incorrect */ +#define TPM_MA_AUTHORITY TPM_BASE + 95 /* Incorrect migration authority */ +#define TPM_PERMANENTEK TPM_BASE + 97 /* Attempt to revoke the EK and the EK is not revocable */ +#define TPM_BAD_SIGNATURE TPM_BASE + 98 /* Bad signature of CMK ticket */ +#define TPM_NOCONTEXTSPACE TPM_BASE + 99 /* There is no room in the context list for additional + contexts */ + +/* As error codes are added here, they should also be added to lib/miscfunc.c */ + +/* TPM-defined non-fatal errors */ + +#define TPM_RETRY TPM_BASE + TPM_NON_FATAL /* The TPM is too busy to respond to the + command immediately, but the command + could be submitted at a later time */ +#define TPM_NEEDS_SELFTEST TPM_BASE + TPM_NON_FATAL + 1 /* TPM_ContinueSelfTest has has not + been run*/ +#define TPM_DOING_SELFTEST TPM_BASE + TPM_NON_FATAL + 2 /* The TPM is currently executing the + actions of TPM_ContinueSelfTest + because the ordinal required + resources that have not been + tested. */ +#define TPM_DEFEND_LOCK_RUNNING TPM_BASE + TPM_NON_FATAL + 3 + /* The TPM is defending against dictionary + attacks and is in some time-out + period. */ + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssfile.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssfile.h new file mode 100644 index 000000000000..a75a4ed35824 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssfile.h @@ -0,0 +1,95 @@ +/********************************************************************************/ +/* */ +/* TSS and Application File Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssfile.h 1324 2018-08-31 16:36:12Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API is subject to change. + + It is useful rapid application development, and as sample code. It is risky for production code. + +*/ + +#ifndef TSSFILE_H +#define TSSFILE_H + +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + LIB_EXPORT + int TSS_File_Open(FILE **file, + const char *filename, + const char* mode); + LIB_EXPORT + TPM_RC TSS_File_ReadBinaryFile(unsigned char **data, + size_t *length, + const char *filename); + LIB_EXPORT + TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data, + size_t length, + const char *filename); + + LIB_EXPORT + TPM_RC TSS_File_ReadStructure(void *structure, + UnmarshalFunction_t unmarshalFunction, + const char *filename); + LIB_EXPORT + TPM_RC TSS_File_ReadStructureFlag(void *structure, + UnmarshalFunctionFlag_t unmarshalFunction, + BOOL allowNull, + const char *filename); + LIB_EXPORT + TPM_RC TSS_File_WriteStructure(void *structure, + MarshalFunction_t marshalFunction, + const char *filename); + LIB_EXPORT + TPM_RC TSS_File_Read2B(TPM2B *tpm2b, + uint16_t targetSize, + const char *filename); + LIB_EXPORT + TPM_RC TSS_File_DeleteFile(const char *filename); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal.h new file mode 100644 index 000000000000..52227a8a0a7e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal.h @@ -0,0 +1,1628 @@ +/********************************************************************************/ +/* */ +/* TSS Marshal and Unmarshal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API should be stable, but is less guaranteed. + + It is useful for applications that have to marshal / unmarshal + structures for file save / load. +*/ + +#ifndef TSSMARSHAL_H +#define TSSMARSHAL_H + +#include "BaseTypes.h" +#include + +#include "ActivateCredential_fp.h" +#include "CertifyCreation_fp.h" +#include "CertifyX509_fp.h" +#include "Certify_fp.h" +#include "ChangeEPS_fp.h" +#include "ChangePPS_fp.h" +#include "ClearControl_fp.h" +#include "Clear_fp.h" +#include "ClockRateAdjust_fp.h" +#include "ClockSet_fp.h" +#include "Commit_fp.h" +#include "Commit_fp.h" +#include "ContextLoad_fp.h" +#include "ContextSave_fp.h" +#include "CreatePrimary_fp.h" +#include "Create_fp.h" +#include "CreateLoaded_fp.h" +#include "DictionaryAttackLockReset_fp.h" +#include "DictionaryAttackParameters_fp.h" +#include "Duplicate_fp.h" +#include "ECC_Parameters_fp.h" +#include "ECDH_KeyGen_fp.h" +#include "ECDH_ZGen_fp.h" +#include "EC_Ephemeral_fp.h" +#include "EncryptDecrypt_fp.h" +#include "EncryptDecrypt2_fp.h" +#include "EventSequenceComplete_fp.h" +#include "EvictControl_fp.h" +#include "FlushContext_fp.h" +#include "GetCapability_fp.h" +#include "GetCommandAuditDigest_fp.h" +#include "GetRandom_fp.h" +#include "GetSessionAuditDigest_fp.h" +#include "GetTestResult_fp.h" +#include "GetTime_fp.h" +#include "HMAC_Start_fp.h" +#include "HMAC_fp.h" +#include "HashSequenceStart_fp.h" +#include "Hash_fp.h" +#include "HierarchyChangeAuth_fp.h" +#include "HierarchyControl_fp.h" +#include "Import_fp.h" +#include "IncrementalSelfTest_fp.h" +#include "LoadExternal_fp.h" +#include "Load_fp.h" +#include "MakeCredential_fp.h" +#include "NV_Certify_fp.h" +#include "NV_ChangeAuth_fp.h" +#include "NV_DefineSpace_fp.h" +#include "NV_Extend_fp.h" +#include "NV_GlobalWriteLock_fp.h" +#include "NV_Increment_fp.h" +#include "NV_ReadLock_fp.h" +#include "NV_ReadPublic_fp.h" +#include "NV_Read_fp.h" +#include "NV_SetBits_fp.h" +#include "NV_UndefineSpaceSpecial_fp.h" +#include "NV_UndefineSpace_fp.h" +#include "NV_WriteLock_fp.h" +#include "NV_Write_fp.h" +#include "ObjectChangeAuth_fp.h" +#include "PCR_Allocate_fp.h" +#include "PCR_Event_fp.h" +#include "PCR_Extend_fp.h" +#include "PCR_Read_fp.h" +#include "PCR_Reset_fp.h" +#include "PCR_SetAuthPolicy_fp.h" +#include "PCR_SetAuthValue_fp.h" +#include "PP_Commands_fp.h" +#include "PolicyAuthValue_fp.h" +#include "PolicyAuthorize_fp.h" +#include "PolicyAuthorizeNV_fp.h" +#include "PolicyCommandCode_fp.h" +#include "PolicyCounterTimer_fp.h" +#include "PolicyCpHash_fp.h" +#include "PolicyDuplicationSelect_fp.h" +#include "PolicyGetDigest_fp.h" +#include "PolicyLocality_fp.h" +#include "PolicyNV_fp.h" +#include "PolicyAuthorizeNV_fp.h" +#include "PolicyNvWritten_fp.h" +#include "PolicyNameHash_fp.h" +#include "PolicyOR_fp.h" +#include "PolicyPCR_fp.h" +#include "PolicyPassword_fp.h" +#include "PolicyPhysicalPresence_fp.h" +#include "PolicyRestart_fp.h" +#include "PolicySecret_fp.h" +#include "PolicySigned_fp.h" +#include "PolicyTemplate_fp.h" +#include "PolicyTicket_fp.h" +#include "Quote_fp.h" +#include "RSA_Decrypt_fp.h" +#include "RSA_Encrypt_fp.h" +#include "ReadClock_fp.h" +#include "ReadPublic_fp.h" +#include "Rewrap_fp.h" +#include "SelfTest_fp.h" +#include "SequenceComplete_fp.h" +#include "SequenceUpdate_fp.h" +#include "SetAlgorithmSet_fp.h" +#include "SetCommandCodeAuditStatus_fp.h" +#include "SetPrimaryPolicy_fp.h" +#include "Shutdown_fp.h" +#include "Sign_fp.h" +#include "StartAuthSession_fp.h" +#include "Startup_fp.h" +#include "StirRandom_fp.h" +#include "TestParms_fp.h" +#include "Unseal_fp.h" +#include "VerifySignature_fp.h" +#include "ZGen_2Phase_fp.h" + +#ifdef __cplusplus +extern "C" { +#endif + + /* Recommended functions */ + + TPM_RC + TSS_Startup_In_Marshalu(const Startup_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Shutdown_In_Marshalu(const Shutdown_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SelfTest_In_Marshalu(const SelfTest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_IncrementalSelfTest_In_Marshalu(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_StartAuthSession_In_Marshalu(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyRestart_In_Marshalu(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Create_In_Marshalu(const Create_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Load_In_Marshalu(const Load_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_LoadExternal_In_Marshalu(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ReadPublic_In_Marshalu(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ActivateCredential_In_Marshalu(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_MakeCredential_In_Marshalu(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Unseal_In_Marshalu(const Unseal_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ObjectChangeAuth_In_Marshalu(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateLoaded_In_Marshalu(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Duplicate_In_Marshalu(const Duplicate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Rewrap_In_Marshalu(const Rewrap_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Import_In_Marshalu(const Import_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_RSA_Encrypt_In_Marshalu(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_RSA_Decrypt_In_Marshalu(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECDH_KeyGen_In_Marshalu(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECDH_ZGen_In_Marshalu(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECC_Parameters_In_Marshalu(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ZGen_2Phase_In_Marshalu(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EncryptDecrypt_In_Marshalu(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EncryptDecrypt2_In_Marshalu(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Hash_In_Marshalu(const Hash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HMAC_In_Marshalu(const HMAC_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetRandom_In_Marshalu(const GetRandom_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_StirRandom_In_Marshalu(const StirRandom_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HMAC_Start_In_Marshalu(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HashSequenceStart_In_Marshalu(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SequenceUpdate_In_Marshalu(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SequenceComplete_In_Marshalu(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EventSequenceComplete_In_Marshalu(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Certify_In_Marshalu(const Certify_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CertifyCreation_In_Marshalu(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CertifyX509_In_Marshalu(const CertifyX509_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Quote_In_Marshalu(const Quote_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetSessionAuditDigest_In_Marshalu(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCommandAuditDigest_In_Marshalu(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetTime_In_Marshalu(const GetTime_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Commit_In_Marshalu(const Commit_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EC_Ephemeral_In_Marshalu(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_VerifySignature_In_Marshalu(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Sign_In_Marshalu(const Sign_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SetCommandCodeAuditStatus_In_Marshalu(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Extend_In_Marshalu(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Event_In_Marshalu(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Read_In_Marshalu(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Allocate_In_Marshalu(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_SetAuthPolicy_In_Marshalu(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_SetAuthValue_In_Marshalu(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Reset_In_Marshalu(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicySigned_In_Marshalu(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicySecret_In_Marshalu(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyTicket_In_Marshalu(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyOR_In_Marshalu(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyPCR_In_Marshalu(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyLocality_In_Marshalu(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyNV_In_Marshalu(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyAuthorizeNV_In_Marshalu(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyCounterTimer_In_Marshalu(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyCommandCode_In_Marshalu(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyPhysicalPresence_In_Marshalu(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyCpHash_In_Marshalu(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyNameHash_In_Marshalu(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyDuplicationSelect_In_Marshalu(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyAuthorize_In_Marshalu(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyAuthValue_In_Marshalu(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyPassword_In_Marshalu(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyGetDigest_In_Marshalu(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyNvWritten_In_Marshalu(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyTemplate_In_Marshalu(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreatePrimary_In_Marshalu(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HierarchyControl_In_Marshalu(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SetPrimaryPolicy_In_Marshalu(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ChangePPS_In_Marshalu(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ChangeEPS_In_Marshalu(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Clear_In_Marshalu(const Clear_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ClearControl_In_Marshalu(const ClearControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HierarchyChangeAuth_In_Marshalu(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_DictionaryAttackLockReset_In_Marshalu(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_DictionaryAttackParameters_In_Marshalu(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PP_Commands_In_Marshalu(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SetAlgorithmSet_In_Marshalu(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ContextSave_In_Marshalu(const ContextSave_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ContextLoad_In_Marshalu(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_FlushContext_In_Marshalu(const FlushContext_In *source, UINT16 *written, BYTE **buffer, uint32_t *size) ; + TPM_RC + TSS_EvictControl_In_Marshalu(const EvictControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ClockSet_In_Marshalu(const ClockSet_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ClockRateAdjust_In_Marshalu(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCapability_In_Marshalu(const GetCapability_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TestParms_In_Marshalu(const TestParms_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_DefineSpace_In_Marshalu(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_UndefineSpace_In_Marshalu(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_UndefineSpaceSpecial_In_Marshalu(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadPublic_In_Marshalu(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Write_In_Marshalu(const NV_Write_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Increment_In_Marshalu(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Extend_In_Marshalu(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_SetBits_In_Marshalu(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_WriteLock_In_Marshalu(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_GlobalWriteLock_In_Marshalu(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Read_In_Marshalu(const NV_Read_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadLock_In_Marshalu(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ChangeAuth_In_Marshalu(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Certify_In_Marshalu(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + + /* Deprecated functions */ + + TPM_RC + TSS_Startup_In_Marshal(const Startup_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Shutdown_In_Marshal(const Shutdown_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SelfTest_In_Marshal(const SelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Create_In_Marshal(const Create_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Load_In_Marshal(const Load_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Unseal_In_Marshal(const Unseal_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Duplicate_In_Marshal(const Duplicate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Rewrap_In_Marshal(const Rewrap_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Import_In_Marshal(const Import_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Hash_In_Marshal(const Hash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HMAC_In_Marshal(const HMAC_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetRandom_In_Marshal(const GetRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_StirRandom_In_Marshal(const StirRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Certify_In_Marshal(const Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CertifyX509_In_Marshal(const CertifyX509_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Quote_In_Marshal(const Quote_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetTime_In_Marshal(const GetTime_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Commit_In_Marshal(const Commit_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Sign_In_Marshal(const Sign_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Clear_In_Marshal(const Clear_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ClearControl_In_Marshal(const ClearControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ContextSave_In_Marshal(const ContextSave_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_FlushContext_In_Marshal(const FlushContext_In *source, UINT16 *written, BYTE **buffer, INT32 *size) ; + TPM_RC + TSS_EvictControl_In_Marshal(const EvictControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ClockSet_In_Marshal(const ClockSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetCapability_In_Marshal(const GetCapability_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_TestParms_In_Marshal(const TestParms_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Write_In_Marshal(const NV_Write_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Read_In_Marshal(const NV_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size); + + /* Recommended functions */ + + TPM_RC + TSS_IncrementalSelfTest_Out_Unmarshalu(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetTestResult_Out_Unmarshalu(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_StartAuthSession_Out_Unmarshalu(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Create_Out_Unmarshalu(Create_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Load_Out_Unmarshalu(Load_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_LoadExternal_Out_Unmarshalu(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ReadPublic_Out_Unmarshalu(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ActivateCredential_Out_Unmarshalu(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_MakeCredential_Out_Unmarshalu(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Unseal_Out_Unmarshalu(Unseal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ObjectChangeAuth_Out_Unmarshalu(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateLoaded_Out_Unmarshalu(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Duplicate_Out_Unmarshalu(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Rewrap_Out_Unmarshalu(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Import_Out_Unmarshalu(Import_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_RSA_Encrypt_Out_Unmarshalu(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_RSA_Decrypt_Out_Unmarshalu(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECDH_KeyGen_Out_Unmarshalu(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECDH_ZGen_Out_Unmarshalu(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ECC_Parameters_Out_Unmarshalu(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ZGen_2Phase_Out_Unmarshalu(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EncryptDecrypt_Out_Unmarshalu(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EncryptDecrypt2_Out_Unmarshalu(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Hash_Out_Unmarshalu(Hash_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HMAC_Out_Unmarshalu(HMAC_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetRandom_Out_Unmarshalu(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HMAC_Start_Out_Unmarshalu(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_HashSequenceStart_Out_Unmarshalu(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_SequenceComplete_Out_Unmarshalu(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EventSequenceComplete_Out_Unmarshalu(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Certify_Out_Unmarshalu(Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CertifyCreation_Out_Unmarshalu(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CertifyX509_Out_Unmarshalu(CertifyX509_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Quote_Out_Unmarshalu(Quote_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetSessionAuditDigest_Out_Unmarshalu(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCommandAuditDigest_Out_Unmarshalu(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetTime_Out_Unmarshalu(GetTime_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Commit_Out_Unmarshalu(Commit_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_EC_Ephemeral_Out_Unmarshalu(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_VerifySignature_Out_Unmarshalu(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Sign_Out_Unmarshalu(Sign_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Event_Out_Unmarshalu(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Read_Out_Unmarshalu(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Allocate_Out_Unmarshalu(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicySigned_Out_Unmarshalu(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicySecret_Out_Unmarshalu(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PolicyGetDigest_Out_Unmarshalu(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreatePrimary_Out_Unmarshalu(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ContextSave_Out_Unmarshalu(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ContextLoad_Out_Unmarshalu(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ReadClock_Out_Unmarshalu(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCapability_Out_Unmarshalu(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadPublic_Out_Unmarshalu(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Read_Out_Unmarshalu(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_Certify_Out_Unmarshalu(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + + /* Deprecated functions */ + + TPM_RC + TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + TPM_RC + TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + + /* Recommended functions */ + + LIB_EXPORT TPM_RC + TSS_UINT8_Marshalu(const UINT8 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_INT8_Marshalu(const INT8 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT16_Marshalu(const UINT16 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT32_Marshalu(const uint32_t *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_INT32_Marshalu(const INT32 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_UINT64_Marshalu(const UINT64 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_Array_Marshalu(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_Marshalu(const TPM2B *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_KEY_BITS_Marshalu(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_GENERATED_Marshalu(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ALG_ID_Marshalu(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ECC_CURVE_Marshalu(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_RC_Marshalu(const TPM_RC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CLOCK_ADJUST_Marshalu(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_EO_Marshalu(const TPM_EO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_ST_Marshalu(const TPM_ST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_SU_Marshalu(const TPM_ST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_SE_Marshalu(const TPM_SE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CAP_Marshalu(const TPM_CAP *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_Marshalu(const TPM_PT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_PCR_Marshalu(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_HANDLE_Marshalu(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_ALGORITHM_Marshalu(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_OBJECT_Marshalu(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_SESSION_Marshalu(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_LOCALITY_Marshalu(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM_CC_Marshalu(const TPM_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_CC_Marshalu(const TPMA_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_YES_NO_Marshalu(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_OBJECT_Marshalu(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PERSISTENT_Marshalu(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_ENTITY_Marshalu(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PCR_Marshalu(const TPMI_DH_PCR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_AUTH_SESSION_Marshalu(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_HMAC_Marshalu(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_POLICY_Marshalu(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_CONTEXT_Marshalu(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_SAVED_Marshalu(const TPMI_DH_SAVED *source, uint16_t *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_Marshalu(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENABLES_Marshalu(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(const TPMI_RH_HIERARCHY_POLICY *source, uint16_t *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PLATFORM_Marshalu(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENDORSEMENT_Marshalu(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PROVISION_Marshalu(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_CLEAR_Marshalu(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_AUTH_Marshalu(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_LOCKOUT_Marshalu(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_INDEX_Marshalu(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_HASH_Marshalu(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_Marshalu(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_OBJECT_Marshalu(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_MODE_Marshalu(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KDF_Marshalu(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SIG_SCHEME_Marshalu(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_COMMAND_TAG_Marshalu(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_MAC_SCHEME_Marshalu(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_CIPHER_MODE_Marshalu(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_HA_Marshalu(const TPMU_HA *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_HA_Marshalu(const TPMT_HA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_DIGEST_Marshalu(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_DATA_Marshalu(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NONCE_Marshalu(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_AUTH_Marshalu(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_OPERAND_Marshalu(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_EVENT_Marshalu(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_BUFFER_Marshalu(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_NV_BUFFER_Marshalu(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_TIMEOUT_Marshalu(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_IV_Marshalu(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NAME_Marshalu(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_PCR_SELECTION_Marshalu(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_CREATION_Marshalu(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_VERIFIED_Marshalu(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_AUTH_Marshalu(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_HASHCHECK_Marshalu(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ALG_PROPERTY_Marshalu(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PROPERTY_Marshalu(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_CC_Marshalu(const TPML_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_CCA_Marshalu(const TPML_CCA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_Marshalu(const TPML_ALG *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_HANDLE_Marshalu(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_Marshalu(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_VALUES_Marshalu(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_PCR_SELECTION_Marshalu(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_PROPERTY_Marshalu(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPML_ECC_CURVE_Marshalu(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_CAPABILITIES_Marshalu(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMS_CAPABILITY_DATA_Marshalu(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CLOCK_INFO_Marshalu(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_INFO_Marshalu(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_ATTEST_INFO_Marshalu(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CERTIFY_INFO_Marshalu(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_QUOTE_INFO_Marshalu(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_INFO_Marshalu(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_CERTIFY_INFO_Marshalu(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_ATTEST_Marshalu(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_ATTEST_Marshalu(const TPMU_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMS_ATTEST_Marshalu(const TPMS_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ATTEST_Marshalu(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_AUTH_COMMAND_Marshalu(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_AES_KEY_BITS_Marshalu(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_KEY_BITS_Marshalu(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_MODE_Marshalu(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_Marshalu(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_OBJECT_Marshalu(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SYM_KEY_Marshalu(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_LABEL_Marshalu(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_DERIVE_Marshalu(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SYMCIPHER_PARMS_Marshalu(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_DATA_Marshalu(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SENSITIVE_CREATE_Marshalu(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_CREATE_Marshalu(const TPM2B_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HASH_Marshalu(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_ECDAA_Marshalu(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HMAC_Marshalu(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_XOR_Marshalu(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_SM2_Marshalu(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIG_SCHEME_Marshalu(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIG_SCHEME_Marshalu(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, uint32_t *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, uint32_t *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_MGF1_Marshalu(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF2_Marshalu(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_KDF_SCHEME_Marshalu(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KDF_SCHEME_Marshalu(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_ASYM_SCHEME_Marshalu(const TPMU_ASYM_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_SCHEME_Marshalu(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_SCHEME_Marshalu(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_DECRYPT_Marshalu(const TPMT_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RSA_KEY_BITS_Marshalu(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_PARAMETER_Marshalu(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_POINT_Marshalu(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_POINT_Marshalu(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_ECC_SCHEME_Marshalu(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_CURVE_Marshalu(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_ECC_SCHEME_Marshalu(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSA_Marshalu(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSASSA_Marshalu(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECC_Marshalu(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDSA_Marshalu(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDAA_Marshalu(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_SM2_Marshalu(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIGNATURE_Marshalu(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIGNATURE_Marshalu(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_PUBLIC_Marshalu(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_ID_Marshalu(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMS_KEYEDHASH_PARMS_Marshalu(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_RSA_PARMS_Marshalu(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_PARMS_Marshalu(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_PARMS_Marshalu(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_PARMS_Marshalu(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_Marshalu(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_D_Marshalu(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_Marshalu(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_TEMPLATE_Marshalu(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SENSITIVE_Marshalu(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_Marshalu(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_Marshalu(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ID_OBJECT_Marshalu(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMA_NV_Marshalu(const TPMA_NV *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_PUBLIC_Marshalu(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NV_PUBLIC_Marshalu(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_DATA_Marshalu(const TPM2B_CONTEXT_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CONTEXT_Marshalu(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_DATA_Marshalu(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CREATION_DATA_Marshalu(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size); + + /* Deprecated functions */ + + LIB_EXPORT TPM_RC + TSS_UINT8_Marshal(const UINT8 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_INT8_Marshal(const INT8 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_UINT16_Marshal(const UINT16 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_UINT32_Marshal(const UINT32 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_INT32_Marshal(const INT32 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_UINT64_Marshal(const UINT64 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_Array_Marshal(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_SE_Marshal(const TPM_SE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_MAC_SCHEME_Marshal(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_CIPHER_MODE_Marshal(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_DERIVE_Marshal(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); + LIB_EXPORT TPM_RC + TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC + TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal12.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal12.h new file mode 100644 index 000000000000..b2f21d47e832 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssmarshal12.h @@ -0,0 +1,192 @@ +/********************************************************************************/ +/* */ +/* TSS Marshal and Unmarshal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssmarshal12.h 1286 2018-07-27 19:20:16Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API should be stable, but is less guaranteed. + + It is useful for applications that have to marshal / unmarshal + structures for file save / load. +*/ + +#ifndef TSSMARSHAL12_H +#define TSSMARSHAL12_H + +#include "BaseTypes.h" +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC + TSS_ActivateIdentity_In_Marshalu(const ActivateIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateEndorsementKeyPair_In_Marshalu(const CreateEndorsementKeyPair_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateWrapKey_In_Marshalu(const CreateWrapKey_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Extend_In_Marshalu(const Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_FlushSpecific_In_Marshalu(const FlushSpecific_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCapability12_In_Marshalu(const GetCapability12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_LoadKey2_In_Marshalu(const LoadKey2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_MakeIdentity_In_Marshalu(const MakeIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_DefineSpace12_In_Marshalu(const NV_DefineSpace12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadValueAuth_In_Marshalu(const NV_ReadValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadValue_In_Marshalu(const NV_ReadValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_WriteValue_In_Marshalu(const NV_WriteValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_WriteValueAuth_In_Marshalu(const NV_WriteValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OwnerReadInternalPub_In_Marshalu(const OwnerReadInternalPub_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OwnerSetDisable_In_Marshalu(const OwnerSetDisable_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OSAP_In_Marshalu(const OSAP_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PcrRead12_In_Marshalu(const PcrRead12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PCR_Reset12_In_Marshalu(const PCR_Reset12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Quote2_In_Marshalu(const Quote2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ReadPubek_In_Marshalu(const ReadPubek_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Sign12_In_Marshalu(const Sign12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Startup12_In_Marshalu(const Startup12_In *source, UINT16 *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TakeOwnership_In_Marshalu(const TakeOwnership_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_ActivateIdentity_Out_Unmarshalu(ActivateIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateEndorsementKeyPair_Out_Unmarshalu(CreateEndorsementKeyPair_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_CreateWrapKey_Out_Unmarshalu(CreateWrapKey_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Extend_Out_Unmarshalu(Extend_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_GetCapability12_Out_Unmarshalu(GetCapability12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_LoadKey2_Out_Unmarshalu(LoadKey2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_MakeIdentity_Out_Unmarshalu(MakeIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadValueAuth_Out_Unmarshalu(NV_ReadValueAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NV_ReadValue_Out_Unmarshalu(NV_ReadValue_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OIAP_Out_Unmarshalu(OIAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OSAP_Out_Unmarshalu(OSAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_OwnerReadInternalPub_Out_Unmarshalu(OwnerReadInternalPub_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_PcrRead12_Out_Unmarshalu(PcrRead12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Quote2_Out_Unmarshalu(Quote2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_ReadPubek_Out_Unmarshalu(ReadPubek_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_Sign12_Out_Unmarshalu(Sign12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TakeOwnership_Out_Unmarshalu(TakeOwnership_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_TPM_STARTUP_TYPE_Marshalu(const TPM_STARTUP_TYPE *source, uint16_t *written, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_TPM_VERSION_Marshalu(const TPM_VERSION*source, uint16_t *written, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_TPM_PCR_SELECTION_Marshalu(const TPM_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PCR_INFO_SHORT_Marshalu(const TPM_PCR_INFO_SHORT *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_TPM_SYMMETRIC_KEY_Marshalu(const TPM_SYMMETRIC_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size); + + TPM_RC + TSS_TPM_RSA_KEY_PARMS_Marshalu(const TPM_RSA_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector); + TPM_RC + TSS_TPM4B_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector); + TPM_RC + TSS_TPM_KEY_PARMS_Marshalu(const TPM_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_STORE_PUBKEY_Marshalu(const TPM_STORE_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_KEY12_PUBKEY_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_PUBKEY_Marshalu(const TPM_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_KEY12_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_QUOTE_INFO2_Marshalu(const TPM_QUOTE_INFO2 *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_EK_BLOB_Marshalu(const TPM_EK_BLOB *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_EK_BLOB_ACTIVATE_Marshalu(const TPM_EK_BLOB_ACTIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_NV_ATTRIBUTES_Marshalu(const TPM_NV_ATTRIBUTES *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_NV_DATA_PUBLIC_Marshalu(const TPM_NV_DATA_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_TPM_CAP_VERSION_INFO_Marshalu(const TPM_CAP_VERSION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprint.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprint.h new file mode 100644 index 000000000000..46d9e87ced07 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprint.h @@ -0,0 +1,290 @@ +/********************************************************************************/ +/* */ +/* Structure Print Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API is not guaranteed to be stable, and the format of the + output is subject to change + + It is useful for application debug. +*/ + +#ifndef TSSPRINT_H +#define TSSPRINT_H + +#include +#include + +#include + +#define LOGLEVEL_INFO 6 /* LOGLEVEL_INFO prints a concise output */ +#define LOGLEVEL_DEBUG 7 /* LOGLEVEL_DEBUG prints a verbose output */ + +#ifdef __cplusplus +extern "C" { +#endif + + #ifdef TPM_TSS_NO_PRINT + + /* return code to eliminate "statement has no effect" compiler warning */ + extern int tssSwallowRc; + /* function prototype to match the printf prototype */ + int TSS_SwallowPrintf(const char *format, ...); + /* macro to compile out printf */ +#define printf tssSwallowRc = 0 && TSS_SwallowPrintf + + #endif + + LIB_EXPORT + uint32_t TSS_Array_Scan(unsigned char **data, size_t *len, const char *string); + LIB_EXPORT + void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length); + LIB_EXPORT + void TSS_PrintAlli(const char *string, unsigned int indent, + const unsigned char* buff, uint32_t length); + LIB_EXPORT + void TSS_PrintAllLogLevel(uint32_t log_level, const char *string, unsigned int indent, + const unsigned char* buff, uint32_t length); + LIB_EXPORT + void TSS_TPM2B_Print(const char *string, unsigned int indent, TPM2B *source); + LIB_EXPORT + void TSS_TPM_ALG_ID_Print(const char *string, TPM_ALG_ID source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_ECC_CURVE_Print(const char *string, TPM_ECC_CURVE source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_TAGGED_POLICY_Print(TPMS_TAGGED_POLICY *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_CC_Print(const char *string, TPM_CC source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_CLOCK_ADJUST_Print(const char *string, TPM_CLOCK_ADJUST source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_EO_Print(const char *string, TPM_EO source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_ST_Print(const char *string, TPM_ST source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_SU_Print(const char *string, TPM_SU source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_SE_Print(const char *string, TPM_SE source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_CAP_Print(const char *string, TPM_CAP source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_HANDLE_Print(const char *string, TPM_HANDLE source, unsigned int indent); + LIB_EXPORT + void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_OBJECT_Print(const char *string, TPMA_OBJECT source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_LOCALITY_Print(TPMA_LOCALITY source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_SESSION_Print(TPMA_SESSION source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_PERMANENT_Print(TPMA_PERMANENT source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_STARTUP_CLEAR_Print(TPMA_STARTUP_CLEAR source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_MEMORY_Print(TPMA_MEMORY source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_MODES_Print(TPMA_MODES source, unsigned int indent); + LIB_EXPORT + void TSS_TPMI_YES_NO_Print(const char *string, TPMI_YES_NO source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_HA_Print(TPMU_HA *source, uint32_t selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_HA_Print(TPMT_HA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_PCR_SELECT_Print(TPMS_PCR_SELECT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent); + LIB_EXPORT + void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_TK_CREATION_Print(TPMT_TK_CREATION *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_TK_VERIFIED_Print(TPMT_TK_VERIFIED *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_TK_AUTH_Print(TPMT_TK_AUTH *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_TK_HASHCHECK_Print(TPMT_TK_HASHCHECK *source, unsigned int indent); + LIB_EXPORT + void TSS_TPML_CC_Print(TPML_CC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPML_ALG_Print(TPML_ALG *source, unsigned int indent); + LIB_EXPORT + void TSS_TPML_DIGEST_Print(TPML_DIGEST *source, unsigned int indent); + LIB_EXPORT + void TSS_TPML_DIGEST_VALUES_Print(TPML_DIGEST_VALUES *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_COMMAND_AUDIT_INFO_Print(TPMS_COMMAND_AUDIT_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(TPMS_NV_DIGEST_CERTIFY_INFO *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMI_ST_ATTEST_Print(const char *string, TPMI_ST_ATTEST selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent); +#if 0 + LIB_EXPORT + void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent); +#endif + LIB_EXPORT + void TSS_TPMS_AUTH_COMMAND_Print(TPMS_AUTH_COMMAND *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_AUTH_RESPONSE_Print(TPMS_AUTH_RESPONSE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_SYM_KEY_BITS_Print(TPMU_SYM_KEY_BITS *source, TPMI_ALG_SYM selector, unsigned int indent); + LIB_EXPORT + void TSS_TPM_KEY_BITS_Print(TPM_KEY_BITS source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_SYM_DEF_Print(TPMT_SYM_DEF *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_DERIVE_Print(TPMS_DERIVE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SENSITIVE_CREATE_Print(TPMS_SENSITIVE_CREATE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_SENSITIVE_CREATE_Print(const char *string, TPM2B_SENSITIVE_CREATE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SCHEME_ECDAA_Print(TPMS_SCHEME_ECDAA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SCHEME_XOR_Print(TPMS_SCHEME_XOR *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_SCHEME_KEYEDHASH_Print(TPMU_SCHEME_KEYEDHASH *source, TPMI_ALG_KEYEDHASH_SCHEME selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_KEYEDHASH_SCHEME_Print(TPMT_KEYEDHASH_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_SIG_SCHEME_Print(TPMU_SIG_SCHEME *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_SIG_SCHEME_Print(TPMT_SIG_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_ASYM_SCHEME_Print(TPMU_ASYM_SCHEME *source, TPMI_ALG_ASYM_SCHEME selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_ASYM_SCHEME_Print(TPMT_ASYM_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_RSA_DECRYPT_Print(TPMT_RSA_DECRYPT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_ECC_POINT_Print(TPMS_ECC_POINT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_ECC_POINT_Print(const char *string, TPM2B_ECC_POINT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMI_ECC_CURVE_Print(const char *string, TPMI_ECC_CURVE source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_ALGORITHM_DETAIL_ECC_Print(TPMS_ALGORITHM_DETAIL_ECC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_SIGNATURE_ECC_Print(TPMS_SIGNATURE_ECC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMI_ALG_PUBLIC_Print(const char *string, TPMI_ALG_PUBLIC source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_KEYEDHASH_PARMS_Print(TPMS_KEYEDHASH_PARMS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_ASYM_PARMS_Print(TPMS_ASYM_PARMS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, UINT32 selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_PUBLIC_PARMS_Print(TPMT_PUBLIC_PARMS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_PUBLIC_Print(const char *string, TPM2B_PUBLIC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMU_SENSITIVE_COMPOSITE_Print(TPMU_SENSITIVE_COMPOSITE *source, uint32_t selector, unsigned int indent); + LIB_EXPORT + void TSS_TPMT_SENSITIVE_Print(TPMT_SENSITIVE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_SENSITIVE_Print(TPM2B_SENSITIVE *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_NV_PIN_COUNTER_PARAMETERS_Print(TPMS_NV_PIN_COUNTER_PARAMETERS *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_NV_PUBLIC_Print(TPMS_NV_PUBLIC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_NV_PUBLIC_Print(TPM2B_NV_PUBLIC *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CONTEXT_DATA_Print(TPMS_CONTEXT_DATA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CONTEXT_Print(TPMS_CONTEXT *source, unsigned int indent); + LIB_EXPORT + void TSS_TPMS_CREATION_DATA_Print(TPMS_CREATION_DATA *source, unsigned int indent); + LIB_EXPORT + void TSS_TPM2B_CREATION_DATA_Print(TPM2B_CREATION_DATA *source, unsigned int indent); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprintcmd.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprintcmd.h new file mode 100644 index 000000000000..eb717ba37410 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssprintcmd.h @@ -0,0 +1,172 @@ +/********************************************************************************/ +/* */ +/* Structure Print Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API is not guaranteed to be stable, and the format of the + output is subject to change + + It is useful for application debug. +*/ + +#ifndef TSSPRINTCMD_H +#define TSSPRINTCMD_H + +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + void ActivateCredential_In_Print(ActivateCredential_In *in, unsigned int indent); + void CertifyCreation_In_Print(CertifyCreation_In *in, unsigned int indent); + void CertifyX509_In_Print(CertifyX509_In *in, unsigned int indent); + void Certify_In_Print(Certify_In *in, unsigned int indent); + void ChangeEPS_In_Print(ChangeEPS_In *in, unsigned int indent); + void ChangePPS_In_Print(ChangePPS_In *in, unsigned int indent); + void ClearControl_In_Print(ClearControl_In *in, unsigned int indent); + void Clear_In_Print(Clear_In *in, unsigned int indent); + void ClockRateAdjust_In_Print(ClockRateAdjust_In *in, unsigned int indent); + void ClockSet_In_Print(ClockSet_In *in, unsigned int indent); + void Commit_In_Print(Commit_In *in, unsigned int indent); + void ContextLoad_In_Print(ContextLoad_In *in, unsigned int indent); + void ContextSave_In_Print(ContextSave_In *in, unsigned int indent); + void Create_In_Print(Create_In *in, unsigned int indent); + void CreateLoaded_In_Print(CreateLoaded_In *in, unsigned int indent); + void CreatePrimary_In_Print(CreatePrimary_In *in, unsigned int indent); + void DictionaryAttackLockReset_In_Print(DictionaryAttackLockReset_In *in, unsigned int indent); + void DictionaryAttackParameters_In_Print(DictionaryAttackParameters_In *in, unsigned int indent); + void Duplicate_In_Print(Duplicate_In *in, unsigned int indent); + void ECC_Parameters_In_Print(ECC_Parameters_In *in, unsigned int indent); + void ECDH_KeyGen_In_Print(ECDH_KeyGen_In *in, unsigned int indent); + void ECDH_ZGen_In_Print(ECDH_ZGen_In *in, unsigned int indent); + void EC_Ephemeral_In_Print(EC_Ephemeral_In *in, unsigned int indent); + void EncryptDecrypt_In_Print(EncryptDecrypt_In *in, unsigned int indent); + void EncryptDecrypt2_In_Print(EncryptDecrypt2_In *in, unsigned int indent); + void EventSequenceComplete_In_Print(EventSequenceComplete_In *in, unsigned int indent); + void EvictControl_In_Print(EvictControl_In *in, unsigned int indent); + void FlushContext_In_Print(FlushContext_In *in, unsigned int indent); + void GetCapability_In_Print(GetCapability_In *in, unsigned int indent); + void GetCommandAuditDigest_In_Print(GetCommandAuditDigest_In *in, unsigned int indent); + void GetRandom_In_Print(GetRandom_In *in, unsigned int indent); + void GetSessionAuditDigest_In_Print(GetSessionAuditDigest_In *in, unsigned int indent); + void GetTime_In_Print(GetTime_In *in, unsigned int indent); + void HMAC_Start_In_Print(HMAC_Start_In *in, unsigned int indent); + void HMAC_In_Print(HMAC_In *in, unsigned int indent); + void HashSequenceStart_In_Print(HashSequenceStart_In *in, unsigned int indent); + void Hash_In_Print(Hash_In *in, unsigned int indent); + void HierarchyChangeAuth_In_Print(HierarchyChangeAuth_In *in, unsigned int indent); + void HierarchyControl_In_Print(HierarchyControl_In *in, unsigned int indent); + void Import_In_Print(Import_In *in, unsigned int indent); + void IncrementalSelfTest_In_Print(IncrementalSelfTest_In *in, unsigned int indent); + void LoadExternal_In_Print(LoadExternal_In *in, unsigned int indent); + void Load_In_Print(Load_In *in, unsigned int indent); + void MakeCredential_In_Print(MakeCredential_In *in, unsigned int indent); + void NTC2_PreConfig_In_Print(NTC2_PreConfig_In *in, unsigned int indent); + void NV_Certify_In_Print(NV_Certify_In *in, unsigned int indent); + void NV_ChangeAuth_In_Print(NV_ChangeAuth_In *in, unsigned int indent); + void NV_DefineSpace_In_Print(NV_DefineSpace_In *in, unsigned int indent); + void NV_Extend_In_Print(NV_Extend_In *in, unsigned int indent); + void NV_GlobalWriteLock_In_Print(NV_GlobalWriteLock_In *in, unsigned int indent); + void NV_Increment_In_Print(NV_Increment_In *in, unsigned int indent); + void NV_ReadLock_In_Print(NV_ReadLock_In *in, unsigned int indent); + void NV_ReadPublic_In_Print(NV_ReadPublic_In *in, unsigned int indent); + void NV_Read_In_Print(NV_Read_In *in, unsigned int indent); + void NV_SetBits_In_Print(NV_SetBits_In *in, unsigned int indent); + void NV_UndefineSpaceSpecial_In_Print(NV_UndefineSpaceSpecial_In *in, unsigned int indent); + void NV_UndefineSpace_In_Print(NV_UndefineSpace_In *in, unsigned int indent); + void NV_WriteLock_In_Print(NV_WriteLock_In *in, unsigned int indent); + void NV_Write_In_Print(NV_Write_In *in, unsigned int indent); + void ObjectChangeAuth_In_Print(ObjectChangeAuth_In *in, unsigned int indent); + void PCR_Allocate_In_Print(PCR_Allocate_In *in, unsigned int indent); + void PCR_Event_In_Print(PCR_Event_In *in, unsigned int indent); + void PCR_Extend_In_Print(PCR_Extend_In *in, unsigned int indent); + void PCR_Read_In_Print(PCR_Read_In *in, unsigned int indent); + void PCR_Reset_In_Print(PCR_Reset_In *in, unsigned int indent); + void PCR_SetAuthPolicy_In_Print(PCR_SetAuthPolicy_In *in, unsigned int indent); + void PCR_SetAuthValue_In_Print(PCR_SetAuthValue_In *in, unsigned int indent); + void PP_Commands_In_Print(PP_Commands_In *in, unsigned int indent); + void PolicyAuthValue_In_Print(PolicyAuthValue_In *in, unsigned int indent); + void PolicyAuthorizeNV_In_Print(PolicyAuthorizeNV_In *in, unsigned int indent); + void PolicyAuthorize_In_Print(PolicyAuthorize_In *in, unsigned int indent); + void PolicyCommandCode_In_Print(PolicyCommandCode_In *in, unsigned int indent); + void PolicyCounterTimer_In_Print(PolicyCounterTimer_In *in, unsigned int indent); + void PolicyCpHash_In_Print(PolicyCpHash_In *in, unsigned int indent); + void PolicyDuplicationSelect_In_Print(PolicyDuplicationSelect_In *in, unsigned int indent); + void PolicyGetDigest_In_Print(PolicyGetDigest_In *in, unsigned int indent); + void PolicyLocality_In_Print(PolicyLocality_In *in, unsigned int indent); + void PolicyNV_In_Print(PolicyNV_In *in, unsigned int indent); + void PolicyNameHash_In_Print(PolicyNameHash_In *in, unsigned int indent); + void PolicyNvWritten_In_Print(PolicyNvWritten_In *in, unsigned int indent); + void PolicyOR_In_Print(PolicyOR_In *in, unsigned int indent); + void PolicyPCR_In_Print(PolicyPCR_In *in, unsigned int indent); + void PolicyPassword_In_Print(PolicyPassword_In *in, unsigned int indent); + void PolicyPhysicalPresence_In_Print(PolicyPhysicalPresence_In *in, unsigned int indent); + void PolicyRestart_In_Print(PolicyRestart_In *in, unsigned int indent); + void PolicySecret_In_Print(PolicySecret_In *in, unsigned int indent); + void PolicySigned_In_Print(PolicySigned_In *in, unsigned int indent); + void PolicyTemplate_In_Print(PolicyTemplate_In *in, unsigned int indent); + void PolicyTicket_In_Print(PolicyTicket_In *in, unsigned int indent); + void Quote_In_Print(Quote_In *in, unsigned int indent); + void RSA_Decrypt_In_Print(RSA_Decrypt_In *in, unsigned int indent); + void RSA_Encrypt_In_Print(RSA_Encrypt_In *in, unsigned int indent); + void ReadPublic_In_Print(ReadPublic_In *in, unsigned int indent); + void Rewrap_In_Print(Rewrap_In *in, unsigned int indent); + void SelfTest_In_Print(SelfTest_In *in, unsigned int indent); + void SequenceComplete_In_Print(SequenceComplete_In *in, unsigned int indent); + void SequenceUpdate_In_Print(SequenceUpdate_In *in, unsigned int indent); + void SetAlgorithmSet_In_Print(SetAlgorithmSet_In *in, unsigned int indent); + void SetCommandCodeAuditStatus_In_Print(SetCommandCodeAuditStatus_In *in, unsigned int indent); + void SetPrimaryPolicy_In_Print(SetPrimaryPolicy_In *in, unsigned int indent); + void Shutdown_In_Print(Shutdown_In *in, unsigned int indent); + void Sign_In_Print(Sign_In *in, unsigned int indent); + void StartAuthSession_In_Print(StartAuthSession_In *in, unsigned int indent); + void Startup_In_Print(Startup_In *in, unsigned int indent); + void StirRandom_In_Print(StirRandom_In *in, unsigned int indent); + void TestParms_In_Print(TestParms_In *in, unsigned int indent); + void Unseal_In_Print(Unseal_In *in, unsigned int indent); + void VerifySignature_In_Print(VerifySignature_In *in, unsigned int indent); + void ZGen_2Phase_In_Print(ZGen_2Phase_In *in, unsigned int indent); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssresponsecode.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssresponsecode.h new file mode 100644 index 000000000000..b3de0e83e6b9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssresponsecode.h @@ -0,0 +1,62 @@ +/********************************************************************************/ +/* */ +/* TSS Response Code Printer */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssresponsecode.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API likely to be stable, but the format and text output are + subject to change + + It is useful for application debug. +*/ + +#ifndef TSSRESPONSECODE_H +#define TSSRESPONSECODE_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + LIB_EXPORT + void TSS_ResponseCode_toString(const char **msg, const char **submsg, const char **num, TPM_RC rc); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsstransmit.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsstransmit.h new file mode 100644 index 000000000000..de35d92f7e99 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tsstransmit.h @@ -0,0 +1,80 @@ +/********************************************************************************/ +/* */ +/* TSS Transmit */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tsstransmit.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2017, 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSSTRANSMIT_H +#define TSSTRANSMIT_H + +#include + +#include + +/* copy of TpmTcpProtocol.h. These are only used with the SW TPM. */ +#define TPM_SIGNAL_POWER_ON 1 +#define TPM_SIGNAL_POWER_OFF 2 +#define TPM_SIGNAL_NV_ON 11 + +/* copy of TpmTcpProtocol.h. These are only used with the SW TPM, but they may be used with a + resource manager in the future. */ +#define TPM_SEND_COMMAND 8 +#define TPM_SESSION_END 20 +#define TPM_STOP 21 + +#ifdef __cplusplus +extern "C" { +#endif + LIB_EXPORT TPM_RC + TSS_TransmitPlatform(TSS_CONTEXT *tssContext, + uint32_t command, const char *message); + LIB_EXPORT TPM_RC + TSS_TransmitCommand(TSS_CONTEXT *tssContext, + uint32_t command, const char *message); + LIB_EXPORT TPM_RC + TSS_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message); + + LIB_EXPORT TPM_RC + TSS_Close(TSS_CONTEXT *tssContext); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssutils.h b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssutils.h new file mode 100644 index 000000000000..e0800d1a73c3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ibmtss/tssutils.h @@ -0,0 +1,101 @@ +/********************************************************************************/ +/* */ +/* TSS and Application Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssutils.h 1324 2018-08-31 16:36:12Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is a semi-public header. The API is subject to change. + + It is useful rapid application development, and as sample code. It is risky for production code. + +*/ + +#ifndef TSSUTILS_H +#define TSSUTILS_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + typedef TPM_RC (*UnmarshalFunction_t)(void *target, uint8_t **buffer, uint32_t *size); + typedef TPM_RC (*UnmarshalFunctionFlag_t)(void *target, uint8_t **buffer, uint32_t *size, BOOL allowNull); + typedef TPM_RC (*MarshalFunction_t)(void *source, uint16_t *written, uint8_t **buffer, uint32_t *size); + + LIB_EXPORT + TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size); + LIB_EXPORT + TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size); + + LIB_EXPORT + TPM_RC TSS_Structure_Marshal(uint8_t **buffer, + uint16_t *written, + void *structure, + MarshalFunction_t marshalFunction); + + LIB_EXPORT + TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize); + + LIB_EXPORT + TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize); + + LIB_EXPORT + TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize); + + LIB_EXPORT + TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize); + + LIB_EXPORT + TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize); + + LIB_EXPORT + BOOL TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual); + + LIB_EXPORT + uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg); + +#ifdef __cplusplus +} +#endif + +#ifndef TPM_TSS_NOFILE +#include +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/imaextend.c b/libstb/tss2/ibmtpm20tss/utils/imaextend.c new file mode 100644 index 000000000000..d685631d33eb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/imaextend.c @@ -0,0 +1,437 @@ +/********************************************************************************/ +/* */ +/* Extend an IMA measurement list into PCRs */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2014 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* imaextend is test/demo code. It parses a TPM 1.2 IMA event log file and extends the measurements + into TPM PCRs. This simulates the actions that would be performed by the Linux kernel IMA in a + hardware platform. + + To test incremental attestations, the caller can optionally specify a beginning event number and + ending event number. + + To test a platform without a TPM or TPM device driver, but where IMA is creating an event log, + the caller can optionally specify a sleep time. The program will then incrementally extend after + each sleep. +*/ + +#include +#include +#include + +#include + +#include +#include +#include +#include + +#include "imalib.h" + +/* local prototypes */ + +static TPM_RC copyDigest(PCR_Extend_In *in, + ImaEvent *imaEvent); +static TPM_RC pcrread(TSS_CONTEXT *tssContext, + TPMI_DH_PCR pcrHandle); +static void printUsage(void); + +extern int tssUtilsVerbose; +int vverbose = FALSE; + +int main(int argc, char * argv[]) +{ + TPM_RC rc = 0; + int i = 0; + TSS_CONTEXT *tssContext = NULL; + PCR_Extend_In in; + const char *infilename = NULL; + FILE *infile = NULL; + int littleEndian = FALSE; + int sim = FALSE; /* extend into simulated PCRs */ + uint32_t bankNum = 0; /* PCR hash bank, 0 is SHA-1, 1 is + SHA-256 */ + unsigned int pcrNum = 0; /* PCR number iterator */ + TPMT_HA simPcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR]; + unsigned long beginEvent = 0; /* default beginning of log */ + unsigned long endEvent = 0xffffffff; /* default end of log */ + unsigned int loopTime = 0; /* default no loop */ + ImaEvent imaEvent; + unsigned int lineNum; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; i= beginEvent) && (lineNum <= endEvent) && !endOfFile) { + /* debug tracing */ + if (rc == 0) { + ImaTemplateData imaTemplateData; + if (tssUtilsVerbose) printf("\n"); + printf("imaextend: line %u\n", lineNum); + if (tssUtilsVerbose) { + IMA_Event_Trace(&imaEvent, FALSE); + /* unmarshal the template data */ + if (rc == 0) { + rc = IMA_TemplateData_ReadBuffer(&imaTemplateData, + &imaEvent, + littleEndian); + } + if (rc == 0) { + IMA_TemplateData_Trace(&imaTemplateData, + imaEvent.nameInt); + } + else { + printf("imaextend: Error parsing template data, event %u\n", lineNum); + rc = 0; /* not a fatal error */ + } + } + } + if (!sim) { + if (rc == 0) { + in.pcrHandle = imaEvent.pcrIndex; /* normally PCR 10 */ + } + /* copy the SHA-1 digest to be extended into the SHA-1 and SHA-256 banks */ + if (rc == 0) { + rc = copyDigest(&in, &imaEvent); + } + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0 && tssUtilsVerbose) { + rc = pcrread(tssContext, imaEvent.pcrIndex); + } + } + else { /* sim */ + /* even though IMA_Event_ReadFile() range checks the PCR index, range check it + again here to silence the static analysis tool */ + if (rc == 0) { + if (imaEvent.pcrIndex >= IMPLEMENTATION_PCR) { + printf("imaextend: PCR index %u %08x out of range\n", + imaEvent.pcrIndex, imaEvent.pcrIndex); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + if (rc == 0) { + rc = IMA_Event_PcrExtend(simPcrs, &imaEvent); + } + if (rc == 0 && tssUtilsVerbose) { + TSS_PrintAll("PCR digest SHA-1", + simPcrs[0][imaEvent.pcrIndex].digest.tssmax, + SHA1_DIGEST_SIZE); + TSS_PrintAll("PCR digest SHA-256", + simPcrs[1][imaEvent.pcrIndex].digest.tssmax, + SHA256_DIGEST_SIZE); + + + } + } + } /* for each IMA event in range */ + IMA_Event_Free(&imaEvent); + } /* for each IMA event line */ + if (tssUtilsVerbose && (loopTime != 0)) printf("set beginEvent to %u\n", lineNum-1); + beginEvent = lineNum-1; /* remove the last increment at EOF */ + if (infile != NULL) { + fclose(infile); + } +#ifdef TPM_POSIX + sleep(loopTime); +#endif +#ifdef TPM_WINDOWS + Sleep(loopTime * 1000); +#endif + + } while ((rc == 0) && (loopTime != 0)); /* sleep loop */ + if (!sim) { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + else { /* sim */ + for (bankNum = 0 ; (rc == 0) && (bankNum < IMA_PCR_BANKS) ; bankNum++) { + TSS_TPM_ALG_ID_Print("algorithmId", simPcrs[bankNum][0].hashAlg, 0); + for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) { + char pcrString[9]; /* PCR number */ + uint16_t digestSize; + sprintf(pcrString, "PCR %02u:", pcrNum); + /* TSS_PrintAllLogLevel() with a log level of LOGLEVEL_INFO to print the byte + array on one line with no length */ + digestSize = TSS_GetDigestSize(simPcrs[bankNum][pcrNum].hashAlg); + TSS_PrintAllLogLevel(LOGLEVEL_INFO, pcrString, 1, + simPcrs[bankNum][pcrNum].digest.tssmax, + digestSize); + } + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("imaextend: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("imaextend: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static TPM_RC copyDigest(PCR_Extend_In *in, + ImaEvent *imaEvent) +{ + TPM_RC rc = 0; + unsigned char zeroDigest[SHA1_DIGEST_SIZE]; + int notAllZero; + if (rc == 0) { + memset(zeroDigest, 0, SHA1_DIGEST_SIZE); + notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE); + /* the SHA-256 bank has already been 0 extended, so only the first 20 bytes need be + copied */ + if (notAllZero) { + memcpy((uint8_t *)&in->digests.digests[0].digest, imaEvent->digest, SHA1_DIGEST_SIZE); + memcpy((uint8_t *)&in->digests.digests[1].digest, imaEvent->digest, SHA1_DIGEST_SIZE); + } + /* IMA has a quirk where some measurements store a zero digest in the event log, but + extend ones into PCR 10 */ + else { + memset((uint8_t *)&in->digests.digests[0].digest, 0xff, SHA1_DIGEST_SIZE); + memset((uint8_t *)&in->digests.digests[1].digest, 0xff, SHA1_DIGEST_SIZE); + } + } + return rc; +} + +static TPM_RC pcrread(TSS_CONTEXT *tssContext, + TPMI_DH_PCR pcrHandle) +{ + TPM_RC rc = 0; + /* for debug, read back and trace the PCR value after the extend */ + PCR_Read_In pcrReadIn; + PCR_Read_Out pcrReadOut; + + if (rc == 0) { + pcrReadIn.pcrSelectionIn.count = 2; + pcrReadIn.pcrSelectionIn.pcrSelections[0].hash = TPM_ALG_SHA1; + pcrReadIn.pcrSelectionIn.pcrSelections[1].hash = TPM_ALG_SHA256; + pcrReadIn.pcrSelectionIn.pcrSelections[0].sizeofSelect = 3; + pcrReadIn.pcrSelectionIn.pcrSelections[1].sizeofSelect = 3; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[0] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[1] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[2] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[0] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[1] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[2] = 0; + pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[pcrHandle / 8] = + 1 << (pcrHandle % 8); + pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[pcrHandle / 8] = + 1 << (pcrHandle % 8); + } + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&pcrReadOut, + (COMMAND_PARAMETERS *)&pcrReadIn, + NULL, + TPM_CC_PCR_Read, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + TSS_PrintAll("PCR digest SHA-1", + pcrReadOut.pcrValues.digests[0].t.buffer, + pcrReadOut.pcrValues.digests[0].t.size); + TSS_PrintAll("PCR digest SHA-256", + pcrReadOut.pcrValues.digests[1].t.buffer, + pcrReadOut.pcrValues.digests[1].t.size); + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("imaextend\n"); + printf("\n"); + printf("Runs TPM2_PCR_Extend to Extend a SHA-1 IMA measurement file (binary) into TPM PCRs\n"); + printf("The IMA measurement is directly extended into the SHA-1 bank, and a zero padded\n"); + printf("measurement is extended into the SHA-256 bank\n"); + printf("\n"); + printf("This handles the case where a zero measurement extends ones into the IMA PCR\n"); + printf("\n"); + printf("If -sim is specified, TPM PCRs are not extended. Rather, imaextend extends into\n"); + printf("simluated PCRs and traces the result.\n"); + printf("\n"); + printf("\t-if\tIMA event log file name\n"); + printf("\t[-le\tinput file is little endian (default big endian)]\n"); + printf("\t[-sim\tcalculate simulated PCRs]\n"); + printf("\t[-b\tbeginning entry (default 0, beginning of log)]\n"); + printf("\t\tA beginning entry after the end of the log becomes a noop\n"); + printf("\t[-e\tending entry (default end of log)]\n"); + printf("\t\tE.g., -b 0 -e 0 sends one entry\n"); + printf("\t[-l\ttime - run in a continuous loop, with a sleep of 'time' seconds betwteen loops]\n"); + printf("\t\tThe intent is that this be run without specifying -b and -e\n"); + printf("\t\tAfer each pass, the next beginning entry is set to the last entry +1\n"); + printf("\n"); + exit(1); +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/imalib.c b/libstb/tss2/ibmtpm20tss/utils/imalib.c new file mode 100644 index 000000000000..06373c50b38f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/imalib.c @@ -0,0 +1,1832 @@ +/********************************************************************************/ +/* */ +/* IMA Routines */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* imalib is a set of utility functions to handle IMA (Integrity Measurement Architecture) event + logs. + +*/ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif + +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include + +#include +#include +#include +#include +#include + +#include "imalib.h" + +#define IMA_PARSE_FUNCTIONS_MAX 128 + +static uint32_t IMA_Uint32_Convert(const uint8_t *stream, + int littleEndian); +static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src, + size_t destLength, size_t srcLength); +static void IMA_Event_ParseName(ImaEvent *imaEvent); + +static uint32_t IMA_TemplateData_ReadFile(ImaEvent *imaEvent, + int *endOfFile, + FILE *inFile, + int littleEndian); +static uint32_t IMA_TemplateDataIma_ReadFile(ImaEvent *imaEvent, + int *endOfFile, + FILE *inFile, + int littleEndian); + +/* callback to parse a template data field */ + +typedef uint32_t (*TemplateDataParseFunction_t)(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_TemplateName_Parse(TemplateDataParseFunction_t templateDataParseFunctions[], + size_t templateDataParseFunctionsSize, + ImaEvent *imaEvent); +static uint32_t +IMA_TemplateName_ParseCustom(TemplateDataParseFunction_t templateDataParseFunctions[], + size_t templateDataParseFunctionsSize, + ImaEvent *imaEvent); +static uint32_t IMA_ParseD(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseDNG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseNNG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseDMODSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseMODSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); +static uint32_t IMA_ParseBUF(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian); + +extern int tssUtilsVerbose; + +/* IMA_Event_Init() initializes the ImaEvent structure so that IMA_Event_Free() is safe. + + */ + +void IMA_Event_Init(ImaEvent *imaEvent) +{ + if (imaEvent != NULL) { + imaEvent->nameInt = IMA_UNSUPPORTED; + imaEvent->template_data = NULL; + } + return; +} + +/* IMA_Event_Free() frees any memory allocated for the ImaEvent structure. + + */ + +void IMA_Event_Free(ImaEvent *imaEvent) +{ + if (imaEvent != NULL) { + free(imaEvent->template_data); + imaEvent->template_data = NULL; + } + return; +} + +/* IMA_Event_Trace() traces the ImaEvent structure. + + If traceTemplate is FALSE, template data is not traced. This handles the case where template + data is not unmarshaled. + +*/ + +void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate) +{ + printf("IMA_Event_Trace: PCR index %u\n", imaEvent->pcrIndex); + TSS_PrintAll("IMA_Event_Trace: hash", + imaEvent->digest, sizeof(((ImaEvent *)NULL)->digest)); + + printf("IMA_Event_Trace: name length %u\n", imaEvent->name_len); + printf("IMA_Event_Trace: name %s\n", imaEvent->name); + printf("IMA_Event_Trace: name integer %u\n", imaEvent->nameInt); + printf("IMA_Event_Trace: template data length %u\n", imaEvent->template_data_len); + /* in some use cases, the template_data field is not populated. In those cases, do not trace + it. */ + if (traceTemplate) { + TSS_PrintAll("IMA_Event_Trace: template data", + imaEvent->template_data, imaEvent->template_data_len); + } + return; +} + +/* IMA_Event_ParseName() parses the Template Name and sets the nameInt field */ + +static void IMA_Event_ParseName(ImaEvent *imaEvent) +{ + if (strcmp(imaEvent->name, "ima-ng") == 0) { + imaEvent->nameInt = IMA_FORMAT_IMA_NG; + } + else if (strcmp(imaEvent->name, "ima-sig") == 0) { + imaEvent->nameInt = IMA_FORMAT_IMA_SIG; + } + else if (strcmp(imaEvent->name, "ima") == 0) { + imaEvent->nameInt = IMA_FORMAT_IMA; + } + else if (strcmp(imaEvent->name, "ima-modsig") == 0) { + imaEvent->nameInt = IMA_FORMAT_MODSIG; + } + else if (strcmp(imaEvent->name, "ima-buf") == 0) { + imaEvent->nameInt = IMA_FORMAT_BUF; + } + /* the template data parser currently supports only these formats. */ + else { + imaEvent->nameInt = IMA_UNSUPPORTED; + } + return; +} + +void IMA_TemplateData_Init(ImaTemplateData *imaTemplateData) +{ + imaTemplateData->imaTemplateDNG.hashLength = 0; + imaTemplateData->imaTemplateDNG.fileDataHashLength = 0; + imaTemplateData->imaTemplateNNG.fileNameLength = 0; + imaTemplateData->imaTemplateNNG.fileName[0] = '\0'; + imaTemplateData->imaTemplateSIG.sigLength = 0; + imaTemplateData->imaTemplateSIG.sigHeaderLength = 0; + imaTemplateData->imaTemplateSIG.signatureSize = 0; + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength = 0; + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength = 0; + imaTemplateData->imaTemplateMODSIG.modSigLength = 0; + imaTemplateData->imaTemplateBUF.bufLength = 0; + return; +} + +/* IMA_TemplateData_Trace() traces the ImaTemplateData structure. + + nameInt maps to the template name. + +*/ + +void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData, + unsigned int nameInt) +{ + nameInt = nameInt; /* obsolete now that custom templates are supported */ + /* d-ng */ + printf("IMA_TemplateData_Trace: DNG hashLength %u\n", imaTemplateData->imaTemplateDNG.hashLength); + printf("IMA_TemplateData_Trace: DNG hashAlg %s\n", imaTemplateData->imaTemplateDNG.hashAlg); + TSS_PrintAll("IMA_Template_Trace: DNG file data hash", + imaTemplateData->imaTemplateDNG.fileDataHash, + imaTemplateData->imaTemplateDNG.fileDataHashLength); + /* n-ng */ + printf("IMA_TemplateData_Trace: NNG fileNameLength %u\n", + imaTemplateData->imaTemplateNNG.fileNameLength); + if (imaTemplateData->imaTemplateNNG.fileNameLength > 0) { + printf("IMA_TemplateData_Trace: NNG fileName %s\n", imaTemplateData->imaTemplateNNG.fileName); + } + /* sig */ + printf("IMA_TemplateData_Trace: SIG sigLength %u\n", imaTemplateData->imaTemplateSIG.sigLength); + if (imaTemplateData->imaTemplateSIG.sigLength != 0) { + TSS_PrintAll("IMA_TemplateData_Trace: sigHeader", + imaTemplateData->imaTemplateSIG.sigHeader, + imaTemplateData->imaTemplateSIG.sigHeaderLength); + printf("IMA_TemplateData_Trace: SIG signatureSize %u\n", + imaTemplateData->imaTemplateSIG.signatureSize); + TSS_PrintAll("IMA_TemplateData_Trace: SIG signature", + imaTemplateData->imaTemplateSIG.signature, + imaTemplateData->imaTemplateSIG.signatureSize); + } + /* d-modsig */ + printf("IMA_TemplateData_Trace: DMODSIG dModSigHashLength %u\n", + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength); + if (imaTemplateData->imaTemplateDMODSIG.dModSigHashLength != 0) { + printf("IMA_TemplateData_Trace: DMODSIG dModSigHashAlg %s\n", + imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg); + TSS_PrintAll("IMA_Template_Trace: DMODSIG file data hash", + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHash, + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength); + } + /* modsig */ + printf("IMA_TemplateData_Trace: MODSIG modSigLength %u\n", + imaTemplateData->imaTemplateMODSIG.modSigLength); + if (imaTemplateData->imaTemplateMODSIG.modSigLength != 0) { + TSS_PrintAll("IMA_TemplateData_Trace: MODSIG modSigData", + imaTemplateData->imaTemplateMODSIG.modSigData, + imaTemplateData->imaTemplateMODSIG.modSigLength); +#ifndef TPM_TSS_MBEDTLS + { + PKCS7 *pkcs7 = NULL; + unsigned char *tmpData = NULL; + /* tmp pointer because d2i moves the pointer */ + tmpData = imaTemplateData->imaTemplateMODSIG.modSigData; + pkcs7 = d2i_PKCS7(NULL, /* freed @1 */ + (const unsigned char **)&tmpData, + imaTemplateData->imaTemplateMODSIG.modSigLength); + if (pkcs7 != NULL) { + BIO *bio = NULL; + bio = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); /* freed @2 */ + if (bio != NULL) { + PKCS7_print_ctx(bio, pkcs7, 4, NULL); + BIO_free(bio); /* @2 */ + } + else { + printf("IMA_TemplateData_Trace: MODSIG Could not create BIO for PKCS7\n"); + } + PKCS7_free(pkcs7); /* @1 */ + } + else { + printf("IMA_TemplateData_Trace: MODSIG Could not trace modSigData as PKCS7\n"); + } + } +#endif /* TPM_TSS_MBEDTLS */ + } + /* buf */ + printf("IMA_TemplateData_Trace: BUF bufLength %u\n", imaTemplateData->imaTemplateBUF.bufLength); + if (imaTemplateData->imaTemplateBUF.bufLength != 0) { + TSS_PrintAll("IMA_TemplateData_Trace: BUF bufData", + imaTemplateData->imaTemplateBUF.bufData, imaTemplateData->imaTemplateBUF.bufLength); +#ifndef TPM_TSS_MBEDTLS + if ((strcmp((const char *)imaTemplateData->imaTemplateNNG.fileName, ".builtin_trusted_keys") == 0) || + (strcmp((const char *)imaTemplateData->imaTemplateNNG.fileName, ".ima") == 0)) { + { + X509 *x509 = NULL; + unsigned char *tmpData = NULL; + /* tmp pointer because d2i moves the pointer */ + tmpData = imaTemplateData->imaTemplateBUF.bufData; + x509 = d2i_X509(NULL, /* freed @1 */ + (const unsigned char **)&tmpData, + imaTemplateData->imaTemplateBUF.bufLength); + if (x509 != NULL) { + X509_print_fp(stdout, x509); + X509_free(x509); /* @1 */ + } + else { + printf("IMA_TemplateData_Trace: BUF Could not trace bufData as X509\n"); + } + } + + } +#endif /* TPM_TSS_MBEDTLS */ + } + return; +} + +/* IMA_Event_ReadFile() reads one IMA event from a file. + + It currently supports these template formats: ima, ima-ng, ima-sig. + + This is typically used at the client, reading from the pseudofile. +*/ + +uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent, /* freed by caller */ + int *endOfFile, + FILE *inFile, + int littleEndian) +{ + int rc = 0; + size_t readSize; + *endOfFile = FALSE; + + imaEvent->template_data = NULL; /* for free */ + + /* read the IMA PCR index */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&(imaEvent->pcrIndex), + sizeof(((ImaEvent *)NULL)->pcrIndex), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_Event_ReadFile: could not read pcrIndex, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* PCR index endian convert */ + if ((rc == 0) && !(*endOfFile)) { + imaEvent->pcrIndex = IMA_Uint32_Convert((uint8_t *)&imaEvent->pcrIndex, littleEndian); + /* range check the PCR index */ + if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) { + printf("ERROR: IMA_Event_ReadFile: PCR index %u %08x out of range\n", + imaEvent->pcrIndex, imaEvent->pcrIndex); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* read the IMA digest, this is hard coded to SHA-1 */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&(imaEvent->digest), + sizeof(((ImaEvent *)NULL)->digest), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_Event_ReadFile: could not read digest, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* read the IMA name length */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&(imaEvent->name_len), + sizeof(((ImaEvent *)NULL)->name_len), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_Event_ReadFile: could not read name_len, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + if ((rc == 0) && !(*endOfFile)) { + imaEvent->name_len = IMA_Uint32_Convert((uint8_t *)&imaEvent->name_len, littleEndian); + } + /* bounds check the name length, leave a byte for the nul terminator */ + if ((rc == 0) && !(*endOfFile)) { + if (imaEvent->name_len > (sizeof(((ImaEvent *)NULL)->name)) -1) { + printf("ERROR: IMA_Event_ReadFile: template name length too big: %u\n", + imaEvent->name_len); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* read the template name */ + if ((rc == 0) && !(*endOfFile)) { + /* nul terminate first */ + memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name)); + readSize = fread(&(imaEvent->name), + imaEvent->name_len, 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_Event_ReadFile: could not read template name, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* record the template name as an int */ + if ((rc == 0) && !(*endOfFile)) { + IMA_Event_ParseName(imaEvent); + } + if ((rc == 0) && !(*endOfFile)) { + if (imaEvent->nameInt != IMA_FORMAT_IMA) { /* standard format */ + rc = IMA_TemplateData_ReadFile(imaEvent, endOfFile, inFile, littleEndian); + } + else { /* unique 'ima' format */ + rc = IMA_TemplateDataIma_ReadFile(imaEvent, endOfFile, inFile, littleEndian); + } + } + return rc; +} + +/* IMA_TemplateData_ReadFile() reads the template data as a pure array. It handles the normal case + of template data length plus template data. +*/ + +static uint32_t IMA_TemplateData_ReadFile(ImaEvent *imaEvent, /* freed by caller */ + int *endOfFile, + FILE *inFile, + int littleEndian) +{ + int rc = 0; + size_t readSize; + + /* read template data length */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&(imaEvent->template_data_len), + sizeof(((ImaEvent *)NULL)->template_data_len ), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_TemplateData_ReadFile: could not read template_data_len, " + " returned %lu\n", (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + if ((rc == 0) && !(*endOfFile)) { + imaEvent->template_data_len = + IMA_Uint32_Convert((uint8_t *)&imaEvent->template_data_len, + littleEndian); + } + /* bounds check the template data length */ + if ((rc == 0) && !(*endOfFile)) { + if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) { + printf("ERROR: IMA_TemplateData_ReadFile: template data length too big: %u\n", + imaEvent->template_data_len); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if ((rc == 0) && !(*endOfFile)) { + imaEvent->template_data = malloc(imaEvent->template_data_len); + if (imaEvent->template_data == NULL) { + printf("ERROR: IMA_TemplateData_ReadFile: " + "could not allocate template data, size %u\n", + imaEvent->template_data_len); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(imaEvent->template_data, + imaEvent->template_data_len, 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_Event_ReadFile: could not read template_data, " + "returned %lu\n", (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + return rc; +} + +/* IMA_TemplateDataIma_ReadFile() reads the template data. It handles the special case of the + template name 'ima', which does not have a template data length. 'ima' has a 20 byte file data + hash, a 4 byte file name length, and a file name. +*/ + +static uint32_t IMA_TemplateDataIma_ReadFile(ImaEvent *imaEvent, /* freed by caller */ + int *endOfFile, + FILE *inFile, + int littleEndian) +{ + int rc = 0; + size_t readSize; + uint8_t fileDataHash[SHA1_DIGEST_SIZE]; /* IMA hard coded to SHA-1 */ + uint32_t fileNameLengthIbo; /* ima log byte order */ + uint32_t fileNameLength; /* host byte order */ + + /* read the fileDataHash digest, this is hard coded to SHA-1 */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&fileDataHash, + sizeof(fileDataHash), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_TemplateDataIma_ReadFile: " + "could not read fileDataHash, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + /* read the IMA name length */ + if ((rc == 0) && !(*endOfFile)) { + readSize = fread(&fileNameLengthIbo, + sizeof(fileNameLength), 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_TemplateDataIma_ReadFile: " + "could not read fileNameLength, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + if ((rc == 0) && !(*endOfFile)) { + fileNameLength = IMA_Uint32_Convert((uint8_t *)&fileNameLengthIbo, littleEndian); + /* should check for addition overflowing a uint32_t */ + if (fileNameLength > (0xffffffff - (uint32_t)(sizeof(fileDataHash) + sizeof(fileNameLength)))) { + printf("ERROR: IMA_TemplateDataIma_ReadFile: file name length too big: %u\n", + fileNameLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if ((rc == 0) && !(*endOfFile)) { + /* addition is safe because of above check */ + imaEvent->template_data_len = sizeof(fileDataHash) + sizeof(fileNameLength) + fileNameLength; + } + /* bounds check the template data length */ + if ((rc == 0) && !(*endOfFile)) { + if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) { + printf("ERROR: IMA_TemplateDataIma_ReadFile: template data length too big: %u\n", + imaEvent->template_data_len); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if ((rc == 0) && !(*endOfFile)) { + imaEvent->template_data = malloc(imaEvent->template_data_len); + if (imaEvent->template_data == NULL) { + printf("ERROR: IMA_TemplateData_ReadFile: " + "could not allocate template data, size %u\n", + imaEvent->template_data_len); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* copy results to template_data */ + if ((rc == 0) && !(*endOfFile)) { + /* copy file data hash */ + memcpy(imaEvent->template_data, fileDataHash, sizeof(fileDataHash)); + /* copy file name length */ + memcpy(imaEvent->template_data + sizeof(fileDataHash), + &fileNameLength, sizeof(fileNameLength)); + /* read and copy the file name */ + readSize = fread(imaEvent->template_data + sizeof(fileDataHash) + sizeof(fileNameLength), + fileNameLength, 1, inFile); + if (readSize != 1) { + if (feof(inFile)) { + *endOfFile = TRUE; + } + else { + printf("ERROR: IMA_TemplateDataIma_ReadFile: " + "could not read fileNameLength, returned %lu\n", + (unsigned long)readSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + } + return rc; +} + +/* IMA_Event_ReadBuffer() reads one IMA event from a buffer. + + This is typically used at the server, reading from a client connection. + + Although the raw IMA event log 'ima' template does not have a template data length, this function + at the server assumes it has been inserted by the client. + + If getTemplate is TRUE, the template data is copied to a malloced imaEvent->template_data. If + FALSE, template data is skipped. FALSE is used for the first pass, where the template data is not + needed until the hash is validated. + +*/ + +uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent, /* freed by caller */ + size_t *length, + uint8_t **buffer, + int *endOfBuffer, + int littleEndian, + int getTemplate) +{ + int rc = 0; + + imaEvent->template_data = NULL; /* for free */ + if (*length == 0) { + *endOfBuffer = 1; + } + else { + /* read the IMA pcr index */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_Event_ReadBuffer: buffer too small for PCR index\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaEvent->pcrIndex = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* sanity check the PCR index */ + if (rc == 0) { + if (imaEvent->pcrIndex != IMA_PCR) { + printf("ERROR: IMA_Event_ReadBuffer: PCR index %u not PCR %u\n", + IMA_PCR, imaEvent->pcrIndex); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* read the IMA digest, this is hard coded to SHA-1 */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(((ImaEvent *)NULL)->digest)) { + printf("ERROR: IMA_Event_ReadBuffer: buffer too small for IMA digest\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaEvent->digest), *buffer, sizeof(((ImaEvent *)NULL)->digest)); + *buffer += sizeof(((ImaEvent *)NULL)->digest); + *length -= sizeof(((ImaEvent *)NULL)->digest); + } + } + /* read the IMA name length */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_Event_ReadBuffer: " + "buffer too small for IMA template name length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaEvent->name_len = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* read the template name */ + if (rc == 0) { + /* bounds check the name length */ + if (imaEvent->name_len > TCG_EVENT_NAME_LEN_MAX) { + printf("ERROR: IMA_Event_ReadBuffer: Error, template name length too big: %u\n", + imaEvent->name_len); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (*length < imaEvent->name_len) { + printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template name\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + /* nul terminate first */ + memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name)); + memcpy(&(imaEvent->name), *buffer, imaEvent->name_len); + *buffer += imaEvent->name_len; + *length -= imaEvent->name_len; + } + } + /* record the template name as an int */ + if (rc == 0) { + IMA_Event_ParseName(imaEvent); + } + /* read the template data length */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaEvent->template_data_len = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* allocate for the template data */ + if (rc == 0) { + if (getTemplate) { + /* bounds check the template data length */ + if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) { + printf("ERROR: IMA_Event_ReadBuffer: template data length too big: %u\n", + imaEvent->template_data_len); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (*length < imaEvent->template_data_len) { + printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + if (rc == 0) { + imaEvent->template_data = malloc(imaEvent->template_data_len); + if (imaEvent->template_data == NULL) { + printf("ERROR: IMA_Event_ReadBuffer: " + "could not allocate template data, size %u\n", + imaEvent->template_data_len); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + memcpy(imaEvent->template_data, *buffer, imaEvent->template_data_len); + } + } + } + /* move the buffer even if getTemplate is false */ + if (rc == 0) { + *buffer += imaEvent->template_data_len; + *length -= imaEvent->template_data_len; + } + } + } + return rc; +} + +/* IMA_TemplateName_Parse() parses the template name and registers the template data callbacks */ + +static uint32_t IMA_TemplateName_Parse(TemplateDataParseFunction_t templateDataParseFunctions[], + size_t templateDataParseFunctionsSize, + ImaEvent *imaEvent) +{ + uint32_t rc = 0; + size_t i; + + /* initialize all the function pointers to NULL */ + for (i = 0 ; (rc == 0) && (i < templateDataParseFunctionsSize) ; i++) { + templateDataParseFunctions[i] = NULL; + } + /* parse the name into the callback structure */ + if (rc == 0) { + switch (imaEvent->nameInt) { + /* these are the pre-defined formats */ + case IMA_FORMAT_IMA_NG: + /* d-ng | n-ng */ + templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG; + templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG; + break; + case IMA_FORMAT_IMA_SIG: + /* d-ng | n-ng | sig */ + templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG; + templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG; + templateDataParseFunctions[2] = (TemplateDataParseFunction_t)IMA_ParseSIG; + break; + case IMA_FORMAT_IMA: + templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseD; + templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG; + break; + case IMA_FORMAT_MODSIG: + /* d-ng | n-ng | sig | d-modsig | modsig */ + templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG; + templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG; + templateDataParseFunctions[2] = (TemplateDataParseFunction_t)IMA_ParseSIG; + templateDataParseFunctions[3] = (TemplateDataParseFunction_t)IMA_ParseDMODSIG; + templateDataParseFunctions[4] = (TemplateDataParseFunction_t)IMA_ParseMODSIG; + break; + case IMA_FORMAT_BUF: + /* d-ng | n-ng | buf */ + templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG; + templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG; + templateDataParseFunctions[2] = (TemplateDataParseFunction_t)IMA_ParseBUF; + break; + /* these are potentially the custom templates */ + default: + rc = IMA_TemplateName_ParseCustom(templateDataParseFunctions, + templateDataParseFunctionsSize, + imaEvent); + } + } + return rc; +} + +/* the mapping between a format string and the template data parse function */ + +typedef struct { + const char *formatString; + TemplateDataParseFunction_t parseFunction; +} ImaFormatMap; + +static ImaFormatMap imaFormatMap[] = { + {"d", (TemplateDataParseFunction_t)IMA_ParseD}, + {"n", (TemplateDataParseFunction_t)IMA_ParseNNG}, + {"d-ng", (TemplateDataParseFunction_t)IMA_ParseDNG}, + {"n-ng", (TemplateDataParseFunction_t)IMA_ParseNNG}, + {"sig", (TemplateDataParseFunction_t)IMA_ParseSIG}, + {"d-modsig", (TemplateDataParseFunction_t)IMA_ParseDMODSIG}, + {"modsig", (TemplateDataParseFunction_t)IMA_ParseMODSIG}, + {"buf", (TemplateDataParseFunction_t)IMA_ParseBUF} +}; + +static uint32_t +IMA_TemplateName_ParseCustom(TemplateDataParseFunction_t templateDataParseFunctions[], + size_t templateDataParseFunctionsSize, + ImaEvent *imaEvent) +{ + uint32_t rc = 0; + size_t i; /* index into templateDataParseFunctions table */ + size_t j; /* index into imaFormatMap table */ + char *startName; + char *endName; + char templateName[TCG_EVENT_NAME_LEN_MAX + 1]; /* one | separated item with nul */ + + /* parse the custom templates */ + strcpy(templateName, imaEvent->name); /* modify'able */ + startName = templateName; + + for (i = 0 ; (rc == 0) && (i < templateDataParseFunctionsSize) ; i++) { + endName = strchr(startName, '|'); + if (endName != NULL) { /* found a | character */ + *endName = '\0'; /* nul terminate the next format string */ + } + printf("item %lu : %s\n", (unsigned long)i, startName); + /* search the table for the format string */ + for (j = 0 ; j < (sizeof(imaFormatMap) / sizeof(ImaFormatMap)) ; j++) { + int irc; + irc = strcmp(startName, imaFormatMap[j].formatString); + if (irc == 0) { + templateDataParseFunctions[i] = imaFormatMap[j].parseFunction; + } + } + /* if no format string found */ + if (templateDataParseFunctions[i] == NULL) { + printf("ERROR: IMA_TemplateName_ParseCustom: unknown format string %s\n", + startName); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + /* if found an item, move the pointer */ + if (rc == 0) { + startName = endName + 1; + } + if (endName == NULL) { /* no | character, last entry */ + break; + } + } + return rc; +} + +/* + template data callbacks +*/ + +/* IMA_ParseD() parses a d : digest (no length or algorithm) */ + +static uint32_t IMA_ParseD(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + littleEndian = littleEndian; /* unised */ + /* fileDataHash */ + if (rc == 0) { + /* bounds check the length */ + if (*length < SHA1_DIGEST_SIZE) { + printf("ERROR: IMA_ParseD: buffer too small for file data hash\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateDNG.fileDataHashLength = SHA1_DIGEST_SIZE; + memcpy(&(imaTemplateData->imaTemplateDNG.fileDataHash), *buffer, SHA1_DIGEST_SIZE); + *buffer += SHA1_DIGEST_SIZE; + *length -= SHA1_DIGEST_SIZE; + } + } + return rc; +} + +/* IMA_ParseDNG parses a d-ng : hash length + hash algorithm string + digest + + The digest is a file data hash. + */ + +static uint32_t IMA_ParseDNG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + size_t hashAlgSize; + /* read the hash length, algorithm + hash */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseDNG: buffer too small for hash length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateDNG.hashLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* read the hash algorithm, nul terminated string */ + if (rc == 0) { + /* NUL terminate first */ + memset(imaTemplateData->imaTemplateDNG.hashAlg, 0, + sizeof(((ImaTemplateData *)NULL)->imaTemplateDNG.hashAlg)); + rc = IMA_Strn2cpy(imaTemplateData->imaTemplateDNG.hashAlg, *buffer, + sizeof(((ImaTemplateData *)NULL)->imaTemplateDNG.hashAlg), /* destLength */ + imaTemplateData->imaTemplateDNG.hashLength); /* srcLength */ + if (rc != 0) { + printf("ERROR: IMA_ParseDNG: buffer too small for hash algorithm\n" + "\tor hash algorithm exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + hashAlgSize = strlen(imaTemplateData->imaTemplateDNG.hashAlg) + 1; + *buffer += hashAlgSize; + *length -= hashAlgSize; + } + } + /* fileDataHashLength */ + if (rc == 0) { + if (strcmp(imaTemplateData->imaTemplateDNG.hashAlg, "sha1:") == 0) { + imaTemplateData->imaTemplateDNG.fileDataHashLength = SHA1_DIGEST_SIZE; + imaTemplateData->imaTemplateDNG.hashAlgId = TPM_ALG_SHA1; + } + else if (strcmp(imaTemplateData->imaTemplateDNG.hashAlg, "sha256:") == 0) { + imaTemplateData->imaTemplateDNG.fileDataHashLength = SHA256_DIGEST_SIZE; + imaTemplateData->imaTemplateDNG.hashAlgId = TPM_ALG_SHA256; + } + else { + printf("ERROR: IMA_ParseDNG: Unknown file data hash algorithm: %s\n", + imaTemplateData->imaTemplateDNG.hashAlg); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + /* consistency check hashLength vs contents */ + if (rc == 0) { + if ((hashAlgSize + imaTemplateData->imaTemplateDNG.fileDataHashLength) != + imaTemplateData->imaTemplateDNG.hashLength) { + printf("ERROR: IMA_ParseDNG: " + "hashLength %u inconsistent with hashAlgSize %lu and fileDataHashLength %u\n", + imaTemplateData->imaTemplateDNG.hashLength, (unsigned long)hashAlgSize, + imaTemplateData->imaTemplateDNG.fileDataHashLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* fileDataHash */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateDNG.fileDataHashLength) { + printf("ERROR: IMA_ParseDNG: buffer too small for file data hash\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (imaTemplateData->imaTemplateDNG.fileDataHashLength > + sizeof(((ImaTemplateData *)NULL)->imaTemplateDNG.fileDataHash)) { + printf("ERROR: IMA_ParseDNG: " + "file data hash length exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateDNG.fileDataHash), *buffer, + imaTemplateData->imaTemplateDNG.fileDataHashLength); + *buffer += imaTemplateData->imaTemplateDNG.fileDataHashLength; + *length -= imaTemplateData->imaTemplateDNG.fileDataHashLength; + /* FIXME remove */ + TSS_PrintAll("IMA_ParseDNG: file data hash", + imaTemplateData->imaTemplateDNG.fileDataHash, + imaTemplateData->imaTemplateDNG.fileDataHashLength); + } + } + return rc; +} + +/* IMA_ParseNNG() parses a n-ng : length + filename */ + +static uint32_t IMA_ParseNNG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + /* fileNameLength (length includes the nul terminator) */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseNNG: buffer too small for file name length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateNNG.fileNameLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* fileName */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateNNG.fileNameLength) { + printf("ERROR: IMA_ParseNNG: buffer too small for file name\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + /* leave one byte for the nul terminator */ + else if (imaTemplateData->imaTemplateNNG.fileNameLength > + (sizeof(imaTemplateData->imaTemplateNNG.fileName)-1)) { + printf("ERROR: IMA_ParseNNG: file name length exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateNNG.fileName), *buffer, + imaTemplateData->imaTemplateNNG.fileNameLength); + /* ima template does not nul terminate the file name */ + imaTemplateData->imaTemplateNNG.fileName[imaTemplateData->imaTemplateNNG.fileNameLength] = '\0'; + *buffer += imaTemplateData->imaTemplateNNG.fileNameLength; + *length -= imaTemplateData->imaTemplateNNG.fileNameLength; + } + } + return rc; +} + +/* IMA_ParseSIG() parses a sig : signature header + signature */ + +static uint32_t IMA_ParseSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + /* sigLength */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseSIG: " + "buffer too small for signature length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateSIG.sigLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + /* FIXME remove */ + printf("IMA_ParseSIG: sigLength %u\n", imaTemplateData->imaTemplateSIG.sigLength); + } + } + /* sigHeader - only parsed if its length is not zero */ + if (imaTemplateData->imaTemplateSIG.sigLength != 0) { + if (rc == 0) { + imaTemplateData->imaTemplateSIG.sigHeaderLength = + sizeof((ImaTemplateData *)NULL)->imaTemplateSIG.sigHeader; + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateSIG.sigHeaderLength) { + printf("ERROR: IMA_ParseSIG: " + "buffer too small for signature header\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateSIG.sigHeader), *buffer, + imaTemplateData->imaTemplateSIG.sigHeaderLength); + *buffer += imaTemplateData->imaTemplateSIG.sigHeaderLength; + *length -= imaTemplateData->imaTemplateSIG.sigHeaderLength; + } + } + /* get signature length from last two bytes */ + if (rc == 0) { + /* magic number for offset: type(1) version(1) hash alg (1) pubkey id (4) */ + imaTemplateData->imaTemplateSIG.signatureSize = + ntohs(*(uint16_t *)(imaTemplateData->imaTemplateSIG.sigHeader + 7)); + } + /* consistency check signature header contents */ + if (rc == 0) { + int goodHashAlgo = (((imaTemplateData->imaTemplateSIG.sigHeader[2] == HASH_ALGO_SHA1) && + (imaTemplateData->imaTemplateDNG.hashAlgId == TPM_ALG_SHA1)) || + ((imaTemplateData->imaTemplateSIG.sigHeader[2] == HASH_ALGO_SHA256) && + (imaTemplateData->imaTemplateDNG.hashAlgId == TPM_ALG_SHA256))); + int goodSigSize = ((imaTemplateData->imaTemplateSIG.signatureSize == 128) || + (imaTemplateData->imaTemplateSIG.signatureSize == 256)); + /* xattr type */ + if ( + (imaTemplateData->imaTemplateSIG.sigHeader[0] != EVM_IMA_XATTR_DIGSIG) || /* [0] type */ + (imaTemplateData->imaTemplateSIG.sigHeader[1] != 2) || /* [1] version */ + !goodHashAlgo || /* [2] hash algorithm */ + /* [3]-[6] are the public key fingerprint. Any value is legal. */ + !goodSigSize /* [7][8] sig size */ + ) { + printf("ERROR: IMA_ParseSIG: invalid sigHeader\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* signature */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateSIG.signatureSize) { + printf("ERROR: IMA_ParseSIG: " + "buffer too small for signature \n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + /* sanity check the signatureSize against the sigLength */ + else if (imaTemplateData->imaTemplateSIG.sigLength != + (sizeof((ImaTemplateData *)NULL)->imaTemplateSIG.sigHeader + + imaTemplateData->imaTemplateSIG.signatureSize)) { + printf("ERROR: IMA_ParseSIG: " + "sigLength inconsistent with signatureSize\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateSIG.signature), *buffer, + imaTemplateData->imaTemplateSIG.signatureSize); + *buffer += imaTemplateData->imaTemplateSIG.signatureSize; + *length -= imaTemplateData->imaTemplateSIG.signatureSize; + /* FIXME remove */ + TSS_PrintAll("IMA_ParseSIG: file data hash", + imaTemplateData->imaTemplateSIG.signature, + imaTemplateData->imaTemplateSIG.signatureSize); + + } + } + } + return rc; +} + +/* IMA_ParseDMODSIG parses a d-ng : hash length + hash algorithm string + digest + + The digest is a file data hash omitting the appended modsig signature. + + NOTE: This is currently thre same as IMA_ParseDNG but may have different processing in the + future. +*/ + +static uint32_t IMA_ParseDMODSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + size_t hashAlgSize; + + /* read the hash length, algorithm + hash */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseDMODSIG: buffer too small for hash length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* FIXME is zero length an error? */ + if (imaTemplateData->imaTemplateDMODSIG.dModSigHashLength != 0) { + + /* read the hash algorithm, nul terminated string */ + if (rc == 0) { + /* NUL terminate first */ + memset(imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg, 0, + sizeof(((ImaTemplateData *)NULL)->imaTemplateDMODSIG.dModSigHashAlgId)); + rc = IMA_Strn2cpy(imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg, *buffer, + /* destLength */ + sizeof(((ImaTemplateData *)NULL)->imaTemplateDMODSIG.dModSigHashAlg), + /* srcLength */ + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength); + if (rc != 0) { + printf("ERROR: IMA_ParseDMODSIG: buffer too small for hash algorithm\n" + "\tor hash algorithm exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + hashAlgSize = strlen(imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg) + 1; + *buffer += hashAlgSize; + *length -= hashAlgSize; + } + } + /* dModSigFileDataHashLength */ + if (rc == 0) { + if (strcmp(imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg, "sha1:") == 0) { + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength = SHA1_DIGEST_SIZE; + imaTemplateData->imaTemplateDMODSIG.dModSigHashAlgId = TPM_ALG_SHA1; + } + else if (strcmp(imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg, "sha256:") == 0) { + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength = SHA256_DIGEST_SIZE; + imaTemplateData->imaTemplateDMODSIG.dModSigHashAlgId = TPM_ALG_SHA256; + } + else { + printf("ERROR: IMA_ParseDMODSIG: Unknown file data hash algorithm: %s\n", + imaTemplateData->imaTemplateDMODSIG.dModSigHashAlg); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + /* consistency check dModSigFileDataHashLength vs contents */ + if (rc == 0) { + if ((hashAlgSize + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength) != + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength) { + printf("ERROR: IMA_ParseDMODSIG: " + "dModSigFileDataHashLength %u inconsistent with hashAlgSize %lu " + "and dModSigFileDataHashLength %u\n", + imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength, + (unsigned long)hashAlgSize, + imaTemplateData->imaTemplateDMODSIG.dModSigHashLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* dModSigFileDataHashLength */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength ) { + printf("ERROR: IMA_ParseDMODSIG: buffer too small for file data hash\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength > + sizeof(((ImaTemplateData *)NULL)->imaTemplateDMODSIG.dModSigFileDataHash)) { + printf("ERROR: IMA_ParseDMODSIG: " + "file data hash length exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHash), + *buffer, imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength); + *buffer += imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength ; + *length -= imaTemplateData->imaTemplateDMODSIG.dModSigFileDataHashLength ; + } + } + } + return rc; +} + +/* IMA_ParseMODSIG parses a modsig : 4 byte length + DER encoded CMS document, RFC 5652 */ + +static uint32_t IMA_ParseMODSIG(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + + /* read the length */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseMODSIG: buffer too small for length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateMODSIG.modSigLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* read the DER */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateMODSIG.modSigLength) { + printf("ERROR: IMA_ParseMODSIG: buffer too small for modSig data\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (imaTemplateData->imaTemplateMODSIG.modSigLength > + sizeof(((ImaTemplateData *)NULL)->imaTemplateMODSIG.modSigData)) { + printf("ERROR: IMA_ParseMODSIG: " + "modSigData length exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateMODSIG.modSigData), *buffer, + imaTemplateData->imaTemplateMODSIG.modSigLength); + *buffer += imaTemplateData->imaTemplateMODSIG.modSigLength; + *length -= imaTemplateData->imaTemplateMODSIG.modSigLength; + } + } + return rc; +} + +/* IMA_ParseBUF parses a modsig : 4 byte length + DER encoded CMS document, RFC 5652 */ + +static uint32_t IMA_ParseBUF(ImaTemplateData *imaTemplateData, + uint8_t **buffer, + size_t *length, + int littleEndian) +{ + uint32_t rc = 0; + + /* FIXME factor reading a 4 byte length plus data stream */ + /* read the length */ + if (rc == 0) { + /* bounds check the length */ + if (*length < sizeof(uint32_t)) { + printf("ERROR: IMA_ParseBUF: buffer too small for length\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + imaTemplateData->imaTemplateBUF.bufLength = IMA_Uint32_Convert(*buffer, littleEndian); + *buffer += sizeof(uint32_t); + *length -= sizeof(uint32_t); + } + } + /* read the DER */ + if (rc == 0) { + /* bounds check the length */ + if (*length < imaTemplateData->imaTemplateBUF.bufLength) { + printf("ERROR: IMA_ParseBUF: buffer too small for buf data\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else if (imaTemplateData->imaTemplateBUF.bufLength > + sizeof(((ImaTemplateData *)NULL)->imaTemplateBUF.bufData)) { + printf("ERROR: IMA_ParseBUF: " + "bufData length exceeds maximum size\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + else { + memcpy(&(imaTemplateData->imaTemplateBUF.bufData), *buffer, + imaTemplateData->imaTemplateBUF.bufLength); + *buffer += imaTemplateData->imaTemplateBUF.bufLength; + *length -= imaTemplateData->imaTemplateBUF.bufLength; + } + } + return rc; +} + +/* IMA_TemplateData_ReadBuffer() unmarshals the template data fields from the template data byte + array. + +*/ + +uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData, + ImaEvent *imaEvent, + int littleEndian) +{ + uint32_t rc = 0; + size_t length = imaEvent->template_data_len; + uint8_t *buffer = imaEvent->template_data; + TemplateDataParseFunction_t templateDataParseFunctions[IMA_PARSE_FUNCTIONS_MAX]; + size_t i; + + /* initialize all fields, since not all fields are included in all templates */ + if (rc == 0) { + IMA_TemplateData_Init(imaTemplateData); + } + if (rc == 0) { + rc = IMA_TemplateName_Parse(templateDataParseFunctions, IMA_PARSE_FUNCTIONS_MAX, + imaEvent); + } + for (i = 0 ; (rc == 0) && (templateDataParseFunctions[i] != NULL) ; i++) { + rc = templateDataParseFunctions[i](imaTemplateData, &buffer, &length, littleEndian); + } + /* length should now be zero */ + if (rc == 0) { + if (length != 0) { + printf("ERROR: IMA_TemplateData_ReadBuffer: " + "buffer too large (bytes remaining after unmarshaling)\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + return rc; +} + +/* IMA_Event_Write() writes an event line to a binary file outFile. + + The write is always big endian, network byte order. +*/ + +uint32_t IMA_Event_Write(ImaEvent *imaEvent, + FILE *outFile) +{ + int rc = 0; + size_t writeSize; + uint32_t nbo32; /* network byte order */ + + if (rc == 0) { + /* do the endian conversion */ + nbo32 = htonl(imaEvent->pcrIndex); + /* write the IMA pcr index */ + writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not write pcrIndex, returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + /* write the IMA digest, name length */ + if (rc == 0) { + writeSize = fwrite(&(imaEvent->digest), sizeof(((ImaEvent *)NULL)->digest), 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not write digest, returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + /* write the IMA name length */ + if (rc == 0) { + /* do the endian conversion */ + nbo32 = htonl(imaEvent->name_len); + /* write the IMA name length */ + writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not write name length, returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + /* write the name */ + if (rc == 0) { + writeSize = fwrite(&(imaEvent->name), imaEvent->name_len, 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not write name, returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + /* write the template data length */ + if (rc == 0) { + /* do the endian conversion */ + nbo32 = htonl(imaEvent->template_data_len); + /* write the IMA template data length */ + writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not template data length , returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + /* write the template data */ + if (rc == 0) { + writeSize = fwrite(&(imaEvent->template_data), imaEvent->template_data_len, 1, outFile); + if (writeSize != 1) { + printf("ERROR: IMA_Event_Write: could not write template data, returned %lu\n", + (unsigned long)writeSize); + rc = TSS_RC_FILE_WRITE; + } + } + return rc; +} + +/* IMA_Extend() extends the event into the imaPcr. + + An IMA quirk is that, if the event is all zero, all ones is extended into the SHA-1 bank. Since + the SHA-256 bank currently gets the SHA-1 value zero extended, it will get 20 ff's and 12 00's. + + halg indicates whether to calculate the digest for the SHA-1 or SHA-256 PCR bank. The IMA event + log itself is always SHA-1. + + This function assumes that the same hash algorithm / PCR bank is used for all calls. +*/ + +uint32_t IMA_Extend(TPMT_HA *imapcr, + ImaEvent *imaEvent, + TPMI_ALG_HASH hashAlg) +{ + uint32_t rc = 0; + uint16_t digestSize; + uint16_t zeroPad; + int notAllZero; + unsigned char zeroDigest[SHA256_DIGEST_SIZE]; + unsigned char oneDigest[SHA256_DIGEST_SIZE]; + + /* FIXME sanity check TPM_IMA_PCR imaEvent->pcrIndex */ + + /* extend based on the previous IMA PCR value */ + if (rc == 0) { + memset(zeroDigest, 0, SHA256_DIGEST_SIZE); + memset(oneDigest, 0xff, SHA256_DIGEST_SIZE); + if (hashAlg == TPM_ALG_SHA1) { + digestSize = SHA1_DIGEST_SIZE; + zeroPad = 0; + } + else if (hashAlg == TPM_ALG_SHA256) { + digestSize = SHA256_DIGEST_SIZE; + /* pad the SHA-1 event with zeros for the SHA-256 bank */ + zeroPad = SHA256_DIGEST_SIZE - SHA1_DIGEST_SIZE; + } + else { + printf("ERROR: IMA_Extend: Unsupported hash algorithm: %04x\n", hashAlg); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + if (rc == 0) { + notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE); + imapcr->hashAlg = hashAlg; +#if 1 + TSS_PrintAll("IMA_Extend: Start PCR", (uint8_t *)&imapcr->digest, digestSize); + TSS_PrintAll("IMA_Extend: SHA-256 Pad", zeroDigest, zeroPad); +#endif + if (notAllZero) { + TSS_PrintAll("IMA_Extend: Extend", (uint8_t *)&imaEvent->digest, SHA1_DIGEST_SIZE); + rc = TSS_Hash_Generate(imapcr, + digestSize, (uint8_t *)&imapcr->digest, + SHA1_DIGEST_SIZE, &imaEvent->digest, + /* SHA-1 PCR extend gets zero padded */ + zeroPad, zeroDigest, + 0, NULL); +#if 1 + TSS_PrintAll("IMA_Extend: notAllZero End PCR", + (uint8_t *)&imapcr->digest, digestSize); +#endif + } + /* IMA has a quirk where, when it places all all zero digest into the measurement log, it + extends all ones into IMA PCR */ + else { + TSS_PrintAll("IMA_Extend: Extend", (uint8_t *)oneDigest, SHA1_DIGEST_SIZE); + rc = TSS_Hash_Generate(imapcr, + digestSize, (uint8_t *)&imapcr->digest, + SHA1_DIGEST_SIZE, oneDigest, + /* SHA-1 gets zero padded */ + zeroPad, zeroDigest, + 0, NULL); +#if 1 + TSS_PrintAll("IMA_Extend: allZero End PCR", + (uint8_t *)&imapcr->digest, digestSize); +#endif + } + } + if (rc != 0) { + printf("ERROR: IMA_Extend: could not extend imapcr, rc %08x\n", rc); + } + return rc; +} + +/* IMA_VerifyImaDigest() verifies the IMA digest against the hash of the template data. + + This handles the SHA-1 IMA event log. +*/ + +uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, /* TRUE if hash does not match */ + ImaEvent *imaEvent, /* the current IMA event being processed */ + int eventNum) /* the current IMA event number being processed */ +{ + uint32_t rc = 0; + int irc; + TPMT_HA calculatedImaDigest; + + /* calculate the hash of the template data */ + if (rc == 0) { + calculatedImaDigest.hashAlg = TPM_ALG_SHA1; + /* standard case, hash of entire template data */ + if (imaEvent->nameInt != IMA_FORMAT_IMA) { + rc = TSS_Hash_Generate(&calculatedImaDigest, + imaEvent->template_data_len, imaEvent->template_data, + 0, NULL); + } + /* special case of "ima" template, hash of File Data Hash || File Name padded with zeros to + 256 bytes */ + else { + ImaTemplateData imaTemplateData; + int zeroPadLength; + uint8_t zeroPad[256]; + if (rc == 0) { + rc = IMA_TemplateData_ReadBuffer(&imaTemplateData, + imaEvent, + TRUE); /* FIXME littleEndian */ + } + if (rc == 0) { + if (imaTemplateData.imaTemplateNNG.fileNameLength > sizeof(zeroPad)) { + printf("ERROR: IMA_VerifyImaDigest: ima template file name length %lu > %lu\n", + (unsigned long)imaTemplateData.imaTemplateNNG.fileNameLength, + (unsigned long)sizeof(zeroPad)); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + memset(zeroPad, 0, sizeof(zeroPad)); + /* subtract safe after above length check */ + zeroPadLength = sizeof(zeroPad) - imaTemplateData.imaTemplateNNG.fileNameLength; + } + if (rc == 0) { + rc = TSS_Hash_Generate(&calculatedImaDigest, + SHA1_DIGEST_SIZE, &imaTemplateData.imaTemplateDNG.fileDataHash, + imaTemplateData.imaTemplateNNG.fileNameLength, + &imaTemplateData.imaTemplateNNG.fileName, + zeroPadLength, zeroPad, + 0, NULL); + } + } + } + /* compare the calculated hash to the event digest received from the client */ + if (rc == 0) { + if (tssUtilsVerbose) TSS_PrintAll("IMA_VerifyImaDigest: Received IMA digest", + imaEvent->digest, SHA1_DIGEST_SIZE); + if (tssUtilsVerbose) TSS_PrintAll("IMA_VerifyImaDigest: Calculated IMA digest", + (uint8_t *)&calculatedImaDigest.digest, SHA1_DIGEST_SIZE); + + irc = memcmp(imaEvent->digest, &calculatedImaDigest.digest, SHA1_DIGEST_SIZE); + if (irc == 0) { + if (tssUtilsVerbose) printf("IMA_VerifyImaDigest: IMA digest verified, event %u\n", eventNum); + *badEvent = FALSE; + } + else { + printf("ERROR: IMA_VerifyImaDigest: IMA digest did not verify, event %u\n", + eventNum); + *badEvent = TRUE; + } + } + return rc; +} + +/* IMA_Uint32_Convert() converts a uint8_t (from an input stream) to host byte order + */ + +static uint32_t IMA_Uint32_Convert(const uint8_t *stream, + int littleEndian) +{ + uint32_t out = 0; + + /* little endian input */ + if (littleEndian) { + out = (stream[0] << 0) | + (stream[1] << 8) | + (stream[2] << 16) | + (stream[3] << 24); + } + /* big endian input */ + else { + out = (stream[0] << 24) | + (stream[1] << 16) | + (stream[2] << 8) | + (stream[3] << 0); + } + return out; +} + +/* IMA_Strn2cpy() copies src to dest, including a NUL terminator + + It checks that src is nul terminated within srcLength bytes. + It checks that src fits into dest within destLength bytes + + Returns error if either the src is not nul terminated or will not fit in dest. +*/ + +static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src, + size_t destLength, size_t srcLength) +{ + uint32_t rc = 0; + int done = 0; + + while ((destLength > 0) && (srcLength > 0)) { + *dest = *src; + if (*dest == '\0') { + done = 1; + break; + } + else { + dest++; + src++; + destLength--; + srcLength--; + } + } + if (!done) { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + return rc; +} + +/* IMA_Event_Marshal() marshals an ImaEvent structure */ + +TPM_RC IMA_Event_Marshal(ImaEvent *source, + uint16_t *written, uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->digest, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->name_len, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu((uint8_t *)source->name, source->name_len, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->template_data_len, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->template_data, source->template_data_len, + written, buffer, size); + } + return rc; +} + +/* IMA_Event_PcrExtend() extends PCR digests with the digest from the ImaEvent event log + entry. + + Bank 0 is SHA-1. Bank 1 is SHA-256. + + The function supports all PCRs, even though the PCRs are limited in practice. + +*/ + +uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR], + ImaEvent *imaEvent) +{ + TPM_RC rc = 0; + uint8_t eventData[SHA256_DIGEST_SIZE]; + + /* validate PCR number */ + if (rc == 0) { + if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) { + printf("ERROR: IMA_Event_PcrExtend: PCR number %u %08x out of range\n", + imaEvent->pcrIndex, imaEvent->pcrIndex); + rc = TSS_RC_BAD_PROPERTY; + } + } + /* process each event hash algorithm */ + if (rc == 0) { + unsigned char zeroDigest[SHA1_DIGEST_SIZE]; + int notAllZero; + memset(zeroDigest, 0, SHA1_DIGEST_SIZE); + notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE); + /* for the SHA-256 zero extend */ + memset(eventData, 0, SHA256_DIGEST_SIZE); + + /* IMA has a quirk where some measurements store a zero digest in the event log, but + extend ones into PCR 10 */ + if (notAllZero) { + memcpy(eventData, imaEvent->digest, SHA1_DIGEST_SIZE); + } + else { + memset(eventData, 0xff, SHA1_DIGEST_SIZE); + } + } + /* SHA-1 */ + if (rc == 0) { + rc = TSS_Hash_Generate(&pcrs[0][imaEvent->pcrIndex], + SHA1_DIGEST_SIZE, + (uint8_t *)&pcrs[0][imaEvent->pcrIndex].digest, + SHA1_DIGEST_SIZE, + eventData, + 0, NULL); + } + /* SHA-256 */ + if (rc == 0) { + rc = TSS_Hash_Generate(&pcrs[1][imaEvent->pcrIndex], + SHA256_DIGEST_SIZE, + (uint8_t *)&pcrs[1][imaEvent->pcrIndex].digest, + SHA256_DIGEST_SIZE, + eventData, + 0, NULL); + } + return rc; +} + +#if 0 +/* IMA_Event_ToString() converts the ImaEvent structure to a hexascii string, big endian. */ + +uint32_t IMA_Event_ToString(char **eventString, /* freed by caller */ + ImaEvent *imaEvent) +{ + int rc = 0; + size_t length; + + /* calculate size of string, from ImaEvent structure */ + if (rc == 0) { + length = ((sizeof(uint32_t) + SHA1_DIGEST_SIZE + sizeof(uint32_t) + + TCG_EVENT_NAME_LEN_MAX + 1 + sizeof(uint32_t) + + imaEvent->template_data_len) * 2) + 1; + } + if (rc == 0) { + *eventString = malloc(length); + if (*eventString == NULL) { + printf("ERROR: IMA_Event_ToString: error allocating %lu bytes\n", length); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + memset(*eventString, '\0', length); + char *p = *eventString; + + sprintf(p, "%08lx", (long unsigned int)imaEvent->pcrIndex); + p += sizeof(uint32_t)* 2; + + Array_Print(p, NULL, imaEvent->digest, SHA1_DIGEST_SIZE); + p += SHA1_DIGEST_SIZE * 2; + + sprintf(p, "%08lx", (long unsigned int)imaEvent->name_len); + p += sizeof(uint32_t) * 2; + + Array_Print(p, NULL, FALSE, (uint8_t *)imaEvent->name, imaEvent->name_len); + p += imaEvent->name_len * 2; + + sprintf(p, "%08lx", (long unsigned int)imaEvent->template_data_len); + p += sizeof(uint32_t) * 2; + + Array_Print(p, NULL, FALSE, imaEvent->template_data, imaEvent->template_data_len); + p += imaEvent->template_data_len * 2; + /* printf("IMA_Event_ToString: result\n:%s:\n", *eventString); */ + } + return rc; +} + +#endif + diff --git a/libstb/tss2/ibmtpm20tss/utils/imalib.h b/libstb/tss2/ibmtpm20tss/utils/imalib.h new file mode 100644 index 000000000000..5796f704a156 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/imalib.h @@ -0,0 +1,222 @@ +/********************************************************************************/ +/* */ +/* IMA Routines */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef IMA_H +#define IMA_H + +#include +#include +#include +#include + +#include + +#include + +/* FIXME meed OS independent value */ +/* Debian/Hurd does not define MAXPATHLEN */ +#ifndef MAXPATHLEN +#define MAXPATHLEN 4096 +#endif + +#define IMA_PCR 10 +/* IMA currently supports only SHA-1 and SHA-256 */ +#define IMA_PCR_BANKS 2 + +/* FIXME need verification */ +#define TCG_EVENT_NAME_LEN_MAX 255 + +#define TCG_TEMPLATE_DATA_LEN_MAX (sizeof(ImaTemplateData)) + +/* from security/integrity/integrity.h: */ + +enum evm_ima_xattr_type { + IMA_XATTR_DIGEST = 0x01, + EVM_XATTR_HMAC, + EVM_IMA_XATTR_DIGSIG, + IMA_XATTR_DIGEST_NG, + IMA_XATTR_LAST +}; + +/* from include/uapi/linux/hash_info.h: */ + +enum hash_algo { + HASH_ALGO_MD4, + HASH_ALGO_MD5, + HASH_ALGO_SHA1, + HASH_ALGO_RIPE_MD_160, + HASH_ALGO_SHA256, + HASH_ALGO_SHA384, + HASH_ALGO_SHA512, + HASH_ALGO_SHA224, + HASH_ALGO_RIPE_MD_128, + HASH_ALGO_RIPE_MD_256, + HASH_ALGO_RIPE_MD_320, + HASH_ALGO_WP_256, + HASH_ALGO_WP_384, + HASH_ALGO_WP_512, + HASH_ALGO_TGR_128, + HASH_ALGO_TGR_160, + HASH_ALGO_TGR_192, + HASH_ALGO__LAST +}; + +/* IMA template names */ + +#define IMA_UNSUPPORTED 0 +#define IMA_FORMAT_IMA_NG 1 +#define IMA_FORMAT_IMA_SIG 2 +#define IMA_FORMAT_IMA 3 +#define IMA_FORMAT_MODSIG 4 +#define IMA_FORMAT_BUF 5 + +//typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ + +typedef struct ImaEvent { + uint32_t pcrIndex; + uint8_t digest[SHA1_DIGEST_SIZE]; /* IMA hard coded to SHA-1 */ + uint32_t name_len; + char name[TCG_EVENT_NAME_LEN_MAX + 1]; + unsigned int nameInt; /* integer for template data handler */ + struct ima_template_desc *template_desc; /* template descriptor */ + uint32_t template_data_len; + uint8_t *template_data; /* template related data */ +} ImaEvent; + +typedef struct ImaTemplateDNG { + uint32_t hashLength; + char hashAlg[64+1]; /* FIXME need verification */ + TPMI_ALG_HASH hashAlgId; + uint32_t fileDataHashLength; + uint8_t fileDataHash[SHA256_DIGEST_SIZE]; +} ImaTemplateDNG; + +typedef struct ImaTemplateNNG { + uint32_t fileNameLength; + uint8_t fileName[MAXPATHLEN+1]; +} ImaTemplateNNG; + +typedef struct ImaTemplateSIG { + uint32_t sigLength; + uint32_t sigHeaderLength; + uint8_t sigHeader[9]; /* FIXME need verification, length and contents */ + uint16_t signatureSize; + uint8_t signature[256]; /* FIXME need verification */ +} ImaTemplateSIG; + +typedef struct ImaTemplateDMODSIG { + uint32_t dModSigHashLength; + char dModSigHashAlg[64+1]; /* FIXME need verification */ + TPMI_ALG_HASH dModSigHashAlgId; + uint32_t dModSigFileDataHashLength; + uint8_t dModSigFileDataHash[SHA256_DIGEST_SIZE]; +} ImaTemplateDMODSIG; + +typedef struct ImaTemplateMODSIG { + uint32_t modSigLength; + uint8_t modSigData[4096]; /* FIXME guess */ + +} ImaTemplateMODSIG; + +typedef struct ImaTemplateBUF { + uint32_t bufLength; + uint8_t bufData[4096]; /* FIXME guess */ +} ImaTemplateBUF; + +typedef struct ImaTemplateData { + /* d-ng */ + ImaTemplateDNG imaTemplateDNG; + /* n-ng */ + ImaTemplateNNG imaTemplateNNG; + /* sig */ + ImaTemplateSIG imaTemplateSIG; + /* d-modsig */ + ImaTemplateDMODSIG imaTemplateDMODSIG; + /* modsig */ + ImaTemplateMODSIG imaTemplateMODSIG; + /* buf */ + ImaTemplateBUF imaTemplateBUF; + +} ImaTemplateData; + +#ifdef __cplusplus +extern "C" { +#endif + + void IMA_Event_Init(ImaEvent *imaEvent); + void IMA_Event_Free(ImaEvent *imaEvent); + void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate); + void IMA_TemplateData_Init(ImaTemplateData *imaTemplateData); + void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData, + unsigned int nameInt); + uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent, + int *endOfFile, + FILE *infile, + int littleEndian); + uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent, + size_t *length, + uint8_t **buffer, + int *endOfBuffer, + int littleEndian, + int getTemplate); + uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData, + ImaEvent *imaEvent, + int littleEndian); + uint32_t IMA_Event_Write(ImaEvent *imaEvent, + FILE *outFile); + uint32_t IMA_Extend(TPMT_HA *imapcr, + ImaEvent *imaEvent, + TPMI_ALG_HASH hashAlg); + uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, + ImaEvent *imaEvent, + int eventNum); + TPM_RC IMA_Event_Marshal(ImaEvent *source, + uint16_t *written, uint8_t **buffer, uint32_t *size); + + uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR], + ImaEvent *imaEvent); +#if 0 + uint32_t IMA_Event_ToString(char **eventString, + ImaEvent *imaEvent); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/import.c b/libstb/tss2/ibmtpm20tss/utils/import.c new file mode 100644 index 000000000000..3ffb8b587d76 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/import.c @@ -0,0 +1,377 @@ +/********************************************************************************/ +/* */ +/* Import */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Import_In in; + Import_Out out; + TPMI_DH_OBJECT parentHandle = 0; + const char *parentPassword = NULL; + const char *encryptionKeyFilename = NULL; + const char *objectPublicFilename = NULL; + const char *duplicateFilename = NULL; + const char *inSymSeedFilename = NULL; + const char *outPrivateFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + in.symmetricAlg.algorithm = TPM_ALG_NULL; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) && + (encryptionKeyFilename != NULL)) { + printf("-ik needs -salg\n"); + printUsage(); + } + if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) && + (encryptionKeyFilename == NULL)) { + printf("-salg needs -ik\n"); + printUsage(); + } + if (parentHandle == 0) { + printf("Missing or bad object handle parameter -hp\n"); + printUsage(); + } + if (objectPublicFilename == NULL) { + printf("Missing parameter -ipu\n"); + printUsage(); + } + if (duplicateFilename == NULL) { + printf("Missing parameter -id\n"); + printUsage(); + } + if (inSymSeedFilename == NULL) { + printf("Missing parameter -iss\n"); + printUsage(); + } + if (outPrivateFilename == NULL) { + printf("Missing parameter -opr\n"); + printUsage(); + } + if (rc == 0) { + in.parentHandle = parentHandle; + } + /* optional symmetric encryption key */ + if (rc == 0) { + if (encryptionKeyFilename != NULL) { + rc = TSS_File_Read2B(&in.encryptionKey.b, + sizeof(in.encryptionKey.t.buffer), + encryptionKeyFilename); + } + else { + in.encryptionKey.t.size = 0; + } + } + if (rc == 0) { + rc = TSS_File_ReadStructureFlag(&in.objectPublic, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + FALSE, /* NULL not permitted */ + objectPublicFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.duplicate.b, + sizeof(in.duplicate.t.buffer), + duplicateFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.inSymSeed.b, + sizeof(in.inSymSeed.t.secret), + inSymSeedFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Import, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + rc = TSS_File_WriteStructure(&out.outPrivate, + (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshalu, + outPrivateFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("import: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("import: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("import\n"); + printf("\n"); + printf("Runs TPM2_Import\n"); + printf("\n"); + printf("\t-hp\tparent handle\n"); + printf("\t[-pwdp\tpassword for parent (default empty)]\n"); + printf("\t[-ik\tencryption key in file name]\n"); + printf("\t-ipu\tobject public area file name\n"); + printf("\t-id\tduplicate file name\n"); + printf("\t-iss\tsymmetric seed file name\n"); + printf("\t[-salg\tsymmetric algorithm (default none)]\n"); + printf("\t-opr\tprivate area file name\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/importpem.c b/libstb/tss2/ibmtpm20tss/utils/importpem.c new file mode 100644 index 000000000000..d0ec66d2641e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/importpem.c @@ -0,0 +1,482 @@ +/********************************************************************************/ +/* */ +/* Import a PEM keypair */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* Use OpenSSL to create an RSA or ECC keypair like this + + > openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 + > openssl ecparam -name prime256v1 -genkey -noout | + openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "cryptoutils.h" +#include "objecttemplates.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Import_In in; + Import_Out out; + TPMI_DH_OBJECT parentHandle = 0; + const char *parentPassword = NULL; + const char *pemKeyFilename = NULL; + const char *pemKeyPassword = ""; /* default empty password */ + const char *outPublicFilename = NULL; + const char *outPrivateFilename = NULL; + const char *policyFilename = NULL; + int keyType = TYPE_SI; + uint32_t keyTypeSpecified = 0; + TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_RSASSA; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + FILE *pemKeyFile = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (parentHandle == 0) { + printf("Missing or bad object handle parameter -hp\n"); + printUsage(); + } + if (pemKeyFilename == NULL) { + printf("Missing parameter -ipem\n"); + printUsage(); + } + if (keyTypeSpecified > 1) { + printf("Too many key attributes\n"); + printUsage(); + } + if (outPublicFilename == NULL) { + printf("Missing parameter -opu\n"); + printUsage(); + } + if (outPrivateFilename == NULL) { + printf("Missing parameter -opr\n"); + printUsage(); + } + if (rc == 0) { + in.parentHandle = parentHandle; + in.encryptionKey.t.size = 0; + in.inSymSeed.t.size = 0; + in.symmetricAlg.algorithm = TPM_ALG_NULL; + } + if (rc == 0) { + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaPemToKeyPair(&in.objectPublic, + &in.duplicate, + keyType, + scheme, + nalg, + halg, + pemKeyFilename, + pemKeyPassword); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcPemToKeyPair(&in.objectPublic, + &in.duplicate, + keyType, + scheme, + nalg, + halg, + pemKeyFilename, + pemKeyPassword); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("-rsa algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + } + /* instantiate optional policy */ + if (rc == 0) { + rc = getPolicy(&in.objectPublic.publicArea, policyFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Import, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* output the TPM2B_PUBLIC */ + if (rc == 0) { + rc = TSS_File_WriteStructure(&in.objectPublic, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + outPublicFilename); + } + /* output the TPM2B_PRIVATE, which is now wrapped by the parent */ + if (rc == 0) { + rc = TSS_File_WriteStructure(&out.outPrivate, + (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshalu, + outPrivateFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("importpem: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("importpem: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + if (pemKeyFile != NULL) { + fclose(pemKeyFile); /* @2 */ + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("importpem\n"); + printf("\n"); + printf("Runs TPM2_Import for a PEM key\n"); + printf("\n"); + printf("\t-hp\tparent handle\n"); + printf("\t[-pwdp\tpassword for parent (default empty)]\n"); + printf("\t-ipem\tPEM format key pair\n"); + printf("\n"); + printf("\t[Asymmetric Key Algorithm]\n"); + printf("\n"); + printf("\t[-rsa\t(default)]\n"); + printf("\t[-ecc\t]\n"); + printf("\n"); + printf("\t[-si\tsigning (default)]\n"); + printf("\t[-scheme signing scheme (rsassa rsapss) (RSA default RSASSA) (ECC ECDSA)]\n"); + printf("\t[-st\tstorage (NULL scheme)]\n"); + printf("\t[-den\tdecryption, (unrestricted, RSA and ECC NULL scheme)\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t-opu\tpublic area file name\n"); + printf("\t-opr\tprivate area file name\n"); + printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-pol\tpolicy file (default empty)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/load.c b/libstb/tss2/ibmtpm20tss/utils/load.c new file mode 100644 index 000000000000..1b87c8d38a41 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/load.c @@ -0,0 +1,280 @@ +/********************************************************************************/ +/* */ +/* Load */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: load.c 1324 2018-08-31 16:36:12Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Load_In in; + Load_Out out; + TPMI_DH_OBJECT parentHandle = 0; + const char *publicKeyFilename = NULL; + const char *privateKeyFilename = NULL; + const char *parentPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (parentHandle == 0) { + printf("Missing handle parameter -hp\n"); + printUsage(); + } + if (privateKeyFilename == NULL) { + printf("Missing private key parameter -ipr\n"); + printUsage(); + } + if (publicKeyFilename == NULL) { + printf("Missing private key parameter -ipu\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.inPrivate, + (UnmarshalFunction_t)TSS_TPM2B_PRIVATE_Unmarshalu, + privateKeyFilename); + } + if (rc == 0) { + rc = TSS_File_ReadStructureFlag(&in.inPublic, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + FALSE, /* NULL not permitted */ + publicKeyFilename); + } + if (rc == 0) { + in.parentHandle = parentHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Load, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + printf("Handle %08x\n", out.objectHandle); + if (tssUtilsVerbose) printf("load: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("load: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("load\n"); + printf("\n"); + printf("Runs TPM2_Load\n"); + printf("\n"); + printf("\t-hp\tparent handle\n"); + printf("\t[-pwdp\tpassword for parent key (default empty)]\n"); + printf("\t-ipu\tpublic key file name\n"); + printf("\t-ipr\tprivate key file name\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/loadexternal.c b/libstb/tss2/ibmtpm20tss/utils/loadexternal.c new file mode 100644 index 000000000000..5d29c131c56e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/loadexternal.c @@ -0,0 +1,542 @@ +/********************************************************************************/ +/* */ +/* Load External */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + DER example: + + Create a key pair in PEM format + + > openssl genrsa -out keypair.pem -aes256 -passout pass:rrrr 2048 + > openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem + + Convert to plaintext DER format + + > openssl rsa -inform pem -outform der -in keypair.pem -out keypair.der -passin pass:rrrr + > openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out +*/ + +#include +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include +#include "objecttemplates.h" +#include "cryptoutils.h" +#include "ekutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + LoadExternal_In in; + LoadExternal_Out out; + char hierarchyChar = 0; + TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; + int keyType = TYPE_SI; + TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_RSASSA; + uint32_t keyTypeSpecified = 0; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + const char *publicKeyFilename = NULL; + const char *derKeyFilename = NULL; + const char *pemKeyFilename = NULL; + const char *keyPassword = NULL; + int userWithAuth = TRUE; + unsigned int inputCount = 0; + int noSpace = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (inputCount != 1) { + printf("Missing or too many parameters -ipu, -ipem, -ider\n"); + printUsage(); + } + if (keyTypeSpecified > 1) { + printf("Too many key attributes\n"); + printUsage(); + } + if (derKeyFilename == NULL) { + if (keyPassword != NULL) { + printf("Password only valid for -ider keypair\n"); + printUsage(); + } + } + /* loadexternal key pair cannot be restricted (storage key) and must have NULL symmetric + scheme*/ + if (derKeyFilename != NULL) { + if (keyType == TYPE_ST) { + keyType = TYPE_DEN; + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (hierarchyChar == 'e') { + hierarchy = TPM_RH_ENDORSEMENT; + } + else if (hierarchyChar == 'o') { + hierarchy = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + hierarchy = TPM_RH_PLATFORM; + } + else if (hierarchyChar == 'n') { + hierarchy = TPM_RH_NULL; + } + } + if (rc == 0) { + in.inPrivate.t.size = 0; /* default - mark optional inPrivate not used */ + /* TPM format key, output from create */ + if (publicKeyFilename != NULL) { + rc = TSS_File_ReadStructureFlag(&in.inPublic, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + TRUE, /* NULL permitted */ + publicKeyFilename); + } + /* PEM format, output from e.g. openssl, readpublic, createprimary, create */ + else if (pemKeyFilename != NULL) { + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaPemToPublic(&in.inPublic, + keyType, + scheme, + nalg, + halg, + pemKeyFilename); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcPemToPublic(&in.inPublic, + keyType, + scheme, + nalg, + halg, + pemKeyFilename); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("-rsa algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + } + /* DER format key pair */ + else if (derKeyFilename != NULL) { + in.inPrivate.t.size = 1; /* mark that private area should be loaded */ + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaDerToKeyPair(&in.inPublic, + &in.inPrivate, + keyType, + scheme, + nalg, + halg, + derKeyFilename, + keyPassword); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcDerToKeyPair(&in.inPublic, + &in.inPrivate, + keyType, + scheme, + nalg, + halg, + derKeyFilename, + keyPassword); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("-rsa algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + } + else { + printf("Failure parsing -ipu, -ipem, -ider\n"); + printUsage(); + } + } + if (rc == 0) { + if (!userWithAuth) { + in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_USERWITHAUTH; + } + in.hierarchy = hierarchy; + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_PUBLIC_Print(&in.inPublic.publicArea, 0); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_LoadExternal, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + printf("Handle %08x\n", out.objectHandle); + if (noSpace) { + unsigned int b; + for (b = 0 ; b < out.name.t.size ; b++) { + printf("%02x", out.name.t.name[b]); + } + printf("\n"); + } + if (tssUtilsVerbose) printf("loadexternal: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("loadexternal: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("loadexternal\n"); + printf("\n"); + printf("Runs TPM2_LoadExternal\n"); + printf("\n"); + printf("\t[-hi\thierarchy (e, o, p, n) (default NULL)]\n"); + printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\n"); + printf("\t[Asymmetric Key Algorithm]\n"); + printf("\n"); + printf("\t[-rsa\t(default)]\n"); + printf("\t[-ecc\t]\n"); + printf("\n"); + printf("\t-ipu\tTPM2B_PUBLIC public key file name\n"); + printf("\t-ipem\tPEM format public key file name\n"); + printf("\t-ider\tDER format plaintext key pair file name\n"); + printf("\t[-pwdk\tpassword for DER key (default empty)]\n"); + printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); + printf("\t[-si\tsigning (default) RSA]\n"); + printf("\t[-scheme for signing key (default RSASSA scheme)]\n"); + printf("\t\trsassa\n"); + printf("\t\trsapss\n"); + printf("\t[-st\tstorage (default NULL scheme)]\n"); + printf("\t[-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n"); + printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n"); + printf("\t\tUseful to paste into policy\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/makecredential.c b/libstb/tss2/ibmtpm20tss/utils/makecredential.c new file mode 100644 index 000000000000..292ac97945cf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makecredential.c @@ -0,0 +1,303 @@ +/********************************************************************************/ +/* */ +/* MakeCredential */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + MakeCredential_In in; + MakeCredential_Out out; + TPMI_DH_OBJECT pubHandle = 0; + const char *inputCredentialFilename = NULL; + const char *nameFilename = NULL; + const char *outputCredentialFilename = NULL; + const char *secretFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (pubHandle == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (inputCredentialFilename == NULL) { + printf("Missing name parameter -icred\n"); + printUsage(); + } + if (nameFilename == NULL) { + printf("Missing name parameter -in\n"); + printUsage(); + } + if (rc == 0) { + in.handle = pubHandle; + } + /* read the credential information */ + if (rc == 0) { + rc = TSS_File_Read2B(&in.credential.b, + sizeof(in.credential.t.buffer), + inputCredentialFilename); + } + /* read the object Name */ + if (rc == 0) { + rc = TSS_File_Read2B(&in.objectName.b, + sizeof(in.objectName.t.name), + nameFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_MakeCredential, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* optionally save the credential */ + if ((rc == 0) && (outputCredentialFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.credentialBlob, + (MarshalFunction_t)TSS_TPM2B_ID_OBJECT_Marshalu, + outputCredentialFilename); + } + /* optionally save the secret */ + if ((rc == 0) && (secretFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.secret, + (MarshalFunction_t)TSS_TPM2B_ENCRYPTED_SECRET_Marshalu, + secretFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("makecredential: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("makecredential: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("makecredential\n"); + printf("\n"); + printf("Runs TPM2_MakeCredential\n"); + printf("\n"); + printf("\t-ha\thandle of encryption key public area\n"); + printf("\t-icred\tinput credential file name\n"); + printf("\t-in\tobject name file name\n"); + printf("\t[-ocred\t output credential file name (default do not save)]\n"); + printf("\t[-os\tsecret file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile-common b/libstb/tss2/ibmtpm20tss/utils/makefile-common new file mode 100644 index 000000000000..3f6fc657f70b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile-common @@ -0,0 +1,99 @@ +################################################################################# +# # +# # +# TPM2 Library and Utilities makefile - Common to TPM 1.2 and 2.0 variations # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: makefile-common 1294 2018-08-09 19:08:34Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2014, 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# compile - common flags for TSS library and applications + +CCFLAGS += \ + -Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ + -Wformat=2 -Wold-style-definition -Wno-self-assign \ + -Werror=declaration-after-statement -Wvla \ + -ggdb -O0 -c + +# to compile with optimizations on (warning will result) +# -O3 -c +# to compile with plaintext session state (see documentation) +# -DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\"" + +# link - common flags for Posix and Windows, for TSS library and applications + +#LNFLAGS += -ggdb + +ALL += $(LIBTSS) \ + $(LIBTSSA) \ + $(LIBTSSUTILS) + +# TSS shared library headers + +TSS_HEADERS += \ + tssauth.h \ + tssccattributes.h \ + tssdev.h \ + tsssocket.h \ + ibmtss/tss.h \ + ibmtss/tsscryptoh.h \ + ibmtss/tsscrypto.h \ + ibmtss/tsserror.h \ + ibmtss/tssfile.h \ + ibmtss/tssmarshal.h \ + ibmtss/tssprint.h \ + ibmtss/tssprintcmd.h \ + tssproperties.h \ + ibmtss/tsstransmit.h \ + ibmtss/tssresponsecode.h \ + ibmtss/tssutils.h \ + ibmtss/Unmarshal_fp.h \ + ibmtss/Implementation.h + +# TSS shared library object files + +TSS_OBJS += tss.o \ + tssproperties.o \ + tssmarshal.o \ + tssauth.o \ + tssutils.o \ + tsssocket.o \ + tssdev.o \ + tsstransmit.o \ + tssresponsecode.o \ + tssccattributes.o \ + tssprint.o \ + Unmarshal.o \ + CommandAttributeData.o diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile-common12 b/libstb/tss2/ibmtpm20tss/utils/makefile-common12 new file mode 100644 index 000000000000..b08a265c0177 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile-common12 @@ -0,0 +1,70 @@ +################################################################################# +# # +# # +# TPM2 Library and Utilities makefile - Common to all variations # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: makefile-common12 1257 2018-06-27 20:52:08Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2014, 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# link - common flags for Posix and Windows, for TSS library and applications + +#LNFLAGS += -ggdb + +ALL += + +# TSS shared library headers + +TSS_HEADERS += \ + tss12.h \ + tssauth12.h \ + tssccattributes12.h \ + ibmtss/tssmarshal12.h \ + ibmtss/Unmarshal12_fp.h \ + ibmtss/Parameters12.h \ + ibmtss/tpmstructures12.h \ + ibmtss/tpmconstants12.h \ + ibmtss/tpmtypes12.h + +# TSS shared library object files + +TSS_OBJS += tss12.o \ + tssauth12.o \ + tssmarshal12.o \ + Unmarshal12.o \ + Commands12.o \ + tssccattributes12.o \ + CommandAttributeData12.o + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile-common20 b/libstb/tss2/ibmtpm20tss/utils/makefile-common20 new file mode 100644 index 000000000000..191fd484016a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile-common20 @@ -0,0 +1,180 @@ +################################################################################# +# # +# # +# TPM 2.0 Library and Utilities makefile - Common to all variations # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2014 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# link - common flags for Posix and Windows, for TSS library and applications + +#LNFLAGS += -ggdb + +ALL += activatecredential$(EXE) \ + eventextend$(EXE) \ + imaextend$(EXE) \ + certify$(EXE) \ + certifycreation$(EXE) \ + certifyx509$(EXE) \ + changeeps$(EXE) \ + changepps$(EXE) \ + clear$(EXE) \ + clearcontrol$(EXE) \ + clockrateadjust$(EXE) \ + clockset$(EXE) \ + commit$(EXE) \ + contextload$(EXE) \ + contextsave$(EXE) \ + create$(EXE) \ + createloaded$(EXE) \ + createprimary$(EXE) \ + dictionaryattacklockreset$(EXE) \ + dictionaryattackparameters$(EXE) \ + duplicate$(EXE) \ + eccparameters$(EXE) \ + ecephemeral$(EXE) \ + encryptdecrypt$(EXE) \ + evictcontrol$(EXE) \ + eventsequencecomplete$(EXE) \ + flushcontext$(EXE) \ + getcommandauditdigest$(EXE) \ + getcapability$(EXE) \ + getrandom$(EXE) \ + gettestresult$(EXE) \ + getsessionauditdigest$(EXE) \ + gettime$(EXE) \ + hash$(EXE) \ + hashsequencestart$(EXE) \ + hierarchycontrol$(EXE) \ + hierarchychangeauth$(EXE) \ + hmac$(EXE) \ + hmacstart$(EXE) \ + import$(EXE) \ + importpem$(EXE) \ + load$(EXE) \ + loadexternal$(EXE) \ + makecredential$(EXE) \ + nvcertify$(EXE) \ + nvchangeauth$(EXE) \ + nvdefinespace$(EXE) \ + nvextend$(EXE) \ + nvglobalwritelock$(EXE) \ + nvincrement$(EXE) \ + nvread$(EXE) \ + nvreadlock$(EXE) \ + nvreadpublic$(EXE) \ + nvsetbits$(EXE) \ + nvundefinespace$(EXE) \ + nvundefinespacespecial$(EXE) \ + nvwrite$(EXE) \ + nvwritelock$(EXE) \ + objectchangeauth$(EXE) \ + pcrallocate$(EXE) \ + pcrevent$(EXE) \ + pcrextend$(EXE) \ + pcrread$(EXE) \ + pcrreset$(EXE) \ + policyauthorize$(EXE) \ + policyauthvalue$(EXE) \ + policycommandcode$(EXE) \ + policycphash$(EXE) \ + policynamehash$(EXE) \ + policycountertimer$(EXE) \ + policyduplicationselect$(EXE) \ + policygetdigest$(EXE) \ + policymaker$(EXE) \ + policymakerpcr$(EXE) \ + policynv$(EXE) \ + policyauthorizenv$(EXE) \ + policynvwritten$(EXE) \ + policypassword$(EXE) \ + policypcr$(EXE) \ + policyor$(EXE) \ + policyrestart$(EXE) \ + policysigned$(EXE) \ + policysecret$(EXE) \ + policytemplate$(EXE) \ + policyticket$(EXE) \ + powerup$(EXE) \ + quote$(EXE) \ + readclock$(EXE) \ + readpublic$(EXE) \ + returncode$(EXE) \ + rewrap$(EXE) \ + rsadecrypt$(EXE) \ + rsaencrypt$(EXE) \ + sequencecomplete$(EXE) \ + sequenceupdate$(EXE) \ + setcommandcodeauditstatus$(EXE) \ + setprimarypolicy$(EXE) \ + shutdown$(EXE) \ + sign$(EXE) \ + startauthsession$(EXE) \ + startup$(EXE) \ + stirrandom$(EXE) \ + unseal$(EXE) \ + verifysignature$(EXE) \ + zgen2phase$(EXE) \ + \ + signapp$(EXE) \ + writeapp$(EXE) \ + timepacket$(EXE) \ + createek$(EXE) \ + createekcert$(EXE) \ + tpm2pem$(EXE) \ + tpmpublic2eccpoint$(EXE) \ + publicname$(EXE) \ + getcryptolibrary$(EXE) \ + printattr$(EXE) \ + tpmcmd$(EXE) + +ALL += \ + ntc2getconfig$(EXE) \ + ntc2preconfig$(EXE) \ + ntc2lockconfig$(EXE) + +# TSS shared library headers + +TSS_HEADERS += \ + tss20.h \ + tssauth20.h + +# TSS shared library object files + +TSS_OBJS += tss20.o \ + tssauth20.o \ + Commands.o \ + ntc2lib.o \ + tssntc.o diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile.mac b/libstb/tss2/ibmtpm20tss/utils/makefile.mac new file mode 100644 index 000000000000..7af69c14b580 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile.mac @@ -0,0 +1,454 @@ +################################################################################# +# # +# Mac TPM2 Utilities Makefile # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2017 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += -DTPM_POSIX + +# example of pointing to a locally built openssl 1.1 +# CCFLAGS += -I/home/kgold/openssl-1.1.0c/include + +# compile - for TSS library + +# include the hardening flag PIC needed for compiling for dynamic +# linking + +CCLFLAGS += -I. \ + -fPIC \ + -I/usr/local/Cellar/openssl/1.0.2m/include/ + +# to compile out printf's. Regression test will fail because it tries +# to print a structure -DTPM_TSS_NO_PRINT + +# example of changing the default interface type +# -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" + +# compile - for applications + +# include the hardening flag PIE needed for compiling for +# static linking + +CCAFLAGS += -I. \ + -fPIE \ + -I/usr/local/Cellar/openssl/1.0.2m/include/ + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# This seems to be required on some Ubuntu distros due to an issue with the gold linker +# -fuse-ld=bfd + +# example of pointing to a locally built openssl 1.1 +# LNFLAGS += -L/home/kgold/openssl-1.1.0c +# This also requires setting the environment variable LD_LIBRARY_PATH. E.g., +# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c + +# link - for TSS library + +# hardening flags for linking shared objects +#LNLFLAGS += -shared -Wl,-z,now +LNLFLAGS += -shared + +# This is an alternative to using the bfd linker on Ubuntu +LNLLIBS += -lcrypto + +# link - for applications, TSS path, TSS and OpenSSl libraries + +# hardening flags for linking executables +#LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. +#LNAFLAGS += -pie +LNAFLAGS += -L/usr/local/Cellar/openssl/1.0.2m/lib +LNLFLAGS += -L/usr/local/Cellar/openssl/1.0.2m/lib +LNALIBS += -libmtss -lcrypto + +# shared library + +# versioned shared library +LIBTSSVERSIONED=libibmtss.dylib.0.1 + +# soname field of the shared library +# which will be made symbolic link to the versioned shared library +# this is used to provide version backward-compatibility information +LIBTSSSONAME=libibmtss.dylib.0 + +# symbolic link to the versioned shared library +# this allows linking to the shared library with '-libmtss' + +#os := $(shell uname -o) +#ifeq ($(os),Cygwin) +# LIBTSS=libibmtss.dll +#else +# LIBTSS=libibmtss.so +#endif +LIBTSS=libibmtss.dylib + +# executable extension + +EXE = + +# + +TSS_HEADERS= + +# default TSS library + +TSS_OBJS = tssfile.o \ + tsscryptoh.o \ + tsscrypto.o \ + tssprintcmd.o + +# common to all builds + +include makefile-common +include makefile-common20 + +# default build target + +all: $(ALL) + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tssfile.o: $(TSS_HEADERS) tssfile.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-install_name,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSONAME) + ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) + rm -f $(LIBTSS) + ln -sf $(LIBTSSSONAME) $(LIBTSS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o *~ \ + h*.bin \ + $(LIBTSSSONAME) \ + $(LIBTSSVERSIONED) \ + $(ALL) + +# applications + +activatecredential: ibmtss/tss.h activatecredential.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential +eventextend: eventextend.o eventlib.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend +imaextend: imaextend.o imalib.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend +certify: ibmtss/tss.h certify.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify +certifycreation: ibmtss/tss.h certifycreation.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation +certifyx509: ibmtss/tss.h certifyx509.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -o certifyx509 +changeeps: ibmtss/tss.h changeeps.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps +changepps: ibmtss/tss.h changepps.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps +clear: ibmtss/tss.h clear.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear +clearcontrol: ibmtss/tss.h clearcontrol.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol +clockrateadjust: ibmtss/tss.h clockrateadjust.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust +clockset: ibmtss/tss.h clockset.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset +commit: ibmtss/tss.h commit.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit +contextload: ibmtss/tss.h contextload.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload +contextsave: ibmtss/tss.h contextsave.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave +create: ibmtss/tss.h create.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o cryptoutils.o $(LNALIBS) -o create +createloaded: ibmtss/tss.h createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createloaded +createprimary: ibmtss/tss.h createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createprimary +dictionaryattacklockreset: ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset +dictionaryattackparameters: ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters +duplicate: ibmtss/tss.h duplicate.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate +eccparameters: ibmtss/tss.h eccparameters.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters +ecephemeral: ibmtss/tss.h ecephemeral.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral +encryptdecrypt: ibmtss/tss.h encryptdecrypt.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt +eventsequencecomplete: ibmtss/tss.h eventsequencecomplete.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete +evictcontrol: ibmtss/tss.h evictcontrol.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol +flushcontext: ibmtss/tss.h flushcontext.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext +getcommandauditdigest: ibmtss/tss.h getcommandauditdigest.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest +getcapability: ibmtss/tss.h getcapability.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability +getrandom: ibmtss/tss.h getrandom.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom +gettestresult: ibmtss/tss.h gettestresult.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult +getsessionauditdigest: ibmtss/tss.h getsessionauditdigest.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest +gettime: ibmtss/tss.h gettime.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime +hashsequencestart: ibmtss/tss.h hashsequencestart.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart +hash: ibmtss/tss.h hash.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash +hierarchycontrol: ibmtss/tss.h hierarchycontrol.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol +hierarchychangeauth: ibmtss/tss.h hierarchychangeauth.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth +hmac: ibmtss/tss.h hmac.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac +hmacstart: ibmtss/tss.h hmacstart.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart +import: ibmtss/tss.h import.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import +importpem: ibmtss/tss.h importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LNALIBS) -o importpem +load: ibmtss/tss.h load.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load +loadexternal: ibmtss/tss.h loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o cryptoutils.o ekutils.o $(LNALIBS) -o loadexternal +makecredential: ibmtss/tss.h makecredential.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential +nvcertify: ibmtss/tss.h nvcertify.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify +nvchangeauth: ibmtss/tss.h nvchangeauth.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth +nvdefinespace: ibmtss/tss.h nvdefinespace.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace +nvextend: ibmtss/tss.h nvextend.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend +nvglobalwritelock: ibmtss/tss.h nvglobalwritelock.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock +nvincrement: ibmtss/tss.h nvincrement.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement +nvread: ibmtss/tss.h nvread.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o cryptoutils.o ekutils.o $(LNALIBS) -o nvread +nvreadlock: ibmtss/tss.h nvreadlock.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock +nvreadpublic: ibmtss/tss.h nvreadpublic.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic +nvsetbits: ibmtss/tss.h nvsetbits.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits +nvundefinespace: ibmtss/tss.h nvundefinespace.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace +nvundefinespacespecial: ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial +nvwrite: ibmtss/tss.h nvwrite.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o cryptoutils.o ekutils.o $(LNALIBS) -o nvwrite +nvwritelock: ibmtss/tss.h nvwritelock.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock +objectchangeauth: ibmtss/tss.h objectchangeauth.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth +pcrallocate: ibmtss/tss.h pcrallocate.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate +pcrevent: ibmtss/tss.h pcrevent.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent +pcrextend: ibmtss/tss.h pcrextend.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend +pcrread: ibmtss/tss.h pcrread.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread +pcrreset: ibmtss/tss.h pcrreset.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset +policyauthorize: ibmtss/tss.h policyauthorize.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize +policyauthvalue: ibmtss/tss.h policyauthvalue.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue +policycommandcode: ibmtss/tss.h policycommandcode.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode +policycphash: ibmtss/tss.h policycphash.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash +policynamehash: ibmtss/tss.h policynamehash.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash +policycountertimer : ibmtss/tss.h policycountertimer.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer +policyduplicationselect: ibmtss/tss.h policyduplicationselect.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect +policygetdigest: ibmtss/tss.h policygetdigest.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest +policymaker: ibmtss/tss.h policymaker.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker +policymakerpcr: ibmtss/tss.h policymakerpcr.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr +policyauthorizenv: ibmtss/tss.h policyauthorizenv.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv +policynv: ibmtss/tss.h policynv.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv +policynvwritten: ibmtss/tss.h policynvwritten.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten +policyor: ibmtss/tss.h policyor.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor +policypassword: ibmtss/tss.h policypassword.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword +policypcr: ibmtss/tss.h policypcr.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr +policyrestart: ibmtss/tss.h policyrestart.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart +policysigned: ibmtss/tss.h policysigned.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned +policysecret: ibmtss/tss.h policysecret.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret +policytemplate: ibmtss/tss.h policytemplate.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate +policyticket: ibmtss/tss.h policyticket.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket +quote: ibmtss/tss.h quote.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote +powerup: ibmtss/tss.h powerup.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup +readclock: ibmtss/tss.h readclock.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock +readpublic: ibmtss/tss.h readpublic.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o cryptoutils.o $(LNALIBS) -o readpublic +returncode: ibmtss/tss.h returncode.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode +rewrap: ibmtss/tss.h rewrap.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap +rsadecrypt: ibmtss/tss.h rsadecrypt.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt +rsaencrypt: ibmtss/tss.h rsaencrypt.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt +sequenceupdate: ibmtss/tss.h sequenceupdate.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate +sequencecomplete: ibmtss/tss.h sequencecomplete.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete +setprimarypolicy: ibmtss/tss.h setprimarypolicy.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy +setcommandcodeauditstatus: ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus +shutdown: ibmtss/tss.h shutdown.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown +sign: ibmtss/tss.h sign.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o cryptoutils.o $(LNALIBS) -o sign +startauthsession: ibmtss/tss.h startauthsession.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession +startup: ibmtss/tss.h startup.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup +stirrandom: ibmtss/tss.h stirrandom.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom +unseal: ibmtss/tss.h unseal.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal +verifysignature: ibmtss/tss.h verifysignature.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o cryptoutils.o $(LNALIBS) -o verifysignature +zgen2phase: ibmtss/tss.h zgen2phase.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o cryptoutils.o $(LNALIBS) -o zgen2phase +signapp: ibmtss/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp +writeapp: ibmtss/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o ekutils.o cryptoutils.o $(LNALIBS) -o writeapp +timepacket: ibmtss/tss.h timepacket.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket +createek: createek.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o cryptoutils.o ekutils.o $(LNALIBS) -o createek +createekcert: createekcert.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o cryptoutils.o ekutils.o $(LNALIBS) -o createekcert +tpm2pem: tpm2pem.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o cryptoutils.o $(LNALIBS) -o tpm2pem +tpmpublic2eccpoint: tpmpublic2eccpoint.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint +ntc2getconfig: ntc2getconfig.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig +ntc2preconfig: ntc2preconfig.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig +ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig +publicname: publicname.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname +getcryptolibrary: getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary +printattr: printattr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile.mak b/libstb/tss2/ibmtpm20tss/utils/makefile.mak new file mode 100644 index 000000000000..8e43d5c2dac4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile.mak @@ -0,0 +1,255 @@ +################################################################################# +# # +# Windows MinGW TPM2 Makefile OpenSSL 1.1.1 32-bit # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# Windows OpenSSL 1.1.1 32-bit with mingw + +# Please contribute a solution for OpenSSL 64-bit (Shining Light), +# which does not include the mingw .a files. + +# For this to work, copy the file .../openssl/bin/libcrypto-1.1.dll to +# libcrypto.dll. Please contribute a solution that does not require +# this step. + +# C compiler + +CC = "c:/program files/mingw/bin/gcc.exe" + +# compile - common flags for TSS library and applications + +CCFLAGS += \ + -DTPM_WINDOWS \ + -I. \ + -I"c:/program files/MinGW/include" \ + -I"c:/program files/openssl/include" \ + +# compile - for TSS library + +CCLFLAGS += \ + -DTPM_TPM20 + +# compile - for applications + +CCAFLAGS += \ + -DTPM_TPM20 + +# link - common flags flags TSS library and applications + +LNFLAGS += \ + -D_MT \ + -DTPM_WINDOWS \ + -I. + +# link - for TSS library + +LNLFLAGS += + +# link - for applications, TSS path, TSS and OpenSSl libraries + +LNAFLAGS += + +LNLIBS = "c:/program files/openssl/lib/mingw/libcrypto.a" \ + "c:/program files/MinGW/lib/libws2_32.a" + +# shared library + +LIBTSS=libibmtss.dll + +# executable extension + +EXE=.exe + +# + +ALL = + +# default TSS library + +TSS_OBJS = tssfile.o \ + tsscryptoh.o \ + tsscrypto.o \ + tssprintcmd.o + +# common to all builds + +include makefile-common +include makefile-common20 + +# +# Start Windows TBSI +# + +# mingw libraries are apparently no longer compatible with Windows +# Kits for TBS. Contributions are welcome. Until then, use the +# Visual Studio solution for the hardware TPM. + +#TSS_OBJS += tsstbsi.o + +#CCFLAGS += -DTPM_WINDOWS_TBSI +#CCFLAGS += -D_WIN32_WINNT=0x0600 + +# Windows 10 + +#CCFLAGS += -DTPM_WINDOWS_TBSI_WIN8 +#CCFLAGS += -I"c:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\shared" + +#LNLIBS += "c:/Program Files (x86)/Windows Kits/10/Lib/10.0.17763.0/um/x64/tbs.lib" + +# Windows 7 + +#CCFLAGS += -DTPM_WINDOWS_TBSI_WIN7 + +#LNLIBS += c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib + +# +# End Windows TBSI +# + +# default build target + +all: $(ALL) + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tssfile.o: $(TSS_HEADERS) tssfile.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + +# TPM 2.0 + +tss20.o: $(TSS_HEADERS) tss20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +tssauth20.o: $(TSS_HEADERS) tssauth20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) \ + -Wl,--out-implib,libibmtss.a $(LNLIBS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o \ + $(LIBTSS) \ + $(ALL) + +create.exe: create.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +createloaded.exe: createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +createprimary.exe: createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +eventextend.exe: eventextend.o eventlib.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o eventlib.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +imaextend.exe: imaextend.o imalib.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o imalib.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +createek.exe: createek.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +certifyx509.exe: certifyx509.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +createekcert.exe: createekcert.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +importpem.exe: importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +loadexternal.exe: loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o cryptoutils.o ekutils.o $(LNLIBS) $(LIBTSS) + +nvread.exe: nvread.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +nvwrite.exe: nvwrite.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +signapp.exe: signapp.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +writeapp.exe: writeapp.o ekutils.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +%.exe: %.o applink.o cryptoutils.o $(LIBTSS) + $(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o cryptoutils.o $(LNLIBS) $(LIBTSS) + +%.o: %.c + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile.min b/libstb/tss2/ibmtpm20tss/utils/makefile.min new file mode 100644 index 000000000000..32dd87664800 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile.min @@ -0,0 +1,178 @@ +################################################################################# +# # +# Linux TPM2 Utilities Makefile for minimal TSS # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2016 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# makefile to build a TSS library that does not require file read/write or crypto +# within the library +# +# See the documentation for limitations. + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += \ + -DTPM_POSIX \ + -DTPM_TSS_NOFILE \ + -DTPM_TSS_NOCRYPTO \ + -DTPM_TSS_NORSA + +# -DTPM_NOSOCKET + +# compile - for TSS library + +CCLFLAGS += -I. \ + -fPIC \ + -DTPM_TPM20 + +# compile - for applications + +CCAFLAGS += -I. \ + -DTPM_TPM20 \ + -fPIE + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# link - for TSS library + +# link - for applications, TSS path, TSS and OpenSSl libraries + +LNAFLAGS += -Wl,-rpath,. + +LNALIBS += -libmtssmin + +# shared library + +LIBTSS=libibmtssmin.so + +# + +ALL = $(LIBTSS) +#TSS_HEADERS = ibmtss/tssfile.h + +# default TSS library + +TSS_OBJS = tssprintcmd.o + + +# common to all builds + +include makefile-common +include makefile-common20 + +# default build target + +all: writeapp + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tss.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssproperties.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssauth.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssutils.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprint.c +tssprintcmd.o: $(TSS_HEADERS) tssprintcmd.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprintcmd.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssntc.c + +# TPM 2.0 + +tss20.o: $(TSS_HEADERS) tss20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +tssauth20.o: $(TSS_HEADERS) tssauth20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o \ + $(ALL) + +# applications + +writeapp: ibmtss/tss.h writeapp.o tssutilsverbose.o $(LIBTSS) + + $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o tssutilsverbose.o \ + $(LNALIBS) -o writeapp + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefile.nofile b/libstb/tss2/ibmtpm20tss/utils/makefile.nofile new file mode 100644 index 000000000000..3d22cc4fcb9f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefile.nofile @@ -0,0 +1,243 @@ +################################################################################# +# # +# Linux TPM2 Utilities Makefile for TSS without files # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2016 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# makefile to build a TSS library that does not require file read/write. +# +# See the documentation for limitations. + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += -DTPM_POSIX \ + -DTPM_TSS_NOFILE + +# -DTPM_NOSOCKET + +# compile - for TSS library + +# include the hardening flag PIC needed for compiling for dynamic +# linking + +CCLFLAGS += -I. \ + -fPIC \ + -DTPM_TPM20 + +# compile - for applications + +# include the hardening flag PIE needed for compiling for +# static linking + +CCAFLAGS += -I. \ + -DTPM_TPM20 \ + -fPIE + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# link - for TSS library + +# hardening flags for linking shared objects +LNLFLAGS += -shared -Wl,-z,now + +# This is an alternative to using the bfd linker on Ubuntu +LNLLIBS += -lcrypto + +# link - for applications, TSS path, TSS and OpenSSl libraries + +LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. + +LNALIBS += -libmtssutils -libmtssmin + +# versioned shared library +LIBTSSVERSIONED=libibmtssmin.so.1.3 + +# soname field of the shared library +# which will be made symbolic link to the versioned shared library +# this is used to provide version backward-compatibility information +LIBTSSSONAME=libibmtssmin.so.1 + +# symbolic link to the versioned shared library +# this allows linking to the shared library with '-libmtss' + +os := $(shell uname -o) +ifeq ($(os),Cygwin) + LIBTSS=libibmtssmin.dll +else + LIBTSS=libibmtssmin.so +endif + +# TSS utilities shared library + +LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3 +LIBTSSUTILSSONAME=libibmtssutils.so.1 +LIBTSSUTILS=libibmtssutils.so + +# executable extension + +EXE = + +ALL = signapp writeapp + +TSS_HEADERS = ibmtss/tssfile.h + +# default TSS library + +TSS_OBJS = tsscryptoh.o \ + tsscrypto.o \ + tssprintcmd.o + +TSSUTILS_OBJS = cryptoutils.o \ + ekutils.o \ + imalib.o \ + eventlib.o + +# common to all builds + +include makefile-common +include makefile-common20 + +# default build target + +all: signapp writeapp + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +tssprintcmd.o: $(TSS_HEADERS) tssprintcmd.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + +# TPM 2.0 + +tss20.o: $(TSS_HEADERS) tss20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +tssauth20.o: $(TSS_HEADERS) tssauth20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c + +# TSS utilities shared library source + +cryptoutils.o: $(TSS_HEADERS) cryptoutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c +ekutils.o: $(TSS_HEADERS) ekutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c +imalib.o: $(TSS_HEADERS) imalib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c +eventlib.o: $(TSS_HEADERS) eventlib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSONAME) + ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) + rm -f $(LIBTSS) + ln -sf $(LIBTSSSONAME) $(LIBTSS) + +# TSS utilities shared library + +$(LIBTSSUTILS): $(TSSUTILS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSUTILSONAME) + ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME) + rm -f $(LIBTSSUTILS) + ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o \ + $(LIBTSSSONAME) \ + $(LIBTSSVERSIONED) \ + $(LIBTSSUTILSSONAME) \ + $(LIBTSSUTILSVERSIONED) \ + $(ALL) + +# applications + +signapp: ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp +writeapp: ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefiletpm12 b/libstb/tss2/ibmtpm20tss/utils/makefiletpm12 new file mode 100644 index 000000000000..92e9b9742f64 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefiletpm12 @@ -0,0 +1,265 @@ +################################################################################# +# # +# Linux TPM 1.2 TSS Makefile # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2018 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += -DTPM_POSIX + +# example of pointing to a locally built openssl 1.1 +# CCFLAGS += -I/home/kgold/openssl/include + +# compile - for TSS library + +# include the hardening flag PIC needed for compiling for dynamic +# linking + +CCLFLAGS += -I. \ + -fPIC \ + -DTPM_TPM12 + +# to compile out printf's. Regression test will fail because it tries +# to print a structure -DTPM_TSS_NO_PRINT + +# example of changing the default interface type +# -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" + +# compile - for applications + +# include the hardening flag PIE needed for compiling for +# static linking + +CCAFLAGS += -I. \ + -DTPM_TPM12 \ + -fPIE + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# This seems to be required on some Ubuntu distros due to an issue with the gold linker +# -fuse-ld=bfd + +# example of pointing to a locally built openssl 1.1 +# LNFLAGS += -L/home/kgold/openssl +# This also requires setting the environment variable LD_LIBRARY_PATH. E.g., +# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c + +# link - for TSS library + +# hardening flags for linking shared objects +LNLFLAGS += -shared -Wl,-z,now + +# This is an alternative to using the bfd linker on Ubuntu +LNLLIBS += -lcrypto + +# link - for applications, TSS path, TSS and OpenSSl libraries + +# hardening flags for linking executables +LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. + +LNALIBS += -libmtss + +# shared library + +# versioned shared library +LIBTSSVERSIONED=libibmtss.so.1.3 + +# soname field of the shared library +# which will be made symbolic link to the versioned shared library +# this is used to provide version backward-compatibility information +LIBTSSSONAME=libibmtss.so.1 + +# symbolic link to the versioned shared library +# this allows linking to the shared library with '-libmtss' + +os := $(shell uname -o) +ifeq ($(os),Cygwin) + LIBTSS=libibmtss.dll +else + LIBTSS=libibmtss.so +endif + +# TSS utilities shared library + +LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3 +LIBTSSUTILSSONAME=libibmtssutils.so.1 +LIBTSSUTILS=libibmtssutils.so + +# executable extension + +EXE = + +# + +ALL = +TSS_HEADERS= + +# default TSS library + +TSS_OBJS = tssfile.o \ + tsscryptoh.o \ + tsscrypto.o + +TSSUTILS_OBJS = cryptoutils.o \ + ekutils.o \ + imalib.o \ + eventlib.o + +# common to all builds + +include makefile-common +include makefile-common12 + +# default build target + +all: $(ALL) + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tssfile.o: $(TSS_HEADERS) tssfile.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +tssprintcmd.o: $(TSS_HEADERS) tssprintcmd.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +# TPM 1.2 + +tss12.o: $(TSS_HEADERS) tss12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss12.c +tssauth12.o: $(TSS_HEADERS) tssauth12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth12.c +tssmarshal12.o: $(TSS_HEADERS) tssmarshal12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal12.c +Unmarshal12.o: $(TSS_HEADERS) Unmarshal12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal12.c +Commands12.o: $(TSS_HEADERS) Commands12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands12.c +tssccattributes12.o: $(TSS_HEADERS) tssccattributes12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes12.c +CommandAttributeData12.o: $(TSS_HEADERS) CommandAttributeData12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData12.c + +# TSS utilities shared library source + +cryptoutils.o: $(TSS_HEADERS) cryptoutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c +ekutils.o: $(TSS_HEADERS) ekutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c +imalib.o: $(TSS_HEADERS) imalib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c +eventlib.o: $(TSS_HEADERS) eventlib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSONAME) + ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) + rm -f $(LIBTSS) + ln -sf $(LIBTSSSONAME) $(LIBTSS) + +# TSS utilities shared library + +$(LIBTSSUTILS): $(TSSUTILS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSUTILSONAME) + ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME) + rm -f $(LIBTSSUTILS) + ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o *~ \ + h*.bin \ + $(LIBTSSSONAME) \ + $(LIBTSSVERSIONED) \ + $(LIBTSSUTILSSONAME) \ + $(LIBTSSUTILSVERSIONED) \ + $(ALL) + +# applications are in .../utils12 + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefiletpm20 b/libstb/tss2/ibmtpm20tss/utils/makefiletpm20 new file mode 100644 index 000000000000..0af7c525bd1f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefiletpm20 @@ -0,0 +1,494 @@ +################################################################################# +# # +# Linux TPM2 Utilities Makefile # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2014 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += -DTPM_POSIX + +# example of pointing to a locally built openssl 1.1 +# CCFLAGS += -I/home/kgold/openssl/include + +# compile - for TSS library + +# include the hardening flag PIC needed for compiling for dynamic +# linking + +CCLFLAGS += -I. \ + -fPIC \ + -DTPM_TPM20 + +# to compile out printf's. Regression test will fail because it tries +# to print a structure -DTPM_TSS_NO_PRINT + +# example of changing the default interface type +# -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" + +# compile - for applications + +# include the hardening flag PIE needed for compiling for +# static linking + +CCAFLAGS += -I. \ + -DTPM_TPM20 \ + -fPIE + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# This seems to be required on some Ubuntu distros due to an issue with the gold linker +# -fuse-ld=bfd + +# example of pointing to a locally built openssl 1.1 +# LNFLAGS += -L/home/kgold/openssl +# This also requires setting the environment variable LD_LIBRARY_PATH. E.g., +# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl + +# link - for TSS library + +# hardening flags for linking shared objects +LNLFLAGS += -shared -Wl,-z,now + +# This is an alternative to using the bfd linker on Ubuntu +LNLLIBS += -lcrypto + +# link - for applications, TSS path, TSS and OpenSSl libraries + +# hardening flags for linking executables +LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. + +LNALIBS += -libmtssutils -libmtss + +# shared library + +# versioned shared library +LIBTSSVERSIONED=libibmtss.so.1.3 + +# soname field of the shared library +# which will be made symbolic link to the versioned shared library +# this is used to provide version backward-compatibility information +LIBTSSSONAME=libibmtss.so.1 + +# symbolic link to the versioned shared library +# this allows linking to the shared library with '-libmtss' + +os := $(shell uname -o) +ifeq ($(os),Cygwin) + LIBTSS=libibmtss.dll +else + LIBTSS=libibmtss.so +endif + +# TSS utilities shared library + +LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3 +LIBTSSUTILSSONAME=libibmtssutils.so.1 +LIBTSSUTILS=libibmtssutils.so + +# executable extension + +EXE = + +# + + +TSS_HEADERS= + +# default TSS library + +TSS_OBJS = tssfile.o \ + tsscryptoh.o \ + tsscrypto.o \ + tssprintcmd.o + +TSSUTILS_OBJS = cryptoutils.o \ + ekutils.o \ + imalib.o \ + eventlib.o + +# common to all builds + +include makefile-common +include makefile-common20 + +# default build target + +all: $(ALL) + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tssfile.o: $(TSS_HEADERS) tssfile.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +tssprintcmd.o: $(TSS_HEADERS) tssprintcmd.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + +# TPM 2.0 + +tss20.o: $(TSS_HEADERS) tss20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +tssauth20.o: $(TSS_HEADERS) tssauth20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c + +# TSS utilities shared library source + +cryptoutils.o: $(TSS_HEADERS) cryptoutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c +ekutils.o: $(TSS_HEADERS) ekutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c +imalib.o: $(TSS_HEADERS) imalib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c +eventlib.o: $(TSS_HEADERS) eventlib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSONAME) + ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) + rm -f $(LIBTSS) + ln -sf $(LIBTSSSONAME) $(LIBTSS) + +# TSS utilities shared library + +$(LIBTSSUTILS): $(TSSUTILS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSUTILSONAME) + ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME) + rm -f $(LIBTSSUTILS) + ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o *~ \ + h*.bin \ + $(LIBTSSSONAME) \ + $(LIBTSSVERSIONED) \ + $(LIBTSSUTILSSONAME) \ + $(LIBTSSUTILSVERSIONED) \ + $(ALL) +# applications + +activatecredential: ibmtss/tss.h activatecredential.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential +eventextend: eventextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend +imaextend: imaextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend +certify: ibmtss/tss.h certify.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify +certifycreation: ibmtss/tss.h certifycreation.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation +certifyx509: ibmtss/tss.h certifyx509.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -lcrypto -o certifyx509 +changeeps: ibmtss/tss.h changeeps.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps +changepps: ibmtss/tss.h changepps.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps +clear: ibmtss/tss.h clear.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear +clearcontrol: ibmtss/tss.h clearcontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol +clockrateadjust: ibmtss/tss.h clockrateadjust.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust +clockset: ibmtss/tss.h clockset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset +commit: ibmtss/tss.h commit.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit +contextload: ibmtss/tss.h contextload.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload +contextsave: ibmtss/tss.h contextsave.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave +create: ibmtss/tss.h create.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o $(LNALIBS) -o create +createloaded: ibmtss/tss.h createloaded.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o $(LNALIBS) -o createloaded +createprimary: ibmtss/tss.h createprimary.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o $(LNALIBS) -o createprimary +dictionaryattacklockreset: ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset +dictionaryattackparameters: ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters +duplicate: ibmtss/tss.h duplicate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate +eccparameters: ibmtss/tss.h eccparameters.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters +ecephemeral: ibmtss/tss.h ecephemeral.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral +encryptdecrypt: ibmtss/tss.h encryptdecrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt +eventsequencecomplete: ibmtss/tss.h eventsequencecomplete.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete +evictcontrol: ibmtss/tss.h evictcontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol +flushcontext: ibmtss/tss.h flushcontext.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext +getcommandauditdigest: ibmtss/tss.h getcommandauditdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest +getcapability: ibmtss/tss.h getcapability.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability +getrandom: ibmtss/tss.h getrandom.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom +gettestresult: ibmtss/tss.h gettestresult.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult +getsessionauditdigest: ibmtss/tss.h getsessionauditdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest +gettime: ibmtss/tss.h gettime.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime +hashsequencestart: ibmtss/tss.h hashsequencestart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart +hash: ibmtss/tss.h hash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash +hierarchycontrol: ibmtss/tss.h hierarchycontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol +hierarchychangeauth: ibmtss/tss.h hierarchychangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth +hmac: ibmtss/tss.h hmac.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac +hmacstart: ibmtss/tss.h hmacstart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart +import: ibmtss/tss.h import.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import +importpem: ibmtss/tss.h importpem.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o $(LNALIBS) -o importpem +load: ibmtss/tss.h load.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load +loadexternal: ibmtss/tss.h loadexternal.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o $(LNALIBS) -o loadexternal +makecredential: ibmtss/tss.h makecredential.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential +nvcertify: ibmtss/tss.h nvcertify.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify +nvchangeauth: ibmtss/tss.h nvchangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth +nvdefinespace: ibmtss/tss.h nvdefinespace.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace +nvextend: ibmtss/tss.h nvextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend +nvglobalwritelock: ibmtss/tss.h nvglobalwritelock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock +nvincrement: ibmtss/tss.h nvincrement.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement +nvread: ibmtss/tss.h nvread.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o $(LNALIBS) -o nvread +nvreadlock: ibmtss/tss.h nvreadlock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock +nvreadpublic: ibmtss/tss.h nvreadpublic.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic +nvsetbits: ibmtss/tss.h nvsetbits.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits +nvundefinespace: ibmtss/tss.h nvundefinespace.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace +nvundefinespacespecial: ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial +nvwrite: ibmtss/tss.h nvwrite.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o $(LNALIBS) -o nvwrite +nvwritelock: ibmtss/tss.h nvwritelock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock +objectchangeauth: ibmtss/tss.h objectchangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth +pcrallocate: ibmtss/tss.h pcrallocate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate +pcrevent: ibmtss/tss.h pcrevent.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent +pcrextend: ibmtss/tss.h pcrextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend +pcrread: ibmtss/tss.h pcrread.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread +pcrreset: ibmtss/tss.h pcrreset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset +policyauthorize: ibmtss/tss.h policyauthorize.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize +policyauthvalue: ibmtss/tss.h policyauthvalue.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue +policycommandcode: ibmtss/tss.h policycommandcode.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode +policycphash: ibmtss/tss.h policycphash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash +policynamehash: ibmtss/tss.h policynamehash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash +policycountertimer: ibmtss/tss.h policycountertimer.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer +policyduplicationselect: ibmtss/tss.h policyduplicationselect.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect +policygetdigest: ibmtss/tss.h policygetdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest +policymaker: ibmtss/tss.h policymaker.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker +policymakerpcr: ibmtss/tss.h policymakerpcr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr +policyauthorizenv: ibmtss/tss.h policyauthorizenv.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv +policynv: ibmtss/tss.h policynv.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv +policynvwritten: ibmtss/tss.h policynvwritten.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten +policyor: ibmtss/tss.h policyor.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor +policypassword: ibmtss/tss.h policypassword.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword +policypcr: ibmtss/tss.h policypcr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr +policyrestart: ibmtss/tss.h policyrestart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart +policysigned: ibmtss/tss.h policysigned.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned +policysecret: ibmtss/tss.h policysecret.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret +policytemplate: ibmtss/tss.h policytemplate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate +policyticket: ibmtss/tss.h policyticket.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket +quote: ibmtss/tss.h quote.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote +powerup: ibmtss/tss.h powerup.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup +readclock: ibmtss/tss.h readclock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock +readpublic: ibmtss/tss.h readpublic.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o $(LNALIBS) -o readpublic +returncode: ibmtss/tss.h returncode.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode +rewrap: ibmtss/tss.h rewrap.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap +rsadecrypt: ibmtss/tss.h rsadecrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt +rsaencrypt: ibmtss/tss.h rsaencrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt +sequenceupdate: ibmtss/tss.h sequenceupdate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate +sequencecomplete: ibmtss/tss.h sequencecomplete.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete +setprimarypolicy: ibmtss/tss.h setprimarypolicy.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy +setcommandcodeauditstatus: ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus +shutdown: ibmtss/tss.h shutdown.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown +sign: ibmtss/tss.h sign.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign +startauthsession: ibmtss/tss.h startauthsession.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession +startup: ibmtss/tss.h startup.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup +stirrandom: ibmtss/tss.h stirrandom.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom +unseal: ibmtss/tss.h unseal.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal +verifysignature: ibmtss/tss.h verifysignature.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o $(LNALIBS) -o verifysignature +zgen2phase: ibmtss/tss.h zgen2phase.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o $(LNALIBS) -o zgen2phase +signapp: ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp +writeapp: ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp +timepacket: ibmtss/tss.h timepacket.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket +createek: createek.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o $(LNALIBS) -o createek +createekcert: createekcert.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o $(LNALIBS) -o createekcert +tpm2pem: tpm2pem.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o $(LNALIBS) -o tpm2pem +tpmpublic2eccpoint: tpmpublic2eccpoint.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint +ntc2getconfig: ntc2getconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig +ntc2preconfig: ntc2preconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig +ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig +publicname: publicname.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname +getcryptolibrary: getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary +printattr: printattr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr +tpmcmd: tpmcmd.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpmcmd.o $(LNALIBS) -o tpmcmd + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ + diff --git a/libstb/tss2/ibmtpm20tss/utils/makefiletpmc b/libstb/tss2/ibmtpm20tss/utils/makefiletpmc new file mode 100644 index 000000000000..35579578b04f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/makefiletpmc @@ -0,0 +1,515 @@ +################################################################################# +# # +# Linux TPM 1.2 TSS and TPM 2.0 TSS and Utilities Makefile # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2018 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# C compiler + +CC = /usr/bin/gcc + +# compile - common flags for TSS library and applications + +CCFLAGS += -DTPM_POSIX + +# example of pointing to a locally built openssl 1.1 +# CCFLAGS += -I/home/kgold/openssl/include + +# compile - for TSS library + +# include the hardening flag PIC needed for compiling for dynamic +# linking + +CCLFLAGS += -I. \ + -fPIC \ + -DTPM_TPM20 \ + -DTPM_TPM12 + +# to compile out printf's. Regression test will fail because it tries +# to print a structure -DTPM_TSS_NO_PRINT + +# example of changing the default interface type +# -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" + +# compile - for applications + +# include the hardening flag PIE needed for compiling for +# static linking + +CCAFLAGS += -I. \ + -DTPM_TPM20 \ + -DTPM_TPM12 \ + -fPIE + +# link - common flags flags TSS library and applications + +LNFLAGS += -DTPM_POSIX \ + -L. + +# This seems to be required on some Ubuntu distros due to an issue with the gold linker +# -fuse-ld=bfd + +# example of pointing to a locally built openssl 1.1 +# LNFLAGS += -L/home/kgold/openssl +# This also requires setting the environment variable LD_LIBRARY_PATH. E.g., +# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl + +# link - for TSS library + +# hardening flags for linking shared objects +LNLFLAGS += -shared -Wl,-z,now + +# This is an alternative to using the bfd linker on Ubuntu +LNLLIBS += -lcrypto + +# link - for applications, TSS path, TSS and OpenSSl libraries + +# hardening flags for linking executables +LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. + +LNALIBS += -libmtssutils -libmtss + +# shared library + +# versioned shared library +LIBTSSVERSIONED=libibmtss.so.1.3 + +# soname field of the shared library +# which will be made symbolic link to the versioned shared library +# this is used to provide version backward-compatibility information +LIBTSSSONAME=libibmtss.so.1 + +# symbolic link to the versioned shared library +# this allows linking to the shared library with '-libmtss' + +os := $(shell uname -o) +ifeq ($(os),Cygwin) + LIBTSS=libibmtss.dll +else + LIBTSS=libibmtss.so +endif + +# TSS utilities shared library + +LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3 +LIBTSSUTILSSONAME=libibmtssutils.so.1 +LIBTSSUTILS=libibmtssutils.so + +# executable extension + +EXE = + +# + + +TSS_HEADERS= + +# default TSS library + +TSS_OBJS = tssfile.o \ + tsscryptoh.o \ + tsscrypto.o \ + tssprintcmd.o + +TSSUTILS_OBJS = cryptoutils.o \ + ekutils.o \ + imalib.o \ + eventlib.o + +# common to all builds + +include makefile-common +include makefile-common12 +include makefile-common20 + +# default build target + +all: $(ALL) + +# TSS shared library source + +tss.o: $(TSS_HEADERS) tss.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c +tssauth.o: $(TSS_HEADERS) tssauth.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c +tssproperties.o: $(TSS_HEADERS) tssproperties.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c +tssmarshal.o: $(TSS_HEADERS) tssmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c +tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c +tsscrypto.o: $(TSS_HEADERS) tsscrypto.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c +tssutils.o: $(TSS_HEADERS) tssutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c +tssfile.o: $(TSS_HEADERS) tssfile.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c +tsssocket.o: $(TSS_HEADERS) tsssocket.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c +tssdev.o: $(TSS_HEADERS) tssdev.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c +tsstransmit.o: $(TSS_HEADERS) tsstransmit.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c +tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c +tssccattributes.o: $(TSS_HEADERS) tssccattributes.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c +tssprint.o: $(TSS_HEADERS) tssprint.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c +tssprintcmd.o: $(TSS_HEADERS) tssprintcmd.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c +Unmarshal.o: $(TSS_HEADERS) Unmarshal.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c +Commands.o: $(TSS_HEADERS) Commands.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c +CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c +ntc2lib.o: $(TSS_HEADERS) ntc2lib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c +tssntc.o: $(TSS_HEADERS) tssntc.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c + +# TPM 2.0 + +tss20.o: $(TSS_HEADERS) tss20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c +tssauth20.o: $(TSS_HEADERS) tssauth20.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c +# TPM 1.2 + +tss12.o: $(TSS_HEADERS) tss12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tss12.c +tssauth12.o: $(TSS_HEADERS) tssauth12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth12.c +tssmarshal12.o: $(TSS_HEADERS) tssmarshal12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal12.c +Unmarshal12.o: $(TSS_HEADERS) Unmarshal12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal12.c +Commands12.o: $(TSS_HEADERS) Commands12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) Commands12.c +tssccattributes12.o: $(TSS_HEADERS) tssccattributes12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes12.c +CommandAttributeData12.o: $(TSS_HEADERS) CommandAttributeData12.c + $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData12.c + +# TSS utilities shared library source + +cryptoutils.o: $(TSS_HEADERS) cryptoutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c +ekutils.o: $(TSS_HEADERS) ekutils.c + $(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c +imalib.o: $(TSS_HEADERS) imalib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c +eventlib.o: $(TSS_HEADERS) eventlib.c + $(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c + +# TSS shared library build + +$(LIBTSS): $(TSS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) \ + $(TSS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSONAME) + ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) + rm -f $(LIBTSS) + ln -sf $(LIBTSSSONAME) $(LIBTSS) + +# TSS utilities shared library + +$(LIBTSSUTILS): $(TSSUTILS_OBJS) + $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) \ + $(TSSUTILS_OBJS) $(LNLLIBS) + rm -f $(LIBTSSSUTILSONAME) + ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME) + rm -f $(LIBTSSUTILS) + ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS) + +.PHONY: clean +.PRECIOUS: %.o + +clean: + rm -f *.o *~ \ + h*.bin \ + $(LIBTSSSONAME) \ + $(LIBTSSVERSIONED) \ + $(LIBTSSUTILSSONAME) \ + $(LIBTSSUTILSVERSIONED) \ + $(ALL) + +# applications + +activatecredential: ibmtss/tss.h activatecredential.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential +eventextend: eventextend.o eventlib.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend +imaextend: imaextend.o imalib.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend +certify: ibmtss/tss.h certify.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify +certifycreation: ibmtss/tss.h certifycreation.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation +certifyx509: ibmtss/tss.h certifyx509.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -lcrypto -o certifyx509 +changeeps: ibmtss/tss.h changeeps.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps +changepps: ibmtss/tss.h changepps.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps +clear: ibmtss/tss.h clear.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear +clearcontrol: ibmtss/tss.h clearcontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol +clockrateadjust: ibmtss/tss.h clockrateadjust.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust +clockset: ibmtss/tss.h clockset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset +commit: ibmtss/tss.h commit.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit +contextload: ibmtss/tss.h contextload.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload +contextsave: ibmtss/tss.h contextsave.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave +create: ibmtss/tss.h create.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o $(LNALIBS) -o create +createloaded: ibmtss/tss.h createloaded.o objecttemplates.o $(LIBTSS) $(LIBTTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o $(LNALIBS) -o createloaded +createprimary: ibmtss/tss.h createprimary.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o $(LNALIBS) -o createprimary +dictionaryattacklockreset: ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset +dictionaryattackparameters: ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters +duplicate: ibmtss/tss.h duplicate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate +eccparameters: ibmtss/tss.h eccparameters.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters +ecephemeral: ibmtss/tss.h ecephemeral.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral +encryptdecrypt: ibmtss/tss.h encryptdecrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt +eventsequencecomplete: ibmtss/tss.h eventsequencecomplete.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete +evictcontrol: ibmtss/tss.h evictcontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol +flushcontext: ibmtss/tss.h flushcontext.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext +getcommandauditdigest: ibmtss/tss.h getcommandauditdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest +getcapability: ibmtss/tss.h getcapability.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability +getrandom: ibmtss/tss.h getrandom.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom +gettestresult: ibmtss/tss.h gettestresult.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult +getsessionauditdigest: ibmtss/tss.h getsessionauditdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest +gettime: ibmtss/tss.h gettime.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime +hashsequencestart: ibmtss/tss.h hashsequencestart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart +hash: ibmtss/tss.h hash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash +hierarchycontrol: ibmtss/tss.h hierarchycontrol.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol +hierarchychangeauth: ibmtss/tss.h hierarchychangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth +hmac: ibmtss/tss.h hmac.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac +hmacstart: ibmtss/tss.h hmacstart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart +import: ibmtss/tss.h import.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import +importpem: ibmtss/tss.h importpem.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o $(LNALIBS) -o importpem +load: ibmtss/tss.h load.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load +loadexternal: ibmtss/tss.h loadexternal.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o $(LNALIBS) -o loadexternal +makecredential: ibmtss/tss.h makecredential.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential +nvcertify: ibmtss/tss.h nvcertify.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify +nvchangeauth: ibmtss/tss.h nvchangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth +nvdefinespace: ibmtss/tss.h nvdefinespace.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace +nvextend: ibmtss/tss.h nvextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend +nvglobalwritelock: ibmtss/tss.h nvglobalwritelock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock +nvincrement: ibmtss/tss.h nvincrement.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement +nvread: ibmtss/tss.h nvread.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o $(LNALIBS) -o nvread +nvreadlock: ibmtss/tss.h nvreadlock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock +nvreadpublic: ibmtss/tss.h nvreadpublic.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic +nvsetbits: ibmtss/tss.h nvsetbits.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits +nvundefinespace: ibmtss/tss.h nvundefinespace.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace +nvundefinespacespecial: ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial +nvwrite: ibmtss/tss.h nvwrite.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o $(LNALIBS) -o nvwrite +nvwritelock: ibmtss/tss.h nvwritelock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock +objectchangeauth: ibmtss/tss.h objectchangeauth.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth +pcrallocate: ibmtss/tss.h pcrallocate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate +pcrevent: ibmtss/tss.h pcrevent.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent +pcrextend: ibmtss/tss.h pcrextend.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend +pcrread: ibmtss/tss.h pcrread.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread +pcrreset: ibmtss/tss.h pcrreset.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset +policyauthorize: ibmtss/tss.h policyauthorize.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize +policyauthvalue: ibmtss/tss.h policyauthvalue.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue +policycommandcode: ibmtss/tss.h policycommandcode.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode +policycphash: ibmtss/tss.h policycphash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash +policynamehash: ibmtss/tss.h policynamehash.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash +policycountertimer: ibmtss/tss.h policycountertimer.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer +policyduplicationselect: ibmtss/tss.h policyduplicationselect.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect +policygetdigest: ibmtss/tss.h policygetdigest.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest +policymaker: ibmtss/tss.h policymaker.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker +policymakerpcr: ibmtss/tss.h policymakerpcr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr +policyauthorizenv: ibmtss/tss.h policyauthorizenv.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv +policynv: ibmtss/tss.h policynv.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv +policynvwritten: ibmtss/tss.h policynvwritten.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten +policyor: ibmtss/tss.h policyor.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor +policypassword: ibmtss/tss.h policypassword.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword +policypcr: ibmtss/tss.h policypcr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr +policyrestart: ibmtss/tss.h policyrestart.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart +policysigned: ibmtss/tss.h policysigned.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned +policysecret: ibmtss/tss.h policysecret.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret +policytemplate: ibmtss/tss.h policytemplate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate +policyticket: ibmtss/tss.h policyticket.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket +quote: ibmtss/tss.h quote.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote +powerup: ibmtss/tss.h powerup.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup +readclock: ibmtss/tss.h readclock.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock +readpublic: ibmtss/tss.h readpublic.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o $(LNALIBS) -o readpublic +returncode: ibmtss/tss.h returncode.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode +rewrap: ibmtss/tss.h rewrap.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap +rsadecrypt: ibmtss/tss.h rsadecrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt +rsaencrypt: ibmtss/tss.h rsaencrypt.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt +sequenceupdate: ibmtss/tss.h sequenceupdate.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate +sequencecomplete: ibmtss/tss.h sequencecomplete.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete +setprimarypolicy: ibmtss/tss.h setprimarypolicy.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy +setcommandcodeauditstatus: ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus +shutdown: ibmtss/tss.h shutdown.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown +sign: ibmtss/tss.h sign.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign +startauthsession: ibmtss/tss.h startauthsession.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession +startup: ibmtss/tss.h startup.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup +stirrandom: ibmtss/tss.h stirrandom.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom +unseal: ibmtss/tss.h unseal.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal +verifysignature: ibmtss/tss.h verifysignature.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o $(LNALIBS) -o verifysignature +zgen2phase: ibmtss/tss.h zgen2phase.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o $(LNALIBS) -o zgen2phase +signapp: ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp +writeapp: ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp +timepacket: ibmtss/tss.h timepacket.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket +createek: createek.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o $(LNALIBS) -o createek +createekcert: createekcert.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o $(LNALIBS) -o createekcert +tpm2pem: tpm2pem.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o $(LNALIBS) -o tpm2pem +tpmpublic2eccpoint: tpmpublic2eccpoint.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint +ntc2getconfig: ntc2getconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig +ntc2preconfig: ntc2preconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig +ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig +publicname: publicname.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname +getcryptolibrary: getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary +printattr: printattr.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr +tpmcmd: tpmcmd.o $(LIBTSS) $(LIBTSSUTILS) + $(CC) $(LNFLAGS) $(LNAFLAGS) tpmcmd.o $(LNALIBS) -o tpmcmd + +# for applications, not for TSS library + +%.o: %.c ibmtss/tss.h + $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssactivatecredential.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssactivatecredential.1 new file mode 100644 index 000000000000..a9710fcc02a6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssactivatecredential.1 @@ -0,0 +1,41 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH ACTIVATECREDENTIAL "1" "March 2020" "activatecredential 1.3" "User Commands" +.SH NAME +activatecredential \- Runs TPM2 activatecredential +.SH DESCRIPTION +activatecredential +.PP +Runs TPM2_ActivateCredential +.TP +\fB\-ha\fR +activation handle of object associated with the certificate +.TP +\fB\-hk\fR +handle of loaded decryption key +.TP +\fB\-icred\fR +input credential file name +.TP +\fB\-is\fR +secret file name +.TP +[\-pwda +password for activation key (default empty)] +.TP +[\-pwdk +password for decryption key (default empty)] +.TP +[\-ocred +output credential file name (default do not save)] +.TP +\fB\-se[0\-2]\fR +session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertify.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertify.1 new file mode 100644 index 000000000000..e3aa6ec9738a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertify.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CERTIFY "1" "March 2020" "certify 1.3" "User Commands" +.SH NAME +certify \- Runs TPM2 certify +.SH DESCRIPTION +certify +.PP +Runs TPM2_Certify +.TP +\fB\-ho\fR +object handle +.TP +[\-pwdo +password for object (default empty)] +.TP +\fB\-hk\fR +certifying key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384 sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.TP +[\-qd +qualifying data file name] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifycreation.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifycreation.1 new file mode 100644 index 000000000000..e267c1a05e6c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifycreation.1 @@ -0,0 +1,49 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CERTIFYCREATION "1" "March 2020" "certifycreation 1.3" "User Commands" +.SH NAME +certifycreation \- Runs TPM2 certifycreation +.SH DESCRIPTION +certifycreation +.PP +Runs TPM2_CertifyCreation +.TP +\fB\-ho\fR +object handle +.TP +\fB\-hk\fR +certifying key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc) (default rsa)] +.TP +[\-qd +qualifying data file name] +.TP +\fB\-tk\fR +input ticket file name +.TP +\fB\-ch\fR +input creation hash file name +.TP +[\-os +signature file name] (default do not save) +.TP +[\-oa +attestation output file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifyx509.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifyx509.1 new file mode 100644 index 000000000000..6ce3fbceafe3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscertifyx509.1 @@ -0,0 +1,68 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CERTIFYX509 "1" "March 2020" "certifyx509 1.3" "User Commands" +.SH NAME +certifyx509 \- Runs TPM2 certifyx509 +.SH DESCRIPTION +certifyx509 +.PP +Runs TPM2_Certifyx509 +.TP +\fB\-ho\fR +object handle +.TP +[\-pwdo +password for object (default empty)] +.TP +\fB\-hk\fR +certifying key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384 sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc) (default rsa)] +.TP +[\-ku +X509 key usage \- string \- comma separated, no spaces] +.TP +[\-iob +TPMA_OBJECT \- 4 byte hex] +e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default) +e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly +e.g. fixedTPM: critical,nonRepudiation +e.g. parent (restrict decrypt): critical,keyEncipherment +.TP +[\-bit +bit in partialCertificate to toggle] +.TP +[\-sub +subject same as issuer for self signed (root) certificate] +.TP +[\-opc +partial certificate file name (default do not save)] +.TP +[\-oa +addedToCertificate file name (default do not save)] +.TP +[\-otbs +signed tbsDigest file name (default do not save)] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-ocert +reconstructed certificate file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangeeps.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangeeps.1 new file mode 100644 index 000000000000..a106b3476a65 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangeeps.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CHANGEEPS "1" "March 2020" "changeeps 1.3" "User Commands" +.SH NAME +changeeps \- Runs TPM2 changeeps +.SH DESCRIPTION +changeeps +.PP +Runs TPM2_ChangeEPS +.TP +\fB\-pwda\fR +authorization password (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangepps.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangepps.1 new file mode 100644 index 000000000000..c9d96b002ba5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsschangepps.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CHANGEPPS "1" "March 2020" "changepps 1.3" "User Commands" +.SH NAME +changepps \- Runs TPM2 changepps +.SH DESCRIPTION +changepps +.PP +Runs TPM2_ChangePPS +.TP +\fB\-pwda\fR +authorization password (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclear.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclear.1 new file mode 100644 index 000000000000..a3a8e14cb83f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclear.1 @@ -0,0 +1,20 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CLEAR "1" "March 2020" "clear 1.3" "User Commands" +.SH NAME +clear \- Runs TPM2 clear +.SH DESCRIPTION +clear +.PP +Runs TPM2_Clear +.TP +\fB\-hi\fR +authhandle hierarchy (l, p) +l lockout, p platform +.TP +\fB\-pwda\fR +authorization password (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclearcontrol.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclearcontrol.1 new file mode 100644 index 000000000000..85971c3af29f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclearcontrol.1 @@ -0,0 +1,23 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CLEARCONTROL "1" "March 2020" "clearcontrol 1.3" "User Commands" +.SH NAME +clearcontrol \- Runs TPM2 clearcontrol +.SH DESCRIPTION +clearcontrol +.PP +Runs TPM2_ClearControl +.TP +\fB\-hi\fR +authhandle hierarchy (l, p) +l lockout, p platform +.TP +\fB\-pwda\fR +authorization password (default empty) +.TP +\fB\-state\fR +0 to disable, 1 to enable (default enable) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockrateadjust.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockrateadjust.1 new file mode 100644 index 000000000000..fe8402b09879 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockrateadjust.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CLOCKRATEADJUST "1" "December 2019" "clockrateadjust 1546" "User Commands" +.SH NAME +clockrateadjust \- Runs TPM2 clockrateadjust +.SH DESCRIPTION +clockrateadjust +.PP +Runs TPM2_ClockRateAdjust +.TP +[\-hi +hierarchy auth (p, o) (default p)] +.TP +[\-pwdp +hierarchy password (default empty)] +.TP +[\-adj +rate adjust (default 0)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockset.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockset.1 new file mode 100644 index 000000000000..7c0c7d16ec28 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssclockset.1 @@ -0,0 +1,31 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CLOCKSET "1" "March 2020" "clockset 1.3" "User Commands" +.SH NAME +clockset \- Runs TPM2 clockset +.SH DESCRIPTION +clockset +.PP +Runs TPM2_ClockSet +.TP +\fB\-clock\fR +new clock +.TP +\fB\-iclock\fR +new clock file name +.TP +[\-addsec +seconds to add to new clock] +.TP +\fB\-hi\fR +hierarchy (o, p) (default platform) +.IP +o owner, p platform +.TP +\fB\-pwdp\fR +password for hierarchy (default empty) +.TP +\fB\-se[0\-2]\fR +session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscommit.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscommit.1 new file mode 100644 index 000000000000..5b3b2334343e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscommit.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH COMMIT "1" "March 2020" "commit 1.3" "User Commands" +.SH NAME +commit \- Runs TPM2 commit +.SH DESCRIPTION +commit +.PP +Runs TPM2_Commit +.TP +\fB\-hk\fR +key handle +.TP +[\-pt +point input file name (default empty)] +.TP +[\-s2 +s2 input file name (default empty)] +.TP +[\-y2 +y2 input file name (default empty)] +.TP +[\-Kf +K output data file name (default do not save)] +.TP +[\-Lf +output data file name (default do not save)] +.TP +[\-Ef +output data file name (default do not save)] +.TP +[\-cf +output counter file name (default do not save)] +.TP +[\-pwdk +password for key (default empty)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextload.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextload.1 new file mode 100644 index 000000000000..6fb9866ac156 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextload.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CONTEXTLOAD "1" "March 2020" "contextload 1.3" "User Commands" +.SH NAME +contextload \- Runs TPM2 contextload +.SH DESCRIPTION +contextload +.PP +Runs TPM2_ContextLoad +.TP +\fB\-if\fR +context file name diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextsave.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextsave.1 new file mode 100644 index 000000000000..2f3c6d3da61d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscontextsave.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CONTEXTSAVE "1" "March 2020" "contextsave 1.3" "User Commands" +.SH NAME +contextsave \- Runs TPM2 contextsave +.SH DESCRIPTION +contextsave +.PP +Runs TPM2_ContextSave +.TP +\fB\-ha\fR +handle +.TP +[\-of +context file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreate.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreate.1 new file mode 100644 index 000000000000..ba53e19b61c9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreate.1 @@ -0,0 +1,127 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CREATE "1" "March 2020" "create 1.3" "User Commands" +.SH NAME +create \- Runs TPM2 create +.SH DESCRIPTION +create +.PP +Runs TPM2_Create +.HP +\fB\-hp\fR parent handle +.IP +[Asymmetric Key Algorithm] +.HP +\fB\-rsa\fR keybits (default) +.IP +(2048 default) +.HP +\fB\-ecc\fR curve +.IP +bnp256 +nistp256 +nistp384 +.IP +Key attributes +.TP +\fB\-bl\fR +data blob for unseal (create only) +requires \fB\-if\fR +.TP +\fB\-den\fR +decryption, (unrestricted, RSA and EC NULL scheme) +.TP +\fB\-deo\fR +decryption, (unrestricted, RSA OAEP, EC NULL scheme) +.TP +\fB\-dee\fR +decryption, (unrestricted, RSA ES, EC NULL scheme) +.TP +\fB\-des\fR +encryption/decryption, AES symmetric +[\-116 for TPM rev 116 compatibility] +.TP +\fB\-st\fR +storage (restricted) +[default for primary keys] +.TP +\fB\-si\fR +unrestricted signing (RSA and EC NULL scheme) +.TP +\fB\-sir\fR +restricted signing (RSA RSASSA, EC ECDSA scheme) +.TP +\fB\-dau\fR +unrestricted ECDAA signing key pair +.TP +\fB\-dar\fR +restricted ECDAA signing key pair +.TP +\fB\-kh\fR +keyed hash (unrestricted, hmac) +.TP +\fB\-khr\fR +keyed hash (restricted, hmac) +.TP +\fB\-dp\fR +derivation parent +.TP +\fB\-gp\fR +general purpose, not storage +.TP +[\-kt +(can be specified more than once)] +f fixedTPM (default for primary keys and derivation parents) +p fixedParent (default for primary keys and derivation parents) +nf no fixedTPM (default for non\-primary keys) +np no fixedParent (default for non\-primary keys) +ed encrypted duplication (default not set) +.TP +[\-da +object subject to DA protection (default no)] +.TP +[\-pol +policy file (default empty)] +.TP +[\-uwa +userWithAuth attribute clear (default set)] +.TP +[\-if +data (inSensitive) file name] +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-pwdp +password for parent key (default empty)] +.TP +[\-opu +public key file name (default do not save)] +.TP +[\-opr +private key file name (default do not save)] +.TP +[\-opem +public key PEM format file name (default do not save)] +.TP +[\-tk +output ticket file name (default do not save)] +.TP +[\-ch +output creation hash file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateek.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateek.1 new file mode 100644 index 000000000000..cd5e2a67020b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateek.1 @@ -0,0 +1,33 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CREATEEK "1" "March 2020" "createek 1.3" "User Commands" +.SH NAME +createek \- Runs TPM2 createek +.SH DESCRIPTION +createek +.PP +Parses and prints the various EK NV indexes specified by the IWG +Creates a primary key based on the EK NV indexes +.TP +\fB\-te\fR +print EK Template +.TP +\fB\-no\fR +print EK nonce +.TP +\fB\-ce\fR +print EK certificate +.TP +\fB\-cp\fR +CreatePrimary using the EK template and EK nonce. +Validate the EK against the EK certificate +.TP +[\-noflush +Do not flush the primary key after validation] +.TP +[\-root +filename \- validate EK certificate against the root] +filename contains a list of PEM format CA root certificate +filenames, one per line. +The list may contain up to 100 certificates. +.HP +\fB\-alg\fR (rsa or ecc) diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateekcert.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateekcert.1 new file mode 100644 index 000000000000..9901a3fa4f5e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateekcert.1 @@ -0,0 +1,40 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CREATEEKCERT "1" "March 2020" "createekcert 1.3" "User Commands" +.SH NAME +createekcert \- Runs TPM2 createekcert +.SH SYNOPSIS +.B createekcert +\fI\,-alg rsa -cakey cakey.pem -capwd rrrr -v\/\fR +.br +.B createekcert +\fI\,-alg ecc -cakey cakeyecc.pem -capwd rrrr -caalg ec -v\/\fR +.SH DESCRIPTION +createekcert +.PP +Provisions an EK certificate, using the default IWG template +E.g., +.TP +[\-pwdp +platform hierarchy password (default empty)] +.TP +\fB\-cakey\fR +CA PEM key file name +.TP +[\-capwd +CA PEM key password (default empty)] +.TP +[\-caalg +CA key algorithm (rsa or ec) (default rsa)] +.TP +[\-alg +(rsa or ecc certificate) (default rsa)] +.TP +[\-noflush +do not flush the primary key] +.TP +[\-of +DER certificate output file name] +.PP +Currently: +.IP +Certificate issuer, subject, and validity are hard coded. diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateloaded.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateloaded.1 new file mode 100644 index 000000000000..0e6d4510138e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateloaded.1 @@ -0,0 +1,128 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CREATELOADED "1" "March 2020" "createloaded 1.3" "User Commands" +.SH NAME +createloaded \- Runs TPM2 createloaded +.SH DESCRIPTION +createloaded +.PP +Runs TPM2_CreateLoaded +.HP +\fB\-hp\fR parent handle (can be hierarchy) +.IP +40000001 Owner +4000000c Platform +4000000b Endorsement +.IP +[Asymmetric Key Algorithm] +.HP +\fB\-rsa\fR keybits (default) +.IP +(2048 default) +.HP +\fB\-ecc\fR curve +.IP +bnp256 +nistp256 +nistp384 +.IP +Key attributes +.TP +\fB\-bl\fR +data blob for unseal (create only) +requires \fB\-if\fR +.TP +\fB\-den\fR +decryption, (unrestricted, RSA and EC NULL scheme) +.TP +\fB\-deo\fR +decryption, (unrestricted, RSA OAEP, EC NULL scheme) +.TP +\fB\-dee\fR +decryption, (unrestricted, RSA ES, EC NULL scheme) +.TP +\fB\-des\fR +encryption/decryption, AES symmetric +[\-116 for TPM rev 116 compatibility] +.TP +\fB\-st\fR +storage (restricted) +[default for primary keys] +.TP +\fB\-si\fR +unrestricted signing (RSA and EC NULL scheme) +.TP +\fB\-sir\fR +restricted signing (RSA RSASSA, EC ECDSA scheme) +.TP +\fB\-dau\fR +unrestricted ECDAA signing key pair +.TP +\fB\-dar\fR +restricted ECDAA signing key pair +.TP +\fB\-kh\fR +keyed hash (unrestricted, hmac) +.TP +\fB\-khr\fR +keyed hash (restricted, hmac) +.TP +\fB\-dp\fR +derivation parent +.TP +\fB\-gp\fR +general purpose, not storage +.TP +[\-kt +(can be specified more than once)] +f fixedTPM (default for primary keys and derivation parents) +p fixedParent (default for primary keys and derivation parents) +nf no fixedTPM (default for non\-primary keys) +np no fixedParent (default for non\-primary keys) +ed encrypted duplication (default not set) +.TP +[\-da +object subject to DA protection (default no)] +.TP +[\-pol +policy file (default empty)] +.TP +[\-uwa +userWithAuth attribute clear (default set)] +.TP +[\-if +data (inSensitive) file name] +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-der +object's parent is a derivation parent] +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-pwdp +password for parent key (default empty)] +.TP +[\-opu +public key file name (default do not save)] +.TP +[\-opr +private key file name (default do not save)] +.TP +[\-opem +public key PEM format file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateprimary.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateprimary.1 new file mode 100644 index 000000000000..7aa86c796a1a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateprimary.1 @@ -0,0 +1,131 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH CREATEPRIMARY "1" "March 2020" "createprimary 1.3" "User Commands" +.SH NAME +createprimary \- Runs TPM2 createprimary +.SH DESCRIPTION +createprimary creates a primary storage key +.PP +Runs TPM2_CreatePrimary +.TP +[\-hi +hierarchy (e, o, p, n) (default null)] +.TP +[\-pwdp +password for hierarchy (default empty)] +.TP +[\-pwdpi +password file name for hierarchy (default empty)] +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-iu +inPublic unique field file (default none)] +.TP +[\-opu +public key file name (default do not save)] +.TP +[\-opem +public key PEM format file name (default do not save)] +.TP +[\-tk +output ticket file name] +.TP +[\-ch +output creation hash file name] +.IP +[Asymmetric Key Algorithm] +.HP +\fB\-rsa\fR keybits (default) +.IP +(2048 default) +.HP +\fB\-ecc\fR curve +.IP +bnp256 +nistp256 +nistp384 +.IP +Key attributes +.TP +\fB\-bl\fR +data blob for unseal (create only) +requires \fB\-if\fR +.TP +\fB\-den\fR +decryption, (unrestricted, RSA and EC NULL scheme) +.TP +\fB\-deo\fR +decryption, (unrestricted, RSA OAEP, EC NULL scheme) +.TP +\fB\-dee\fR +decryption, (unrestricted, RSA ES, EC NULL scheme) +.TP +\fB\-des\fR +encryption/decryption, AES symmetric +[\-116 for TPM rev 116 compatibility] +.TP +\fB\-st\fR +storage (restricted) +[default for primary keys] +.TP +\fB\-si\fR +unrestricted signing (RSA and EC NULL scheme) +.TP +\fB\-sir\fR +restricted signing (RSA RSASSA, EC ECDSA scheme) +.TP +\fB\-dau\fR +unrestricted ECDAA signing key pair +.TP +\fB\-dar\fR +restricted ECDAA signing key pair +.TP +\fB\-kh\fR +keyed hash (unrestricted, hmac) +.TP +\fB\-khr\fR +keyed hash (restricted, hmac) +.TP +\fB\-dp\fR +derivation parent +.TP +\fB\-gp\fR +general purpose, not storage +.TP +[\-kt +(can be specified more than once)] +f fixedTPM (default for primary keys and derivation parents) +p fixedParent (default for primary keys and derivation parents) +nf no fixedTPM (default for non\-primary keys) +np no fixedParent (default for non\-primary keys) +ed encrypted duplication (default not set) +.TP +[\-da +object subject to DA protection (default no)] +.TP +[\-pol +policy file (default empty)] +.TP +[\-uwa +userWithAuth attribute clear (default set)] +.TP +[\-if +data (inSensitive) file name] +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattacklockreset.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattacklockreset.1 new file mode 100644 index 000000000000..0f5ef0581848 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattacklockreset.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH DICTIONARYATTACKLOCKRESET "1" "March 2020" "dictionaryattacklockreset 1.3" "User Commands" +.SH NAME +dictionaryattacklockreset \- Runs TPM2 dictionaryattacklockreset +.SH DESCRIPTION +dictionaryattacklockreset +.PP +Runs TPM2_DictionaryAttackLockReset +.TP +[\-pwd +lockout auth password (default empty)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattackparameters.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattackparameters.1 new file mode 100644 index 000000000000..8b7d5a6e8789 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssdictionaryattackparameters.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH DICTIONARYATTACKPARAMETERS "1" "March 2020" "dictionaryattackparameters 1.3" "User Commands" +.SH NAME +dictionaryattackparameters \- Runs TPM2 dictionaryattackparameters +.SH DESCRIPTION +dictionaryattackparameters +.PP +Runs TPM2_DictionaryAttackParameters +.TP +[\-pwd +lockout auth password (default empty)] +.TP +[\-nmt +new max tries (default 1 try)] +.TP +[\-nrt +new recovery time (default 10 seconds)] +.TP +[\-lr +lockout recovery (default 1 second)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssduplicate.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssduplicate.1 new file mode 100644 index 000000000000..c6b63bdccc21 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssduplicate.1 @@ -0,0 +1,43 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH DUPLICATE "1" "March 2020" "duplicate 1.3" "User Commands" +.SH NAME +duplicate \- Runs TPM2 duplicate +.SH DESCRIPTION +duplicate +.PP +Runs TPM2_Duplicate +.TP +\fB\-ho\fR +object handle +.TP +[\-pwdo +password for object (default empty)] +.TP +[\-hp +new parent handle (default TPM_RH_NULL)] +.TP +[\-ik +encryption key in file name] +.TP +[\-salg +symmetric algorithm (aes)(default none)] +.TP +[\-oek +encryption key out file name (default do not save)] +.TP +[\-od +duplicate private area file name (default do not save)] +.TP +[\-oss +symmetric seed file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseccparameters.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseccparameters.1 new file mode 100644 index 000000000000..00570e5fc87c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseccparameters.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH ECCPARAMETERS "1" "March 2020" "eccparameters 1.3" "User Commands" +.SH NAME +eccparameters \- Runs TPM2 eccparameters +.SH DESCRIPTION +eccparameters +.PP +Runs TPM2_ECC_Parameters +.TP +\fB\-cv\fR +curve ID +bnp256 +nistp256 +nistp384 +.IP +[\-of data file, ECC parameters (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssecephemeral.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssecephemeral.1 new file mode 100644 index 000000000000..d25de4d09852 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssecephemeral.1 @@ -0,0 +1,20 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH ECEPHEMERAL "1" "March 2020" "ecephemeral 1.3" "User Commands" +.SH NAME +ecephemeral \- Runs TPM2 ecephemeral +.SH DESCRIPTION +ecephmeral +.PP +Runs TPM2_EC_Ephemeral +.TP +\fB\-ecc\fR +curve +bnp256 +nistp256 +nistp384 +.TP +[\-oq +output Q ephemeral public key file name (default do not save)] +.TP +[\-cf +output counter file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssencryptdecrypt.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssencryptdecrypt.1 new file mode 100644 index 000000000000..413f86ceb79f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssencryptdecrypt.1 @@ -0,0 +1,37 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH ENCRYPTDECRYPT "1" "March 2020" "encryptdecrypt 1.3" "User Commands" +.SH NAME +encryptdecrypt \- Runs TPM2 encryptdecrypt +.SH DESCRIPTION +encryptdecrypt +.PP +Runs TPM2_EncryptDecrypt +.TP +\fB\-hk\fR +key handle +.TP +\fB\-pwdk\fR +password for key (default empty) +.TP +\fB\-d\fR +decrypt (default encrypt) +.TP +\fB\-if\fR +input file name +.TP +[\-of +output file name (default do not save)] +.TP +[\-2 +use TPM2_EncryptDecrypt2] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventextend.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventextend.1 new file mode 100644 index 000000000000..2ff2b42db976 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventextend.1 @@ -0,0 +1,29 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH EVENTEXTEND "1" "March 2020" "eventextend 1.3" "User Commands" +.SH NAME +eventextend \- Runs TPM2 eventextend +.SH SYNOPSIS +.B eventextend +\fI\,-if \/\fR[\fI\,-v\/\fR] +.SH DESCRIPTION +Extends a measurement file (binary) into a TPM or simulated PCRs +.TP +\fB\-if\fR +file containing the data to be extended +.TP +[\-nospec +file does not contain spec ID header (useful for incremental test)] +.TP +[\-tpm +extend TPM PCRs] +.TP +[\-sim +calculate simulated PCRs and boot aggregate] +.TP +[\-pcrmax +with \fB\-sim\fR, sets the highest PCR number to be used to calculate the +.IP +boot aggregate (default 7)] +.TP +[\-ns +no space, no text, no newlines] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventsequencecomplete.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventsequencecomplete.1 new file mode 100644 index 000000000000..9e1c6be2b7d9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsseventsequencecomplete.1 @@ -0,0 +1,40 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH EVENTSEQUENCECOMPLETE "1" "March 2020" "eventsequencecomplete 1.3" "User Commands" +.SH NAME +eventsequencecomplete \- Runs TPM2 eventsequencecomplete +.SH DESCRIPTION +eventsequencecomplete +.PP +Runs TPM2_EventSequenceComplete +.TP +[\-ha +pcr handle (default NULL)] +.TP +\fB\-hs\fR +sequence handle +.TP +[\-pwds +password for sequence (default empty)] +.TP +[\-if +input file to be added (default no data)] +.TP +[\-of1 +sha1 output digest file (default do not save)] +.TP +[\-of2 +sha256 output digest file (default do not save)] +.TP +[\-of3 +sha384 output digest file (default do not save)] +.TP +[\-of5 +sha512 output digest file (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssevictcontrol.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssevictcontrol.1 new file mode 100644 index 000000000000..3e974b1bed9c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssevictcontrol.1 @@ -0,0 +1,29 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH EVICTCONTROL "1" "March 2020" "evictcontrol 1.3" "User Commands" +.SH NAME +evictcontrol \- Runs TPM2 evictcontrol +.SH DESCRIPTION +evictcontrol +.PP +Runs TPM2_EvictControl +.TP +\fB\-hi\fR +authhandle hierarchy (o, p) +o owner, p platform +.TP +\fB\-ho\fR +object handle +if transient: make persistent, if persistent: flush +.TP +\fB\-hp\fR +persistent handle +owner 81000000 to 817FFFFF +platform 81800000 to 81FFFFFF +.TP +\fB\-pwda\fR +authorization password (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssflushcontext.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssflushcontext.1 new file mode 100644 index 000000000000..76bcba67a7b6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssflushcontext.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH FLUSHCONTEXT "1" "March 2020" "flushcontext 1.3" "User Commands" +.SH NAME +flushcontext \- Runs TPM2 flushcontext +.SH DESCRIPTION +flushcontext +.PP +Runs TPM2_FlushContext +.TP +\fB\-ha\fR +handle diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcapability.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcapability.1 new file mode 100644 index 000000000000..d4f8e9751b76 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcapability.1 @@ -0,0 +1,58 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETCAPABILITY "1" "March 2020" "getcapability 1.3" "User Commands" +.SH NAME +getcapability \- Runs TPM2 getcapability +.SH DESCRIPTION +getcapability +.PP +Runs TPM2_GetCapability +.TP +\fB\-cap\fR +capability +.TP +\fB\-pr\fR +property (defaults to 0) +.TP +\fB\-pc\fR +propertyCount (defaults to 64) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +80 +command audit +.TP +\fB\-cap\fR +values +.TP +TPM_CAP_ALGS +0 +.TP +TPM_CAP_HANDLES +1 +.TP +TPM_CAP_COMMANDS +2 +.TP +TPM_CAP_PP_COMMANDS +3 +.TP +TPM_CAP_AUDIT_COMMANDS +4 +.TP +TPM_CAP_PCRS +5 +.TP +TPM_CAP_TPM_PROPERTIES +6 +.TP +TPM_CAP_PCR_PROPERTIES +7 +.TP +TPM_CAP_ECC_CURVES +8 +.TP +TPM_CAP_AUTH_POLICIES +9 diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcommandauditdigest.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcommandauditdigest.1 new file mode 100644 index 000000000000..82770116a0fc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcommandauditdigest.1 @@ -0,0 +1,43 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETCOMMANDAUDITDIGEST "1" "March 2020" "getcommandauditdigest 1.3" "User Commands" +.SH NAME +getcommandauditdigest \- Runs TPM2 getcommandauditdigest +.SH DESCRIPTION +getcommandauditdigest +.PP +Runs TPM2_GetCommandAuditDigest +.TP +[\-pwde +endorsement hierarchy password (default empty)] +.TP +\fB\-hk\fR +signing key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.TP +[\-qd +qualifying data file name] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcryptolibrary.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcryptolibrary.1 new file mode 100644 index 000000000000..e02e98c4915d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetcryptolibrary.1 @@ -0,0 +1,10 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETCRYPTOLIBRARY "1" "March 2020" "getcryptolibrary 1.3" "User Commands" +.SH NAME +getcryptolibrary \- Runs TPM2 getcryptolibrary +.SH DESCRIPTION +getcryptolibrary +.PP +Returns a string indicating the crypto library compiled in. +.PP +This is used within test scripts. diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetrandom.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetrandom.1 new file mode 100644 index 000000000000..9118144b5090 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetrandom.1 @@ -0,0 +1,29 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETRANDOM "1" "March 2020" "getrandom 1.3" "User Commands" +.SH NAME +getrandom \- Runs TPM2 getrandom +.SH DESCRIPTION +getrandom +.PP +Runs TPM2_GetRandom +.TP +\fB\-by\fR +bytes requested +.TP +[\-of +output file, with \fB\-nz\fR, appends nul terminator (default do not save)] +.TP +[\-nz +get random number with no zero bytes (for authorization value)] +.TP +[\-ns +no space, no text, no newlines] +just a string of hexascii suitable for a symmetric key +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetsessionauditdigest.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetsessionauditdigest.1 new file mode 100644 index 000000000000..80ad6fcd924d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgetsessionauditdigest.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETSESSIONAUDITDIGEST "1" "March 2020" "getsessionauditdigest 1.3" "User Commands" +.SH NAME +getsessionauditdigest \- Runs TPM2 getsessionauditdigest +.SH DESCRIPTION +getsessionauditdigest +.PP +Runs TPM2_GetSessionAuditDigest +.TP +[\-pwde +endorsement hierarchy password (default empty)] +.TP +[\-hk +signing key handle] +.TP +[\-pwdk +password for key (default empty)] +.TP +\fB\-hs\fR +audit session handle +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-qd +qualifying data file name] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.TP +[\-od +session digest file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettestresult.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettestresult.1 new file mode 100644 index 000000000000..324fd58e0589 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettestresult.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETTESTRESULT "1" "March 2020" "gettestresult 1.3" "User Commands" +.SH NAME +gettestresult \- Runs TPM2 gettestresult +.SH DESCRIPTION +gettestresult +.PP +Runs TPM2_GetTestResult +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettime.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettime.1 new file mode 100644 index 000000000000..c35250c239bd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssgettime.1 @@ -0,0 +1,43 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH GETTIME "1" "March 2020" "gettime 1.3" "User Commands" +.SH NAME +gettime \- Runs TPM2 gettime +.SH DESCRIPTION +gettime +.PP +Runs TPM2_GetTime +.TP +\fB\-hk\fR +signing key handle +.TP +[\-pwdk +password for signing key (default empty)] +.TP +[\-pwde +password for endorsement hierarchy (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.TP +[\-qd +qualifying data file name] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshash.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshash.1 new file mode 100644 index 000000000000..8d4ba02b2028 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshash.1 @@ -0,0 +1,30 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HASH "1" "March 2020" "hash 1.3" "User Commands" +.SH NAME +hash \- Runs TPM2 hash +.SH DESCRIPTION +hash +.PP +Runs TPM2_Hash +.TP +[\-hi +hierarchy (e, o, p, n) (default null)] +e endorsement, o owner, p platform, n null +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +\fB\-if\fR +input file to be hashed +.TP +\fB\-ic\fR +data string to be hashed +.TP +[\-ns +no space, no text, no newlines] +.TP +[\-oh +hash file name (default do not save)] +.TP +[\-tk +ticket file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshashsequencestart.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshashsequencestart.1 new file mode 100644 index 000000000000..a662389e3c77 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshashsequencestart.1 @@ -0,0 +1,23 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HASHSEQUENCESTART "1" "March 2020" "hashsequencestart 1.3" "User Commands" +.SH NAME +hashsequencestart \- Runs TPM2 hashsequencestart +.SH DESCRIPTION +hashsequencestart +.PP +Runs TPM2_HashSequenceStart +.TP +[\-pwda +password for sequence (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512, null) (default sha256)] +null is an event sequence +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchychangeauth.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchychangeauth.1 new file mode 100644 index 000000000000..2ea40c2115c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchychangeauth.1 @@ -0,0 +1,32 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HIERARCHYCHANGEAUTH "1" "March 2020" "hierarchychangeauth 1.3" "User Commands" +.SH NAME +hierarchychangeauth \- Runs TPM2 hierarchychangeauth +.SH DESCRIPTION +hierarchychangeauth +.PP +Runs TPM2_HierarchyChangeAuth +.TP +\fB\-hi\fR +hierarchy (l, e, o, p) +l lockout, e endorsement, o owner, p platform +.TP +\fB\-pwdn\fR +new authorization password (default empty) +.TP +\fB\-pwdni\fR +new authorization password file name (default empty) +.TP +\fB\-pwda\fR +authorization password (default empty) +.TP +\fB\-pwdai\fR +authorization password file name (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchycontrol.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchycontrol.1 new file mode 100644 index 000000000000..562bc0941a6d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshierarchycontrol.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HIERARCHYCONTROL "1" "March 2020" "hierarchycontrol 1.3" "User Commands" +.SH NAME +hierarchycontrol \- Runs TPM2 hierarchycontrol +.SH DESCRIPTION +hierarchycontrol +.PP +Runs TPM2_HierarchyControl +.TP +\fB\-hi\fR +authhandle hierarchy (e, o, p) +.TP +\fB\-he\fR +enable hierarchy (e, o, p, n) +e endorsement, o owner, p platform, n null +.TP +[\-pwda +authorization password (default empty)] +.IP +[\-state (0 to disable, 1 to enable) (default enable)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmac.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmac.1 new file mode 100644 index 000000000000..eecff00a4acc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmac.1 @@ -0,0 +1,37 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HMAC "1" "March 2020" "hmac 1.3" "User Commands" +.SH NAME +hmac \- Runs TPM2 hmac +.SH DESCRIPTION +hmac +.PP +Runs TPM2_HMAC +.TP +\fB\-hk\fR +key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +\fB\-if\fR +input file to be HMACed +.TP +\fB\-ic\fR +data string to be HMACed +.TP +[\-os +hmac file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmacstart.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmacstart.1 new file mode 100644 index 000000000000..17be09a4c14d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsshmacstart.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH HMACSTART "1" "March 2020" "hmacstart 1.3" "User Commands" +.SH NAME +hmacstart \- Runs TPM2 hmacstart +.SH DESCRIPTION +hmacstart +.PP +Runs TPM2_Hmac_Start +.TP +\fB\-hk\fR +key handle +.TP +\fB\-pwdk\fR +password for key (default empty) +.TP +\fB\-pwda\fR +password for sequence (default empty) +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimaextend.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimaextend.1 new file mode 100644 index 000000000000..fde17c3c7e10 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimaextend.1 @@ -0,0 +1,37 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH IMAEXTEND "1" "March 2020" "imaextend 1.3" "User Commands" +.SH NAME +imaextend \- Runs TPM2 imaextend +.SH DESCRIPTION +imaextend +.PP +Runs TPM2_PCR_Extend to Extend a SHA\-1 IMA measurement file (binary) into TPM PCRs +The IMA measurement is directly extended into the SHA\-1 bank, and a zero padded +measurement is extended into the SHA\-256 bank +.PP +This handles the case where a zero measurement extends ones into the IMA PCR +.PP +If \fB\-sim\fR is specified, TPM PCRs are not extended. Rather, imaextend extends into +simluated PCRs and traces the result. +.TP +\fB\-if\fR +IMA event log file name +.TP +[\-le +input file is little endian (default big endian)] +.TP +[\-sim +calculate simulated PCRs] +.TP +[\-b +beginning entry (default 0, beginning of log)] +A beginning entry after the end of the log becomes a noop +.TP +[\-e +ending entry (default end of log)] +E.g., \fB\-b\fR 0 \fB\-e\fR 0 sends one entry +.TP +[\-l +time \- run in a continuous loop, with a sleep of 'time' seconds betwteen loops] +The intent is that this be run without specifying \fB\-b\fR and \fB\-e\fR +Afer each pass, the next beginning entry is set to the last entry +1 diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimport.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimport.1 new file mode 100644 index 000000000000..2126673920a4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimport.1 @@ -0,0 +1,43 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH IMPORT "1" "March 2020" "import 1.3" "User Commands" +.SH NAME +import \- Runs TPM2 import +.SH DESCRIPTION +import +.PP +Runs TPM2_Import +.TP +\fB\-hp\fR +parent handle +.TP +[\-pwdp +password for parent (default empty)] +.TP +[\-ik +encryption key in file name] +.TP +\fB\-ipu\fR +object public area file name +.TP +\fB\-id\fR +duplicate file name +.TP +\fB\-iss\fR +symmetric seed file name +.TP +[\-salg +symmetric algorithm (default none)] +.TP +\fB\-opr\fR +private area file name +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimportpem.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimportpem.1 new file mode 100644 index 000000000000..d0195a9fc7ac --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssimportpem.1 @@ -0,0 +1,66 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH IMPORTPEM "1" "March 2020" "importpem 1.3" "User Commands" +.SH NAME +importpem \- Runs TPM2 importpem +.SH DESCRIPTION +importpem +.PP +Runs TPM2_Import for a PEM key +.TP +\fB\-hp\fR +parent handle +.TP +[\-pwdp +password for parent (default empty)] +.TP +\fB\-ipem\fR +PEM format key pair +.IP +[Asymmetric Key Algorithm] +.TP +[\-rsa +(default)] +.TP +[\-ecc +] +.TP +[\-si +signing (default)] +.TP +[\-scheme +signing scheme (rsassa rsapss) (RSA default RSASSA) (ECC ECDSA)] +.TP +[\-st +storage (NULL scheme)] +.TP +[\-den +decryption, (unrestricted, RSA and ECC NULL scheme) +.TP +[\-pwdk +password for key (default empty)] +.TP +\fB\-opu\fR +public area file name +.TP +\fB\-opr\fR +private area file name +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-pol +policy file (default empty)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssload.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssload.1 new file mode 100644 index 000000000000..fb5165e1c9de --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssload.1 @@ -0,0 +1,31 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH LOAD "1" "March 2020" "load 1.3" "User Commands" +.SH NAME +load \- Runs TPM2 load +.SH DESCRIPTION +load +.PP +Runs TPM2_Load +.TP +\fB\-hp\fR +parent handle +.TP +[\-pwdp +password for parent key (default empty)] +.TP +\fB\-ipu\fR +public key file name +.TP +\fB\-ipr\fR +private key file name +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssloadexternal.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssloadexternal.1 new file mode 100644 index 000000000000..5fa80d7235d5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssloadexternal.1 @@ -0,0 +1,73 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH LOADEXTERNAL "1" "December 2019" "loadexternal 1546" "User Commands" +.SH NAME +loadexternal \- Runs TPM2 loadexternal +.SH DESCRIPTION +loadexternal +.PP +Runs TPM2_LoadExternal +.TP +[\-hi +hierarchy (e, o, p, n) (default NULL)] +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.IP +[Asymmetric Key Algorithm] +.TP +[\-rsa +(default)] +.TP +[\-ecc +] +.TP +\fB\-ipu\fR +TPM2B_PUBLIC public key file name +.TP +\fB\-ipem\fR +PEM format public key file name +.TP +\fB\-ider\fR +DER format plaintext key pair file name +.TP +[\-pwdk +password for DER key (default empty)] +.TP +[\-uwa +userWithAuth attribute clear (default set)] +.TP +[\-si +signing (default) RSA] +.TP +[\-scheme +for signing key (default RSASSA scheme)] +.IP +rsassa +rsapss +.TP +[\-st +storage (default NULL scheme)] +.TP +[\-den +decryption, (unrestricted, RSA and EC NULL scheme) +.TP +[\-ns +additionally print Name in hex ascii on one line] +Useful to paste into policy +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssmakecredential.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssmakecredential.1 new file mode 100644 index 000000000000..86cad501bcd7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssmakecredential.1 @@ -0,0 +1,34 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH MAKECREDENTIAL "1" "March 2020" "makecredential 1.3" "User Commands" +.SH NAME +makecredential \- Runs TPM2 makecredential +.SH DESCRIPTION +makecredential +.PP +Runs TPM2_MakeCredential +.TP +\fB\-ha\fR +handle of encryption key public area +.TP +\fB\-icred\fR +input credential file name +.TP +\fB\-in\fR +object name file name +.TP +[\-ocred +output credential file name (default do not save)] +.TP +[\-os +secret file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle (default NULL) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2getconfig.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2getconfig.1 new file mode 100644 index 000000000000..2a3d73cf0446 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2getconfig.1 @@ -0,0 +1,19 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NTC2GETCONFIG "1" "March 2020" "ntc2getconfig 1.3" "User Commands" +.SH NAME +ntc2getconfig \- Runs TPM2 ntc2getconfig +.SH DESCRIPTION +ntc2getconfig +.PP +Runs NTC2_GetConfig +.TP +[\-verify +Verify results against System P default (default no verify)] +.TP +[\-verifylocked +Also verify that the preconfig is locked +.IP +(default verify not locked)] +.TP +[\-p8 or \fB\-p9\fR +Verify Nuvoton TPM for P8 or P9] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2lockconfig.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2lockconfig.1 new file mode 100644 index 000000000000..1d28ca233f69 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2lockconfig.1 @@ -0,0 +1,10 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NTC2LOCKCONFIG "1" "March 2020" "ntc2lockconfig 1.3" "User Commands" +.SH NAME +ntc2lockconfig \- Runs TPM2 ntc2lockconfig +.SH DESCRIPTION +ntc2lockpreconfig +.PP +Runs NTC2_LockPreConfig +.PP +\fB\-lock\fR (required) diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2preconfig.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2preconfig.1 new file mode 100644 index 000000000000..01ff677199c2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssntc2preconfig.1 @@ -0,0 +1,67 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NTC2PRECONFIG "1" "March 2020" "ntc2preconfig 1.3" "User Commands" +.SH NAME +ntc2preconfig \- Runs TPM2 ntc2preconfig +.SH DESCRIPTION +ntc2preconfig +.PP +Runs NTC2_PreConfig +.TP +\fB\-p8\fR or \fB\-p9\fR +Configure Nuvoton TPM for P8 or P9 +.TP +\fB\-override\fR +permits individual register values, read\-modify\-write +.PP +Values to set, each is a hex byte, (default do not change) +.TP +[\-i2cLoc1_2 +byte] +.TP +[\-i2cLoc3_4 +byte] +.TP +[\-AltCfg +byte] +.TP +[\-Direction +byte] +.TP +[\-PullUp +byte] +.TP +[\-PushPull +byte] +.TP +[\-CFG_A +byte] +.TP +[\-CFG_B +byte] +.TP +[\-CFG_C +byte] +.TP +[\-CFG_D +byte] +.TP +[\-CFG_E +byte] +.TP +[\-CFG_F +byte] +.TP +[\-CFG_G +byte] +.TP +[\-CFG_H +byte] +.TP +[\-CFG_I +byte] +.TP +[\-CFG_J +byte] +.TP +[\-IsValid +byte] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvcertify.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvcertify.1 new file mode 100644 index 000000000000..6b513f336193 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvcertify.1 @@ -0,0 +1,52 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVCERTIFY "1" "March 2020" "nvcertify 1.3" "User Commands" +.SH NAME +nvcertify \- Runs TPM2 nvcertify +.SH DESCRIPTION +nvcertify +.PP +Runs TPM2_NV_Certify +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwdn +password for NV index (default empty)] +.TP +\fB\-hk\fR +certifying key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.TP +\fB\-sz\fR +data size +.TP +[\-off +offset (default 0)] +.TP +[\-os +signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.TP +[\-od +certified data file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvchangeauth.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvchangeauth.1 new file mode 100644 index 000000000000..76a14da43f0c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvchangeauth.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVCHANGEAUTH "1" "March 2020" "nvchangeauth 1.3" "User Commands" +.SH NAME +nvchangeauth \- Runs TPM2 nvchangeauth +.SH DESCRIPTION +nvchangeauth +.PP +Runs TPM2_NV_ChangeAuth +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdo\fR +password (default empty) +.TP +\fB\-pwdn\fR +new password (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvdefinespace.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvdefinespace.1 new file mode 100644 index 000000000000..1e979f7471d0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvdefinespace.1 @@ -0,0 +1,101 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVDEFINESPACE "1" "March 2020" "nvdefinespace 1.3" "User Commands" +.SH NAME +nvdefinespace \- Runs TPM2 nvdefinespace +.SH DESCRIPTION +nvdefinespace +.PP +Runs TPM2_NV_DefineSpace +.TP +\fB\-ha\fR +NV index handle +01xxxxxx +.TP +\fB\-hi\fR +authorizing hierarchy (o, p) +o owner, p platform +p sets PLATFORMCREATE +.TP +[\-pwdp +password for hierarchy (default empty)] +.TP +[\-hia +hierarchy authorization (o, p)(default index authorization)] +.TP +default +AUTHWRITE, AUTHREAD +.TP +o sets +OWNERWRITE, OWNERREAD +.TP +p sets +PPWRITE, PPREAD (platform) +.TP +[\-pwdn +password for NV index (default empty)] +sets AUTHWRITE (if not PIN index), AUTHREAD +.TP +[\-nalg +name algorithm (sha1, sha256, sha384 sha512) (default sha256)] +.TP +[\-sz +data size in decimal (default 0)] +Ignored for other than ordinary index +.TP +[\-ty +index type (o, c, b, e, p, f) (default ordinary)] +ordinary, counter, bits, extend, pin pass, pin fail +.TP +[\-pol +policy file (default empty)] +sets POLICYWRITE, POLICYREAD +.TP +[+at +attributes to add (may be specified more than once)] +.TP +ppw +(PPWRITE) ppr (PPREAD) +.TP +ow +(OWNERWRITE) or (OWNERREAD) +.TP +aw +(AUTHWRITE) ar (AUTHREAD) +.TP +wd +(WRITEDEFINE) gl (GLOBALLOCK) +.TP +rst +(READ_STCLEAR) wst (WRITE_STCLEAR) +.TP +wa +(WRITEALL) ody (ORDERLY) +.TP +pold +(POLICY_DELETE) stc (CLEAR_STCLEAR) +.TP +[\-at +attributes to delete (may be specified more than once)] +.TP +ppw +(PPWRITE) ppr (PPREAD) +.TP +ow +(OWNERWRITE) or (OWNERREAD) +.TP +aw +(AUTHWRITE) ar (AUTHREAD) +.TP +pw +(POLICYWRITE) pr (POLICYREAD) +.TP +da +(NO_DA) (default set) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvextend.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvextend.1 new file mode 100644 index 000000000000..acd37bfe6211 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvextend.1 @@ -0,0 +1,28 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVEXTEND "1" "March 2020" "nvextend 1.3" "User Commands" +.SH NAME +nvextend \- Runs TPM2 nvextend +.SH DESCRIPTION +nvextend +.PP +Runs TPM2_NV_Extend +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdn\fR +password for NV index (default empty) +.TP +\fB\-ic\fR +data string +.TP +\fB\-if\fR +data file +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +20 +command decrypt +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvglobalwritelock.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvglobalwritelock.1 new file mode 100644 index 000000000000..bc0b0b15d50c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvglobalwritelock.1 @@ -0,0 +1,19 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVGLOBALWRITELOCK "1" "March 2020" "nvglobalwritelock 1.3" "User Commands" +.SH NAME +nvglobalwritelock \- Runs TPM2 nvglobalwritelock +.SH DESCRIPTION +nvglobalwritelock +.PP +Runs TPM2_NV_GlobalWriteLock +.TP +\fB\-hia\fR +hierarchy authorization (o, p) +.TP +[\-pwd +authorization password (default empty)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvincrement.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvincrement.1 new file mode 100644 index 000000000000..4ce4e21e198d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvincrement.1 @@ -0,0 +1,19 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVINCREMENT "1" "March 2020" "nvincrement 1.3" "User Commands" +.SH NAME +nvincrement \- Runs TPM2 nvincrement +.SH DESCRIPTION +nvincrement +.PP +Runs TPM2_NV_Increment +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdn\fR +password for NV index (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvread.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvread.1 new file mode 100644 index 000000000000..83705c93d844 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvread.1 @@ -0,0 +1,50 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVREAD "1" "March 2020" "nvread 1.3" "User Commands" +.SH NAME +nvread \- Runs TPM2 nvread +.SH DESCRIPTION +nvread +.PP +Runs TPM2_NV_Read +.TP +[\-hia +hierarchy authorization (o, p)(default index authorization)] +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwdn +password for NV index (default empty)] +.TP +[\-sz +data size (default to size of index)] +counter, bits, pin read 8 bytes, extend reads based on hash algorithm +.TP +[\-cert +dumps the certificate +.TP +01c00002 +RSA EK certificate +.TP +01c0000a +ECC EK certificate +.TP +[\-ocert +certificate file name, writes in PEM format +.TP +[\-off +offset (default 0)] +.TP +[\-of +data file (default do not save)] +.TP +[\-id +data values for pinCount and pinLimit verification, (4 bytes each)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadlock.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadlock.1 new file mode 100644 index 000000000000..64781e86d5f6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadlock.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVREADLOCK "1" "March 2020" "nvreadlock 1.3" "User Commands" +.SH NAME +nvreadlock \- Runs TPM2 nvreadlock +.SH DESCRIPTION +nvreadlock +.PP +Runs TPM2_NV_ReadLock +.TP +[\-hia +hierarchy authorization (o, p)(default index authorization)] +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdn\fR +password for NV index (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadpublic.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadpublic.1 new file mode 100644 index 000000000000..0b02f53152de --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvreadpublic.1 @@ -0,0 +1,36 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVREADPUBLIC "1" "March 2020" "nvreadpublic 1.3" "User Commands" +.SH NAME +nvreadpublic \- Runs TPM2 nvreadpublic +.SH DESCRIPTION +nvreadpublic +.PP +Runs TPM2_NV_ReadPublic +.TP +\fB\-ha\fR +NV index handle +.TP +[\-nalg +expected name hash algorithm (sha1, sha256, sha384 sha512) +(default no check)] +.TP +[\-opu +NV public file name (default do not save)] +.TP +[\-ns +additionally print Name in hex ascii on one line] +.TP +[\-on +binary format Name file name] +Useful to paste into policy +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +40 +response encrypt +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvsetbits.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvsetbits.1 new file mode 100644 index 000000000000..751700eff4cb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvsetbits.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVSETBITS "1" "March 2020" "nvsetbits 1.3" "User Commands" +.SH NAME +nvsetbits \- Runs TPM2 nvsetbits +.SH DESCRIPTION +nvsetbits +.PP +Runs TPM2_NV_SetBits +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwdn +password for NV index (default empty)] +.TP +[\-bit +bit to set, can be specified multiple times] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespace.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespace.1 new file mode 100644 index 000000000000..b7cd10c8a1e9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespace.1 @@ -0,0 +1,23 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVUNDEFINESPACE "1" "March 2020" "nvundefinespace 1.3" "User Commands" +.SH NAME +nvundefinespace \- Runs TPM2 nvundefinespace +.SH DESCRIPTION +nvundefinespace +.PP +Runs TPM2_NV_UndefineSpace +.TP +\fB\-hi\fR +hierarchy (o, p) +o owner, p platform +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdp\fR +password for hierarchy (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespacespecial.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespacespecial.1 new file mode 100644 index 000000000000..6b03a44a110f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvundefinespacespecial.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVUNDEFINESPACESPECIAL "1" "March 2020" "nvundefinespacespecial 1.3" "User Commands" +.SH NAME +nvundefinespacespecial \- Runs TPM2 nvundefinespacespecial +.SH DESCRIPTION +nvundefinespacespecial +.PP +Runs TPM2_NV_UndefineSpaceSpecial +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwdp +password for platform (default empty)] +.TP +[\-pwdn +password for NV index (default empty)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwrite.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwrite.1 new file mode 100644 index 000000000000..4601a293b711 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwrite.1 @@ -0,0 +1,40 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVWRITE "1" "March 2020" "nvwrite 1.3" "User Commands" +.SH NAME +nvwrite \- Runs TPM2 nvwrite +.SH DESCRIPTION +nvwrite +.PP +Runs TPM2_NV_Write +.TP +[\-hia +hierarchy authorization (o, p)(default index authorization)] +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwdn +authorization password (default empty)] +hierarchy or NV index password +.TP +[\-ic +data string] +.TP +[\-if +data file] +.TP +[\-id +data values, pinPass and pinLimit (4 bytes each)] +if none is specified, a 0 byte write occurs +\fB\-id\fR is normally used for pin pass or pin fail indexes +.TP +[\-off +offset (default 0)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +20 +command decrypt +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwritelock.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwritelock.1 new file mode 100644 index 000000000000..a43117bc4fbe --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssnvwritelock.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH NVWRITELOCK "1" "March 2020" "nvwritelock 1.3" "User Commands" +.SH NAME +nvwritelock \- Runs TPM2 nvwritelock +.SH DESCRIPTION +nvwritelock +.PP +Runs TPM2_NV_WriteLock +.TP +[\-hia +hierarchy authorization (o, p) (default index authorization)] +.TP +\fB\-ha\fR +NV index handle +.TP +\fB\-pwdn\fR +password for NV index (default empty) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssobjectchangeauth.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssobjectchangeauth.1 new file mode 100644 index 000000000000..97ca7fb0500a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssobjectchangeauth.1 @@ -0,0 +1,34 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH OBJECTCHANGEAUTH "1" "March 2020" "objectchangeauth 1.3" "User Commands" +.SH NAME +objectchangeauth \- Runs TPM2 objectchangeauth +.SH DESCRIPTION +objectchangeauth +.PP +Runs TPM2_ObjectChangeAuth +.TP +\fB\-hp\fR +parent handle +.TP +\fB\-ho\fR +object handle +.TP +[\-pwdo +password for object (default empty)] +.TP +[\-pwdn +new password for object (default empty)] +.IP +[\-pwdni new password file for object, nul terminated (default empty)] +[\-opr private key file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrallocate.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrallocate.1 new file mode 100644 index 000000000000..378e21e14ca4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrallocate.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PCRALLOCATE "1" "March 2020" "pcrallocate 1.3" "User Commands" +.SH NAME +pcrallocate \- Runs TPM2 pcrallocate +.SH DESCRIPTION +pcrallocate +.PP +Runs TPM2_PCR_Allocate +.PP +Allocates banks for a full set of PCR 0\-23. Not all +hardware TPMs support multiple banks or all algorithms +.TP +[\-pwdp +platform hierarchy password (default empty)] +.TP ++sha1 \fB\-sha1\fR +allocate / deallocate a SHA\-1 bank +.HP ++sha256 \fB\-sha256\fR allocate / deallocate a SHA\-256 bank +.HP ++sha384 \fB\-sha384\fR allocate / deallocate a SHA\-384 bank +.HP ++sha512 \fB\-sha512\fR allocate / deallocate a SHA\-512 bank +.IP +More than one algorithm can be specified diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrevent.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrevent.1 new file mode 100644 index 000000000000..fa5f5449ff92 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrevent.1 @@ -0,0 +1,29 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PCREVENT "1" "March 2020" "pcrevent 1.3" "User Commands" +.SH NAME +pcrevent \- Runs TPM2 pcrevent +.SH DESCRIPTION +pcrevent +.PP +Runs TPM2_PCR_Event +.TP +\fB\-ha\fR +pcr handle +.TP +\fB\-ic\fR +data string +.TP +\fB\-if\fR +data file +.TP +[\-of1 +sha1 output digest file (default do not save)] +.TP +[\-of2 +sha256 output digest file (default do not save)] +.TP +[\-of3 +sha384 output digest file (default do not save)] +.TP +[\-of5 +sha512 output digest file (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrextend.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrextend.1 new file mode 100644 index 000000000000..fc4ac2c3a9b3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrextend.1 @@ -0,0 +1,21 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PCREXTEND "1" "March 2020" "pcrextend 1.3" "User Commands" +.SH NAME +pcrextend \- Runs TPM2 pcrextend +.SH DESCRIPTION +pcrextend +.PP +Runs TPM2_PCR_Extend +.TP +\fB\-ha\fR +pcr handle +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +\fB\-halg\fR may be specified more than once +.TP +\fB\-ic\fR +data string, 0 pad appended to halg length +.TP +\fB\-if\fR +data file, 0 pad appended to halg length diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrread.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrread.1 new file mode 100644 index 000000000000..53aa8b674aa5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrread.1 @@ -0,0 +1,36 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PCRREAD "1" "March 2020" "pcrread 1.3" "User Commands" +.SH NAME +pcrread \- Runs TPM2 pcrread +.SH DESCRIPTION +pcrread +.PP +Runs TPM2_PCR_Read +.TP +\fB\-ha\fR +pcr handle +.TP +\fB\-halg\fR +(sha1, sha256, sha384, sha512) (default sha256) +\fB\-halg\fR may be specified more than once +.TP +[\-of +data file for first algorithm specified, in binary] +.TP +[\-ahalg +to extend session audit digest for testing (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-iosad +file for session audit digest testing] +.TP +[\-ns +no space, no text, no newlines] +Used for scripting policy construction +.HP +\fB\-se0\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrreset.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrreset.1 new file mode 100644 index 000000000000..0c3b3bad94f4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspcrreset.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PCRRESET "1" "March 2020" "pcrreset 1.3" "User Commands" +.SH NAME +pcrreset \- Runs TPM2 pcrreset +.SH DESCRIPTION +pcrreset +.PP +Runs TPM2_PCR_Reset +.TP +\fB\-ha\fR +pcr handle diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorize.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorize.1 new file mode 100644 index 000000000000..de353ba5c4d8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorize.1 @@ -0,0 +1,31 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYAUTHORIZE "1" "March 2020" "policyauthorize 1.3" "User Commands" +.SH NAME +policyauthorize \- Runs TPM2 policyauthorize +.SH DESCRIPTION +policyauthorize +.PP +Runs TPM2_PolicyAuthorize +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-appr\fR +file name of digest of the policy being approved +.TP +[\-pref +policyRef file] (default none) +.TP +\fB\-skn\fR +signing key Name file name +.TP +\fB\-tk\fR +ticket file name +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +20 +command decrypt +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorizenv.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorizenv.1 new file mode 100644 index 000000000000..a0590a6941ee --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthorizenv.1 @@ -0,0 +1,26 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYAUTHORIZENV "1" "March 2020" "policyauthorizenv 1.3" "User Commands" +.SH NAME +policyauthorizenv \- Runs TPM2 policyauthorizenv +.SH DESCRIPTION +policyauthorizenv +.PP +Runs TPM2_PolicyAuthorizeNV +.TP +[\-hi +hierarchy authHandle (o, p)] +default NV index +.TP +\fB\-ha\fR +NV index handle +.TP +[\-pwda +password for authorization (default empty)] +.TP +\fB\-hs\fR +policy session handle +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthvalue.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthvalue.1 new file mode 100644 index 000000000000..be7b87b7b611 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyauthvalue.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYAUTHVALUE "1" "March 2020" "policyauthvalue 1.3" "User Commands" +.SH NAME +policyauthvalue \- Runs TPM2 policyauthvalue +.SH DESCRIPTION +policyauthvalue +.PP +Runs TPM2_PolicyAuthValue +.TP +\fB\-ha\fR +policy session handle diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycommandcode.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycommandcode.1 new file mode 100644 index 000000000000..493958b32abf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycommandcode.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYCOMMANDCODE "1" "March 2020" "policycommandcode 1.3" "User Commands" +.SH NAME +policycommandcode \- Runs TPM2 policycommandcode +.SH DESCRIPTION +policycommandcode +.PP +Runs TPM2_PolicyCommandCode +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-cc\fR +command code diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycountertimer.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycountertimer.1 new file mode 100644 index 000000000000..5ca6245f35cc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycountertimer.1 @@ -0,0 +1,67 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYCOUNTERTIMER "1" "March 2020" "policycountertimer 1.3" "User Commands" +.SH NAME +policycountertimer \- Runs TPM2 policycountertimer +.SH DESCRIPTION +policycountertimer +.PP +Runs TPM2_PolicyCounterTimer +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-ic\fR +data string (operandB) +.TP +\fB\-if\fR +data file (operandB) +.TP +[\-off +offset (default 0)] +.TP +\fB\-op\fR +operation (default A = B) +.TP +0 +A = B +.TP +1 +A != B +.TP +2 +A > B signed +.TP +3 +A > B unsigned +.TP +4 +A < B signed +.TP +5 +A < B unsigned +.TP +6 +A >= B signed +.TP +7 +A >= B unsigned +.TP +8 +A <= B signed +.TP +9 +A <= B unsigned +.TP +A +All bits SET in B are SET in A. ((A&B)=B) +.TP +B +All bits SET in B are CLEAR in A. ((A&B)=0) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycphash.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycphash.1 new file mode 100644 index 000000000000..ce9d50265f4d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicycphash.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYCPHASH "1" "March 2020" "policycphash 1.3" "User Commands" +.SH NAME +policycphash \- Runs TPM2 policycphash +.SH DESCRIPTION +policycphash +.PP +Runs TPM2_PolicyCpHash +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-cp\fR +cpHash file +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyduplicationselect.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyduplicationselect.1 new file mode 100644 index 000000000000..f7b5543c54d9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyduplicationselect.1 @@ -0,0 +1,28 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYDUPLICATIONSELECT "1" "March 2020" "policyduplicationselect 1.3" "User Commands" +.SH NAME +policyduplicationselect \- Runs TPM2 policyduplicationselect +.SH DESCRIPTION +policyduplicationselect +.PP +Runs TPM2_PolicyDuplicationSelect +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-inpn\fR +new parent Name file +.TP +\fB\-ion\fR +object Name file +.TP +[\-io +include object (default no) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicygetdigest.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicygetdigest.1 new file mode 100644 index 000000000000..a7cb83ee52ec --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicygetdigest.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYGETDIGEST "1" "March 2020" "policygetdigest 1.3" "User Commands" +.SH NAME +policygetdigest \- Runs TPM2 policygetdigest +.SH DESCRIPTION +policygetdigest +.PP +Runs TPM2_PolicyGetDigest +.TP +\fB\-ha\fR +policy session handle +.TP +[\-of +binary digest file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymaker.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymaker.1 new file mode 100644 index 000000000000..cb4476591ee3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymaker.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYMAKER "1" "March 2020" "policymaker 1.3" "User Commands" +.SH NAME +policymaker \- Runs TPM2 policymaker +.SH DESCRIPTION +policymaker +.TP +[\-halg +hash algorithm (sha1 sha256 sha384 sha512) (default sha256)] +.TP +[\-nz +do not extend starting with zeros, just hash the last line] +.TP +\fB\-if\fR +input policy statements in hex ascii +.TP +[\-of +output file \- policy hash in binary] +.TP +[\-pr +stdout \- policy hash in hex ascii] +.TP +[\-ns +additionally print policy hash in hex ascii on one line] +Useful to paste into policy OR diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymakerpcr.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymakerpcr.1 new file mode 100644 index 000000000000..a4f5d09122c1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicymakerpcr.1 @@ -0,0 +1,29 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYMAKERPCR "1" "March 2020" "policymakerpcr 1.3" "User Commands" +.SH NAME +policymakerpcr \- Runs TPM2 policymakerpcr +.SH DESCRIPTION +policymakerpcr +.PP +Creates a policyPCR term suitable for input to policymaker (hex ascii) +.PP +Assumes that the byte mask and PCR values are consistent +.TP +[\-halg +hash algorithm (sha1 sha256 sha384 sha512) (default sha256)] +.TP +\fB\-bm\fR +pcr byte mask in hex, big endian +.IP +e.g. 010000 selects PCR 16 +e.g. ffffff selects all 24 PCRs +.HP +\fB\-if\fR input file \- PCR values, hex ascii, one per line, 24 max +.IP +required unless pcr mask is 0 +.TP +[\-of +output file \- policy hash in binary] +.TP +[\-pr +stdout \- policy hash in hex ascii] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynamehash.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynamehash.1 new file mode 100644 index 000000000000..e531291935b6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynamehash.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYNAMEHASH "1" "March 2020" "policynamehash 1.3" "User Commands" +.SH NAME +policynamehash \- Runs TPM2 policynamehash +.SH DESCRIPTION +policynamehash +.PP +Runs TPM2_PolicyNameHash +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-nh\fR +NameHash file \- TPM2B_DIGEST +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynv.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynv.1 new file mode 100644 index 000000000000..aa3b8bba820e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynv.1 @@ -0,0 +1,77 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYNV "1" "March 2020" "policynv 1.3" "User Commands" +.SH NAME +policynv \- Runs TPM2 policynv +.SH DESCRIPTION +policynv +.PP +Runs TPM2_PolicyNV +.TP +[\-hi +hierarchy authHandle (o, p)] +default NV index +.TP +\fB\-ha\fR +NV index handle (operand A) +.TP +[\-pwda +password for authorization (default empty)] +.TP +\fB\-hs\fR +policy session handle +.TP +\fB\-ic\fR +data string (operandB) +.TP +\fB\-if\fR +data file (operandB) +.TP +[\-off +offset (default 0)] +.TP +\fB\-op\fR +operation (default A = B) +.TP +0 +A = B +.TP +1 +A != B +.TP +2 +A > B signed +.TP +3 +A > B unsigned +.TP +4 +A < B signed +.TP +5 +A < B unsigned +.TP +6 +A >= B signed +.TP +7 +A >= B unsigned +.TP +8 +A <= B signed +.TP +9 +A <= B unsigned +.TP +A +All bits SET in B are SET in A. ((A&B)=B) +.TP +B +All bits SET in B are CLEAR in A. ((A&B)=0) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynvwritten.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynvwritten.1 new file mode 100644 index 000000000000..d570574cab3e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicynvwritten.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYNVWRITTEN "1" "March 2020" "policynvwritten 1.3" "User Commands" +.SH NAME +policynvwritten \- Runs TPM2 policynvwritten +.SH DESCRIPTION +policynvwritten +.PP +Runs TPM2_PolicyNvWritten +.TP +\fB\-hs\fR +policy session handle +.TP +\fB\-ws\fR +written set (y, n) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyor.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyor.1 new file mode 100644 index 000000000000..100b2203f25d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyor.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYOR "1" "March 2020" "policyor 1.3" "User Commands" +.SH NAME +policyor \- Runs TPM2 policyor +.SH DESCRIPTION +policyor +.PP +Runs TPM2_PolicyOR +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-if\fR +policy digest file (2\-8 \fB\-if\fR specifiers required) diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypassword.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypassword.1 new file mode 100644 index 000000000000..de0086333f2e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypassword.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYPASSWORD "1" "March 2020" "policypassword 1.3" "User Commands" +.SH NAME +policypassword \- Runs TPM2 policypassword +.SH DESCRIPTION +policypassword +.PP +Runs TPM2_PolicyPassword +.TP +\fB\-ha\fR +policy session handle diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypcr.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypcr.1 new file mode 100644 index 000000000000..3cc608c8ff98 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicypcr.1 @@ -0,0 +1,18 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYPCR "1" "March 2020" "policypcr 1.3" "User Commands" +.SH NAME +policypcr \- Runs TPM2 policypcr +.SH DESCRIPTION +policypcr +.PP +Runs TPM2_PolicyPCR +.TP +\fB\-ha\fR +policy session handle +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +\fB\-bm\fR +pcr mask in hex +e.g., \fB\-bm\fR 10000 is PCR 16, 000001 is PCR 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyrestart.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyrestart.1 new file mode 100644 index 000000000000..dae60fba57be --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyrestart.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYRESTART "1" "March 2020" "policyrestart 1.3" "User Commands" +.SH NAME +policyrestart \- Runs TPM2 policyrestart +.SH DESCRIPTION +policyrestart +.PP +Runs TPM2_PolicyRestart +.TP +\fB\-ha\fR +policy session handle diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysecret.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysecret.1 new file mode 100644 index 000000000000..8c7ba7d2fb16 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysecret.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYSECRET "1" "March 2020" "policysecret 1.3" "User Commands" +.SH NAME +policysecret \- Runs TPM2 policysecret +.SH DESCRIPTION +policysecret +.PP +Runs TPM2_PolicySecret +.TP +\fB\-ha\fR +authorizing entity handle +.TP +\fB\-hs\fR +policy session handle +.TP +[\-in +nonceTPM file (default none)] +.TP +[\-cp +cpHash file (default none)] +.TP +[\-pref +policyRef file (default none)] +.TP +[\-exp +expiration (default none)] +.TP +[\-pwde +authorizing entity password (default empty)] +.TP +[\-tk +ticket file name] +.TP +[\-to +timeout file name] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysigned.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysigned.1 new file mode 100644 index 000000000000..c0292de7237e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicysigned.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYSIGNED "1" "March 2020" "policysigned 1.3" "User Commands" +.SH NAME +policysigned \- Runs TPM2 policysigned +.SH DESCRIPTION +policysigned +.PP +Runs TPM2_PolicySigned +.TP +\fB\-hk\fR +signature verification key handle +.TP +\fB\-ha\fR +policy session handle +.TP +[\-in +nonceTPM file (default none)] +.TP +[\-cp +cpHash file (default none)] +.TP +[\-pref +policyRef file (default none)] +.TP +[\-exp +expiration in decimal (default none)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +\fB\-sk\fR +RSA signing key file name (PEM format) +Use this signing key. +.TP +\fB\-is\fR +signature file name +Use this signature from e.g., a smart card or other HSM. +.TP +[\-pwdk +signing key password (default null)] +.TP +[\-tk +ticket file name] +.TP +[\-to +timeout file name] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicytemplate.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicytemplate.1 new file mode 100644 index 000000000000..669a83b7f7c3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicytemplate.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYTEMPLATE "1" "March 2020" "policytemplate 1.3" "User Commands" +.SH NAME +policytemplate \- Runs TPM2 policytemplate +.SH DESCRIPTION +policytemplate +.PP +Runs TPM2_PolicyTemplate +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-te\fR +template file diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyticket.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyticket.1 new file mode 100644 index 000000000000..c078be8a6943 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspolicyticket.1 @@ -0,0 +1,30 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POLICYTICKET "1" "March 2020" "policyticket 1.3" "User Commands" +.SH NAME +policyticket \- Runs TPM2 policyticket +.SH DESCRIPTION +policyticket +.PP +Runs TPM2_PolicyTicket +.TP +\fB\-ha\fR +policy session handle +.TP +\fB\-to\fR +timeout file name +.TP +[\-cp +cpHash file (default none)] +.TP +[\-pref +policyRef file (default none)] +.TP +\fB\-na\fR +authName file (not hierarchy) +.TP +\fB\-hi\fR +hierarchy (e, o, p) (authName is hierarchy) +e endorsement, o owner, p platform +.TP +\fB\-tk\fR +ticket file name diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspowerup.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspowerup.1 new file mode 100644 index 000000000000..439ea1527d0d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspowerup.1 @@ -0,0 +1,8 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH POWERUP "1" "March 2020" "powerup 1.3" "User Commands" +.SH NAME +powerup \- Runs TPM2 powerup +.SH DESCRIPTION +powerup +.PP +Powers the simulator off and on, and powers up NV diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssprintattr.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssprintattr.1 new file mode 100644 index 000000000000..235072933adc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssprintattr.1 @@ -0,0 +1,16 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PRINTATTR "1" "March 2020" "printattr 1.3" "User Commands" +.SH NAME +printattr \- Runs TPM2 printattr +.SH DESCRIPTION +printattr +.PP +Prints TPMA attributes as text +.HP +\fB\-ob\fR TPMA_OBJECT +.HP +\fB\-se\fR TPMA_SESSION +.HP +\fB\-st\fR TPMA_STARTUP_CLEAR +.HP +\fB\-nv\fR TPMA_NV diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspublicname.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspublicname.1 new file mode 100644 index 000000000000..4122ddc6473f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsspublicname.1 @@ -0,0 +1,63 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH PUBLICNAME "1" "March 2020" "publicname 1.3" "User Commands" +.SH NAME +publicname \- Runs TPM2 publicname +.SH DESCRIPTION +publicname +.PP +Calculates the public name of an entity. There are times that a policy creator +has TPM, PEM, or DER format information, but does not have access to a TPM. +This utility accepts these inputs and outputs the name in the 'no spaces' +format suitable for pasting into a policy. The binary format is used in the +regression test +.TP +\fB\-invpu\fR +TPM2B_NV_PUBLIC public key file name +.TP +\fB\-ipu\fR +TPM2B_PUBLIC public key file name +.TP +\fB\-ipem\fR +PEM format public key file name +.TP +\fB\-ider\fR +DER format plaintext key pair file name] +.TP +[\-on +binary format Name file name] +.TP +[\-ns +print Name in hexacsii] +.IP +\fB\-pem\fR and \fB\-ider\fR optional arguments +.TP +[\-rsa +(default)] +.TP +[\-ecc +] +.TP +[\-scheme +for signing key (default RSASSA scheme)] +.IP +rsassa +rsapss +null +.TP +[\-nalg +name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-halg +scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-uwa +userWithAuth attribute clear (default set)] +.TP +[\-si +signing (default) RSA] +.TP +[\-st +storage (default NULL scheme)] +.TP +[\-den +decryption, (unrestricted, RSA and EC NULL scheme) diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssquote.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssquote.1 new file mode 100644 index 000000000000..859fba576002 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssquote.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH QUOTE "1" "March 2020" "quote 1.3" "User Commands" +.SH NAME +quote \- Runs TPM2 quote +.SH DESCRIPTION +quote +.PP +Runs TPM2_Quote +.TP +\fB\-hp\fR +pcr handle (may be specified more than once) +.TP +\fB\-hk\fR +quoting key handle +.TP +[\-pwdk +password for quoting key (default empty)] +.TP +[\-halg +for signing (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-palg +for PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.TP +[\-qd +qualifying data file name] +.TP +[\-os +quote signature file name (default do not save)] +.TP +[\-oa +attestation output file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadclock.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadclock.1 new file mode 100644 index 000000000000..01177121fe90 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadclock.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH READCLOCK "1" "March 2020" "readclock 1.3" "User Commands" +.SH NAME +readclock \- Runs TPM2 readclock +.SH DESCRIPTION +readclock +.PP +Runs TPM2_ReadClock +.TP +[\-otime +time file name (default do not save)] +.TP +[\-oclock +clock file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadpublic.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadpublic.1 new file mode 100644 index 000000000000..4daa03ce5478 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreadpublic.1 @@ -0,0 +1,32 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH READPUBLIC "1" "March 2020" "readpublic 1.3" "User Commands" +.SH NAME +readpublic \- Runs TPM2 readpublic +.SH DESCRIPTION +readpublic +.PP +Runs TPM2_ReadPublic +.TP +\fB\-ho\fR +object handle +.TP +[\-opu +public key file name (default do not save)] +.TP +[\-opem +public key PEM format file name (default do not save)] +.TP +[\-ns +additionally print Name in hex ascii on one line] +Useful to paste into policy +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +40 +response encrypt +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreturncode.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreturncode.1 new file mode 100644 index 000000000000..596ca090e925 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssreturncode.1 @@ -0,0 +1,9 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH RETURNCODE "1" "March 2020" "returncode 1.3" "User Commands" +.SH NAME +returncode \- Runs TPM2 returncode +.SH SYNOPSIS +.B returncode +\fI\,hex-number\/\fR +.SH DESCRIPTION +Returns the TPM_RC name and text for the return code diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrewrap.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrewrap.1 new file mode 100644 index 000000000000..ea85e78a0f80 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrewrap.1 @@ -0,0 +1,43 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH REWRAP "1" "March 2020" "rewrap 1.3" "User Commands" +.SH NAME +rewrap \- Runs TPM2 rewrap +.SH DESCRIPTION +rewrap +.PP +Runs TPM2_Rewrap +.TP +\fB\-ho\fR +handle of object old parent +.TP +[\-pwdo +password for old parent (default empty)] +.TP +\fB\-hn\fR +handle of object new parent +.TP +\fB\-id\fR +duplicate private area file name +.TP +\fB\-in\fR +object name file name +.TP +\fB\-iss\fR +input symmetric seed file name +.TP +[\-od +rewrap private area file name (default do not save)] +.TP +[\-oss +symmetric seed file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsadecrypt.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsadecrypt.1 new file mode 100644 index 000000000000..90b81762bdba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsadecrypt.1 @@ -0,0 +1,33 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH RSADECRYPT "1" "March 2020" "rsadecrypt 1.3" "User Commands" +.SH NAME +rsadecrypt \- Runs TPM2 rsadecrypt +.SH DESCRIPTION +rsadecrypt +.PP +Runs TPM2_RSA_Decrypt +.TP +\fB\-hk\fR +key handle +.TP +[\-pwdk +password for key (default empty)[ +.IP +[\-ipwdk password file for key, nul terminated (default empty)] +\fB\-ie\fR encrypt file name +\fB\-od\fR decrypt file name (default do not save) +[\-oid (sha1, sha256, sha384 sha512)] +.IP +optionally add OID and PKCS1 padding to the +encrypt data (demo of signing with arbitrary OID) +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsaencrypt.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsaencrypt.1 new file mode 100644 index 000000000000..507f7145c50d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssrsaencrypt.1 @@ -0,0 +1,17 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH RSAENCRYPT "1" "March 2020" "rsaencrypt 1.3" "User Commands" +.SH NAME +rsaencrypt \- Runs TPM2 rsaencrypt +.SH DESCRIPTION +rsaencrypt +.PP +Runs TPM2_RSA_Encrypt +.TP +\fB\-hk\fR +key handle +.TP +\fB\-id\fR +decrypt file name +.TP +[\-oe +encrypt file name (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequencecomplete.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequencecomplete.1 new file mode 100644 index 000000000000..fe10495d7f9c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequencecomplete.1 @@ -0,0 +1,34 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SEQUENCECOMPLETE "1" "March 2020" "sequencecomplete 1.3" "User Commands" +.SH NAME +sequencecomplete \- Runs TPM2 sequencecomplete +.SH DESCRIPTION +sequencecomplete +.PP +Runs TPM2_SequenceComplete +.TP +\fB\-hs\fR +sequence handle +.TP +[\-pwds +password for sequence (default empty)] +.TP +[\-if +input file to be added (default no data)] +.TP +[\-of +result file name] +.TP +[\-tk +ticket file name] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequenceupdate.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequenceupdate.1 new file mode 100644 index 000000000000..c37376c52abc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssequenceupdate.1 @@ -0,0 +1,22 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SEQUENCEUPDATE "1" "March 2020" "sequenceupdate 1.3" "User Commands" +.SH NAME +sequenceupdate \- Runs TPM2 sequenceupdate +.SH DESCRIPTION +sequenceupdate +.PP +Runs TPM2_SequenceUpdate +.TP +\fB\-hs\fR +sequence handle +.TP +[\-pwds +password for sequence (default empty)] +.TP +\fB\-if\fR +input file to be HMACed +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.IP +01 continue +20 command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetcommandcodeauditstatus.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetcommandcodeauditstatus.1 new file mode 100644 index 000000000000..a49fe13a7be0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetcommandcodeauditstatus.1 @@ -0,0 +1,31 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SETCOMMANDCODEAUDITSTATUS "1" "March 2020" "setcommandcodeauditstatus 1.3" "User Commands" +.SH NAME +setcommandcodeauditstatus \- Runs TPM2 setcommandcodeauditstatus +.SH DESCRIPTION +setprimarypolicy +.PP +Runs TPM2_SetCommandCodeAuditStatus +.TP +[\-hi +authhandle hierarchy (o, p) (default platform)] +.TP +[\-pwda +authorization password (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512, null) (default null)] +.TP +[\-set +command code to set (may be specified more than once (default none)] +.TP +[\-clr +command code to clear (may be specified more than once (default none)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetprimarypolicy.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetprimarypolicy.1 new file mode 100644 index 000000000000..5c888e2d3cc0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssetprimarypolicy.1 @@ -0,0 +1,28 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SETPRIMARYPOLICY "1" "March 2020" "setprimarypolicy 1.3" "User Commands" +.SH NAME +setprimarypolicy \- Runs TPM2 setprimarypolicy +.SH DESCRIPTION +setprimarypolicy +.PP +Runs TPM2_SetPrimaryPolicy +.TP +[\-hi +authhandle hierarchy (l, e, o, p) (default platform)] +.TP +[\-pwda +authorization password (default empty)] +.TP +[\-pol +policy file (default empty policy)] +.TP +[\-halg +(sha1, sha256) (default null)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssshutdown.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssshutdown.1 new file mode 100644 index 000000000000..e40e0032d147 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssshutdown.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SHUTDOWN "1" "March 2020" "shutdown 1.3" "User Commands" +.SH NAME +shutdown \- Runs TPM2 shutdown +.SH DESCRIPTION +shutdown +.PP +Runs TPM2_Shutdown +.TP +[\-c +shutdown clear (default)] +.TP +[\-s +shutdown state] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssign.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssign.1 new file mode 100644 index 000000000000..a3974cae3269 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssign.1 @@ -0,0 +1,48 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SIGN "1" "March 2020" "sign 1.3" "User Commands" +.SH NAME +sign \- Runs TPM2 sign +.SH DESCRIPTION +sign +.PP +Runs TPM2_Sign +.TP +\fB\-hk\fR +key handle +.TP +\fB\-if\fR +input message to hash and sign +.TP +[\-pwdk +password for key (default empty)] +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-salg +signature algorithm (rsa, ecc, hmac) (default rsa)] +.IP +[\-scheme signing scheme (rsassa, rsapss, ecdsa, ecdaa, hmac)] +.IP +(default rsassa, ecdsa, hmac)] +.TP +[\-cf +input counter file (commit count required for ECDAA scheme] +.TP +[\-ipu +public key file name to verify signature (default no verify)] +Verify only supported for RSA now +.TP +[\-os +signature file name (default do not save)] +.TP +[\-tk +ticket file name] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssignapp.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssignapp.1 new file mode 100644 index 000000000000..97244ddb61e5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsssignapp.1 @@ -0,0 +1,15 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH SIGNAPP "1" "March 2020" "signapp 1.3" "User Commands" +.SH NAME +signapp \- Runs TPM2 signapp +.SH DESCRIPTION +signapp +.PP +Runs a TPM2_Sign application, including creating a primary storage key +and creating and loading a signing key +.TP +\fB\-ic\fR +input message to hash and sign +.TP +[\-pwsess +Use a password session, no HMAC or parameter encryption] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartauthsession.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartauthsession.1 new file mode 100644 index 000000000000..13ca3365a6ec --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartauthsession.1 @@ -0,0 +1,37 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH STARTAUTHSESSION "1" "March 2020" "startauthsession 1.3" "User Commands" +.SH NAME +startauthsession \- Runs TPM2 startauthsession +.SH DESCRIPTION +startauthsession +.PP +Runs TPM2_StartAuthSession +.HP +\fB\-se\fR +.TP +h +HMAC session +.TP +p +Policy session +.TP +t +Trial policy session +.TP +[\-halg +(sha1, sha256, sha384, sha512) (default sha256)] +.TP +[\-hs +salt handle (default TPM_RH_NULL)] +.TP +[\-bi +bind handle (default TPM_RH_NULL)] +.TP +[\-pwdb +bind password for bind handle (default empty)] +.TP +[\-sym +(xor, aes) symmetric parameter encryption algorithm (default xor)] +.TP +[\-on +nonceTPM file for policy session (default do not save)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartup.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartup.1 new file mode 100644 index 000000000000..dae5c9be5dff --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstartup.1 @@ -0,0 +1,20 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH STARTUP "1" "March 2020" "startup 1.3" "User Commands" +.SH NAME +startup \- Runs TPM2 startup +.SH DESCRIPTION +startup +.PP +Runs TPM2_Startup +.TP +[\-c +startup clear (default)] +.TP +[\-s +startup state] +.TP +[\-st +run TPM2_SelfTest] +.TP +[\-sto +run only TPM2_SelfTest (no startup)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstirrandom.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstirrandom.1 new file mode 100644 index 000000000000..53d747424e40 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssstirrandom.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH STIRRANDOM "1" "March 2020" "stirrandom 1.3" "User Commands" +.SH NAME +stirrandom \- Runs TPM2 stirrandom +.SH DESCRIPTION +stirrandom +.PP +Runs TPM2_StirRandom +.TP +\fB\-if\fR +input file name diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstimepacket.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstimepacket.1 new file mode 100644 index 000000000000..d23e3b71968c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstimepacket.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH TIMEPACKET "1" "March 2020" "timepacket 1.3" "User Commands" +.SH NAME +timepacket \- Runs TPM2 timepacket +.SH DESCRIPTION +timepacket +.PP +Times the supplied packet +.TP +\fB\-if\fR +packet in hexascii (requires one space at end of packet) +.TP +[\-l +number of loops to time (default 1)] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpm2pem.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpm2pem.1 new file mode 100644 index 000000000000..1ceb2373c130 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpm2pem.1 @@ -0,0 +1,14 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH TPM2PEM "1" "March 2020" "tpm2pem 1.3" "User Commands" +.SH NAME +tpm2pem \- Runs TPM2 tpm2pem +.SH DESCRIPTION +tpm2pem +.PP +Converts an RSA or EC TPM2B_PUBLIC to PEM +.TP +\fB\-ipu\fR +public key input file in TPM format +.TP +\fB\-opem\fR +public key output file in PEM format diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmcmd.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmcmd.1 new file mode 100644 index 000000000000..6e000ddf08f6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmcmd.1 @@ -0,0 +1,11 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH TPMCMD "1" "March 2020" "tpmcmd 1.3" "User Commands" +.SH NAME +tpmcmd \- Runs TPM2 tpmcmd +.SH DESCRIPTION +tpmcmd +.PP +Sends an in\-band TPM simulator signal +.TP +\fB\-stop\fR +Stop the TPM simulator diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmpublic2eccpoint.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmpublic2eccpoint.1 new file mode 100644 index 000000000000..14809e1166d0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsstpmpublic2eccpoint.1 @@ -0,0 +1,17 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH TPMPUBLIC2ECCPOINT "1" "March 2020" "tpmpublic2eccpoint 1.3" "User Commands" +.SH NAME +tpmpublic2eccpoint \- Runs TPM2 tpmpublic2eccpoint +.SH DESCRIPTION +tpmpublic2eccpoint +.PP +Converts an EC TPM2B_PUBLIC to TPM2B_ECC_POINT. The intended use case +is to convert the public key output of certain commands (TPM2_CreatePrimary, +TPM2_Create, TPM2_CreateLoaded, TPM2_ReadPublic) to a format useful for +TPM2_ZGen_2Phase. +.TP +\fB\-ipu\fR +EC public key input file in TPM TPM2B_PUBLIC format +.TP +\fB\-pt\fR +EC public key output file in TPM TPM2B_ECC_POINT format diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssunseal.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssunseal.1 new file mode 100644 index 000000000000..05442ef6cde0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssunseal.1 @@ -0,0 +1,25 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH UNSEAL "1" "March 2020" "unseal 1.3" "User Commands" +.SH NAME +unseal \- Runs TPM2 unseal +.SH DESCRIPTION +unseal +.PP +Runs TPM2_Unseal +.TP +\fB\-ha\fR +sealed data item handle +.TP +[\-pwd +password sealed data item (default empty)] +.TP +[\-of +output data (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tssverifysignature.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssverifysignature.1 new file mode 100644 index 000000000000..b047325dfedf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tssverifysignature.1 @@ -0,0 +1,59 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH VERIFYSIGNATURE "1" "March 2020" "verifysignature 1.3" "User Commands" +.SH NAME +verifysignature \- Runs TPM2 verifysignature +.SH DESCRIPTION +verifysignature +.PP +Runs TPM2_VerifySignature and/or verifies using the PEM public key +.TP +\fB\-if\fR +input message file name +.TP +\fB\-ih\fR +input hash file name +.IP +One of \fB\-if\fR, \fB\-ih\fR must be specified +.TP +\fB\-is\fR +signature file name +.TP +[\-raw +signature specified by \fB\-is\fR is in raw format] +(default TPMT_SIGNATURE) +.TP +\fB\-hk\fR +key handle +.TP +\fB\-ipem\fR +public key PEM format file name to verify signature +.TP +\fB\-ihmac\fR +HMAC key in raw binary format file name to verify signature +.IP +One of \fB\-hk\fR, \fB\-ipem\fR, \fB\-ihmac\fR must be specified +.TP +[\-tk +ticket file name (requires \fB\-hk\fR)] +.TP +[\-halg +(sha1, sha256, sha384 sha512) (default sha256)] +.IP +[Asymmetric Key Algorithm] +.TP +[\-rsa +(default)] +.TP +[\-ecc +] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default NULL) +.TP +01 +continue +.TP +20 +command decrypt +.TP +80 +audit diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsswriteapp.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsswriteapp.1 new file mode 100644 index 000000000000..12eb525effd6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsswriteapp.1 @@ -0,0 +1,15 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH WRITEAPP "1" "March 2020" "writeapp 1.3" "User Commands" +.SH NAME +writeapp \- Runs TPM2 writeapp +.SH DESCRIPTION +writeapp +.PP +writeapp is a sample NV write application. Provisions an NV location, +then does two writes with password 'pwd' using a bound, salted +HMAC session using AES CFB parameter encryption. +.PP +Used to test minimal TSS build +.TP +[\-pwsess +Use a password session, no HMAC or parameter encryption] diff --git a/libstb/tss2/ibmtpm20tss/utils/man/man1/tsszgen2phase.1 b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsszgen2phase.1 new file mode 100644 index 000000000000..c4eff80611f2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/man/man1/tsszgen2phase.1 @@ -0,0 +1,47 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH ZGEN2PHASE "1" "March 2020" "zgen2phase 1.3" "User Commands" +.SH NAME +zgen2phase \- Runs TPM2 zgen2phase +.SH DESCRIPTION +zgen2phase +.PP +Runs TPM2_ZGen_2Phase +.TP +\fB\-hk\fR +unrestricted decryption key handle +.TP +[\-pwdk +password for key (default empty)] +.TP +\fB\-qsb\fR +QsB point input file name +.TP +\fB\-qeb\fR +QeB point input file name +.TP +\fB\-cf\fR +counter file name +.TP +[\-scheme +(default ecdh)] +.IP +ecdh +ecmqv +sm2 +.TP +[\-z1 +Z1 output data file name (default do not save)] +.TP +[\-z2 +Z2 output data file name (default do not save)] +.HP +\fB\-se[0\-2]\fR session handle / attributes (default PWAP) +.TP +01 +continue +.TP +20 +command decrypt +.TP +40 +response encrypt diff --git a/libstb/tss2/ibmtpm20tss/utils/ntc2getconfig.c b/libstb/tss2/ibmtpm20tss/utils/ntc2getconfig.c new file mode 100644 index 000000000000..7222153545e6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ntc2getconfig.c @@ -0,0 +1,199 @@ +/********************************************************************************/ +/* */ +/* Nuvoton GetConfig */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + Gets the Nuvoton preConfig registers. Optionally checks 'lock' and several + hard coded configurations. +*/ + +#include +#include +#include +#include + +#include +#include +#include + +#include "ntc2lib.h" + +static void printUsage(void); +static void printHexResponse(NTC2_CFG_STRUCT *preConfig); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NTC2_GetConfig_Out out; + NTC2_CFG_STRUCT preConfig; + int verify = FALSE; + int verifyLocked = FALSE; + int p8 = FALSE; + int p9 = FALSE; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (ii2cLoc1_2); + printf("i2cLoc3_4:\t%02x\n", preConfig->i2cLoc3_4); + printf("AltCfg:\t\t%02x\n", preConfig->AltCfg); + printf("Direction:\t%02x\n", preConfig->Direction); + printf("PullUp:\t\t%02x\n", preConfig->PullUp); + printf("PushPull:\t%02x\n", preConfig->PushPull); + printf("CFG_A:\t\t%02x\n", preConfig->CFG_A); + printf("CFG_B:\t\t%02x\n", preConfig->CFG_B); + printf("CFG_C:\t\t%02x\n", preConfig->CFG_C); + printf("CFG_D:\t\t%02x\n", preConfig->CFG_D); + printf("CFG_E:\t\t%02x\n", preConfig->CFG_E); + printf("CFG_F:\t\t%02x\n", preConfig->CFG_F); + printf("CFG_G:\t\t%02x\n", preConfig->CFG_G); + printf("CFG_H:\t\t%02x\n", preConfig->CFG_H); + printf("CFG_I:\t\t%02x\n", preConfig->CFG_I); + printf("CFG_J:\t\t%02x\n", preConfig->CFG_J); + printf("IsValid:\t%02x\n", preConfig->IsValid); + printf("IsLocked:\t%02x\n", preConfig->IsLocked); + return; +} + +static void printUsage(void) +{ + printf("\n"); + printf("ntc2getconfig\n"); + printf("\n"); + printf("Runs NTC2_GetConfig\n"); + printf("\n"); + printf("\t[-verify\tVerify results against System P default (default no verify)]\n"); + printf("\t[-verifylocked\tAlso verify that the preconfig is locked\n" + "\t\t(default verify not locked)]\n"); + printf("\t[-p8 or -p9\tVerify Nuvoton TPM for P8 or P9]"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/ntc2lib.c b/libstb/tss2/ibmtpm20tss/utils/ntc2lib.c new file mode 100644 index 000000000000..29bd08ba59ca --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ntc2lib.c @@ -0,0 +1,210 @@ +/********************************************************************************/ +/* */ +/* TPM2 Nuvoton Proprietary Command Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ntc2lib.c 1290 2018-08-01 14:45:24Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include "ntc2lib.h" + +/* verifyConfig() compares the expected and actual values for the entire NTC2_CFG_STRUCT structure. + + If verifyLocked is TRUE, checks that the configuration is locked. If FALSE, checks that the + configuration is not locked +*/ + +TPM_RC verifyConfig(NTC2_CFG_STRUCT *expected, NTC2_CFG_STRUCT *actual, int verifyLocked) +{ + TPM_RC rc = 0; + int b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16; + b0 = (actual->i2cLoc1_2 == expected->i2cLoc1_2); + if (!b0) { + printf("ERROR: i2cLoc1_2 expect %02x actual %02x\n", expected->i2cLoc1_2, actual->i2cLoc1_2); + rc = TPM_RC_VALUE; + } + b1 = (actual->i2cLoc3_4 == expected->i2cLoc3_4); + if (!b1) { + printf("ERROR: i2cLoc3_4 expect %02x actual %02x\n", expected->i2cLoc3_4, actual->i2cLoc3_4); + rc = TPM_RC_VALUE; + } + b2 = (actual->AltCfg == expected->AltCfg); + if (!b2) { + printf("ERROR: AltCfg expect %02x actual %02x\n", expected->AltCfg, actual->AltCfg); + rc = TPM_RC_VALUE; + } + b3 = (actual->Direction == expected->Direction); + if (!b3) { + printf("ERROR: Direction expect %02x actual %02x\n", expected->Direction, actual->Direction); + rc = TPM_RC_VALUE; + } + b4 = (actual->PullUp == expected->PullUp); + if (!b4) { + printf("ERROR: PullUp expect %02x actual %02x\n", expected->PullUp, actual->PullUp); + rc = TPM_RC_VALUE; + } + b5 = (actual->PushPull == expected->PushPull); + if (!b5) { + printf("ERROR: PushPull expect %02x actual %02x\n", expected->PushPull, actual->PushPull); + rc = TPM_RC_VALUE; + } + b6 = (actual->CFG_A == expected->CFG_A); + if (!b6) { + printf("ERROR: CFG_A expect %02x actual %02x\n", expected->CFG_A, actual->CFG_A); + rc = TPM_RC_VALUE; + } + b7 = (actual->CFG_B == expected->CFG_B); + if (!b7) { + printf("ERROR: CFG_B expect %02x actual %02x\n", expected->CFG_B, actual->CFG_B); + rc = TPM_RC_VALUE; + } + b8 = (actual->CFG_C == expected->CFG_C); + if (!b8) { + printf("ERROR: CFG_C expect %02x actual %02x\n", expected->CFG_C, actual->CFG_C); + rc = TPM_RC_VALUE; + } + b9 = (actual->CFG_D == expected->CFG_D); + if (!b9) { + printf("ERROR: CFG_D expect %02x actual %02x\n", expected->CFG_D, actual->CFG_D); + rc = TPM_RC_VALUE; + } + b10 = (actual->CFG_E == expected->CFG_E); + if (!b10) { + printf("CFG_E expect %02x actual %02x\n", expected->CFG_E, actual->CFG_E); + rc = TPM_RC_VALUE; + } + b11 = (actual->CFG_F == expected->CFG_F); + if (!b11) { + printf("CFG_F expect %02x actual %02x\n", expected->CFG_F, actual->CFG_F); + rc = TPM_RC_VALUE; + } + b12 = (actual->CFG_G == expected->CFG_G); + if (!b12) { + printf("ERROR: CFG_G expect %02x actual %02x\n", expected->CFG_G, actual->CFG_G); + rc = TPM_RC_VALUE; + } + b13 = (actual->CFG_H == expected->CFG_H); + if (!b13) { + printf("ERROR: CFG_H expect %02x actual %02x\n", expected->CFG_H, actual->CFG_H); + rc = TPM_RC_VALUE; + } + b14 = (actual->CFG_I == expected->CFG_I); + if (!b14) { + printf("ERROR: CFG_I expect %02x actual %02x\n", expected->CFG_I, actual->CFG_I); + rc = TPM_RC_VALUE; + } + b15 = (actual->CFG_J == expected->CFG_J); + if (!b15) { + printf("ERROR: CFG_J expect %02x actual %02x\n", expected->CFG_J, actual->CFG_J); + rc = TPM_RC_VALUE; + } + b16 = (actual->IsValid == expected->IsValid); + if (!b16) { + printf("ERROR: IsValid expect %02x actual %02x\n", expected->IsValid, actual->IsValid); + rc = TPM_RC_VALUE; + } + if (verifyLocked) { + if (actual->IsLocked != 0xaa) { + printf("ERROR: IsLocked is %02x not %02x\n", + actual->IsLocked, 0xaa); + rc = TPM_RC_VALUE; + } + } + else { + if (actual->IsLocked != 0xff) { + printf("ERROR: IsLocked %02x not %02x\n", + actual->IsLocked, 0xff); + rc = TPM_RC_VALUE; + } + } + return rc; +} + +/* requiredConfig() fills in the structure with the required values + + p9 FALSE uses P8 values. p9 TRUE uses P9 values +*/ + +void requiredConfig(NTC2_CFG_STRUCT *preConfig, int p9) +{ + /* p8 preConfig */ + if (!p9) { + preConfig->i2cLoc1_2 = P8_REQUIRED_i2cLoc1_2; + preConfig->i2cLoc3_4 = P8_REQUIRED_i2cLoc3_4; + preConfig->AltCfg = P8_REQUIRED_AltCfg; + preConfig->Direction = P8_REQUIRED_Direction; + preConfig->PullUp = P8_REQUIRED_PullUp; + preConfig->PushPull = P8_REQUIRED_PushPull; + preConfig->CFG_A = P8_REQUIRED_CFG_A; + preConfig->CFG_B = P8_REQUIRED_CFG_B; + preConfig->CFG_C = P8_REQUIRED_CFG_C; + preConfig->CFG_D = P8_REQUIRED_CFG_D; + preConfig->CFG_E = P8_REQUIRED_CFG_E; + preConfig->CFG_F = P8_REQUIRED_CFG_F; + preConfig->CFG_G = P8_REQUIRED_CFG_G; + preConfig->CFG_H = P8_REQUIRED_CFG_H; + preConfig->CFG_I = P8_REQUIRED_CFG_I; + preConfig->CFG_J = P8_REQUIRED_CFG_J; + preConfig->IsValid = P8_REQUIRED_IsValid; + preConfig->IsLocked = P8_REQUIRED_IsLocked; + } + /* p9 preConfig */ + else { + preConfig->i2cLoc1_2 = P9_REQUIRED_i2cLoc1_2; + preConfig->i2cLoc3_4 = P9_REQUIRED_i2cLoc3_4; + preConfig->AltCfg = P9_REQUIRED_AltCfg; + preConfig->Direction = P9_REQUIRED_Direction; + preConfig->PullUp = P9_REQUIRED_PullUp; + preConfig->PushPull = P9_REQUIRED_PushPull; + preConfig->CFG_A = P9_REQUIRED_CFG_A; + preConfig->CFG_B = P9_REQUIRED_CFG_B; + preConfig->CFG_C = P9_REQUIRED_CFG_C; + preConfig->CFG_D = P9_REQUIRED_CFG_D; + preConfig->CFG_E = P9_REQUIRED_CFG_E; + preConfig->CFG_F = P9_REQUIRED_CFG_F; + preConfig->CFG_G = P9_REQUIRED_CFG_G; + preConfig->CFG_H = P9_REQUIRED_CFG_H; + preConfig->CFG_I = P9_REQUIRED_CFG_I; + preConfig->CFG_J = P9_REQUIRED_CFG_J; + preConfig->IsValid = P9_REQUIRED_IsValid; + preConfig->IsLocked = P9_REQUIRED_IsLocked; + } + return; +} + + diff --git a/libstb/tss2/ibmtpm20tss/utils/ntc2lib.h b/libstb/tss2/ibmtpm20tss/utils/ntc2lib.h new file mode 100644 index 000000000000..4d37959fb5d6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ntc2lib.h @@ -0,0 +1,116 @@ +/********************************************************************************/ +/* */ +/* TPM2 Novoton Proprietary Command Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: ntc2lib.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2017 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef NTC2LIB_H +#define NTC2LIB_H + +#include +#include +#include +#include + +#include +#include + +/* default values for System P8 I2C */ + +#define P8_REQUIRED_i2cLoc1_2 0xff +#define P8_REQUIRED_i2cLoc3_4 0xff +#define P8_REQUIRED_AltCfg 0x03 +#define P8_REQUIRED_Direction 0x00 +#define P8_REQUIRED_PullUp 0xff +#define P8_REQUIRED_PushPull 0xff +#define P8_REQUIRED_CFG_A 0xfe +#define P8_REQUIRED_CFG_B 0xff +#define P8_REQUIRED_CFG_C 0xff +#define P8_REQUIRED_CFG_D 0xff +#define P8_REQUIRED_CFG_E 0xff +#define P8_REQUIRED_CFG_F 0xff +#define P8_REQUIRED_CFG_G 0xff +#define P8_REQUIRED_CFG_H 0xff +#define P8_REQUIRED_CFG_I 0xff +#define P8_REQUIRED_CFG_J 0xff +#define P8_REQUIRED_IsValid 0xaa +#define P8_REQUIRED_IsLocked 0x00; + +/* default values for System P8 I2C */ + +#define P9_REQUIRED_i2cLoc1_2 0xa9 /* changed */ +#define P9_REQUIRED_i2cLoc3_4 0xa5 /* changed */ +#define P9_REQUIRED_AltCfg 0x03 +#define P9_REQUIRED_Direction 0x00 +#define P9_REQUIRED_PullUp 0xff +#define P9_REQUIRED_PushPull 0xff +#define P9_REQUIRED_CFG_A 0xfe +#define P9_REQUIRED_CFG_B 0xff +#define P9_REQUIRED_CFG_C 0xff +#define P9_REQUIRED_CFG_D 0xff +#define P9_REQUIRED_CFG_E 0xff +#define P9_REQUIRED_CFG_F 0xff +#define P9_REQUIRED_CFG_G 0xff +#define P9_REQUIRED_CFG_H 0xf0 /* changed */ +#define P9_REQUIRED_CFG_I 0xff +#define P9_REQUIRED_CFG_J 0xff +#define P9_REQUIRED_IsValid 0xaa +#define P9_REQUIRED_IsLocked 0x00; + +/* required values, others not supported */ + +#define FIXED_Direction 0x00 +#define FIXED_PullUp 0xff +#define FIXED_PushPull 0xff +#define FIXED_CFG_F 0xff +#define FIXED_CFG_I 0xff +#define FIXED_CFG_J 0xff +#define FIXED_IsValid 0xaa + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC + verifyConfig(NTC2_CFG_STRUCT *expected, NTC2_CFG_STRUCT *actual, int verifyLocked); + void + requiredConfig(NTC2_CFG_STRUCT *preConfig, int p9); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/ntc2lockconfig.c b/libstb/tss2/ibmtpm20tss/utils/ntc2lockconfig.c new file mode 100644 index 000000000000..983379c34698 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/ntc2lockconfig.c @@ -0,0 +1,135 @@ +/********************************************************************************/ +/* */ +/* Nuvoton Lock Preconfig */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + Locks the Nuvoton preConfig registers +*/ + +#include +#include +#include +#include + +#include +#include +#include + +#include "ntc2lib.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + int lock = FALSE; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include + +#include "ntc2lib.h" + +static void printUsage(void); +static TPM_RC fixedConfig(NTC2_CFG_STRUCT *preConfig); +static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut, + const NTC2_CFG_STRUCT *preConfigIn, + const NTC2_CFG_STRUCT *preConfigSet); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NTC2_GetConfig_Out out; + NTC2_PreConfig_In in; + NTC2_CFG_STRUCT preConfigSet; /* flags mark values to change */ + NTC2_CFG_STRUCT preConfigIn; /* values to change */ + int p8 = FALSE; + int p9 = FALSE; + int override = FALSE; /* TRUE to override P required values */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + memset(&preConfigSet, 0, sizeof(NTC2_CFG_STRUCT)); /* default nothing to change */ + memset(&preConfigIn, 0, sizeof(NTC2_CFG_STRUCT)); /* initialized to suppress false gcc -O3 + warning */ + /* command line argument defaults */ + for (i=1 ; (iDirection != FIXED_Direction) { + printf("Direction is not the required value %02x\n", FIXED_Direction); + return TPM_RC_RANGE; + } + if (preConfig->PullUp != FIXED_PullUp) { + printf("PullUp is not the required value %02x\n", FIXED_PullUp); + return TPM_RC_RANGE; + } + if (preConfig->PushPull != FIXED_PushPull) { + printf("PushPull is not the required value %02x\n", FIXED_PushPull); + return TPM_RC_RANGE; + } + if (preConfig->CFG_F != FIXED_CFG_F) { + printf("CFG_F is not the required value %02x\n", FIXED_CFG_F); + return TPM_RC_RANGE; + } + if (preConfig->CFG_I != FIXED_CFG_I) { + printf("CFG_I is not the required value %02x\n", FIXED_CFG_I); + return TPM_RC_RANGE; + } + if (preConfig->CFG_J != FIXED_CFG_J) { + printf("CFG_J is not the required value %02x\n", FIXED_CFG_J); + return TPM_RC_RANGE; + } + if (preConfig->IsValid != FIXED_IsValid) { + printf("IsValid is not the required value %02x\n", FIXED_IsValid); + return TPM_RC_RANGE; + } + return 0; +} + +/* mergeConfig() handles the read modify write setup. + + preConfigIn are the new values + preConfigSet are booleans, true for the new values + preConfigOut at input are the current values, at output are the merged values +*/ + +static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut, + const NTC2_CFG_STRUCT *preConfigIn, + const NTC2_CFG_STRUCT *preConfigSet) +{ + if (preConfigSet->i2cLoc1_2) { + preConfigOut->i2cLoc1_2 = preConfigIn->i2cLoc1_2; + } + if (preConfigSet->i2cLoc3_4) { + preConfigOut->i2cLoc3_4 = preConfigIn->i2cLoc3_4; + } + if (preConfigSet->AltCfg) { + preConfigOut->AltCfg = preConfigIn->AltCfg; + } + if (preConfigSet->Direction) { + preConfigOut->Direction = preConfigIn->Direction; + } + if (preConfigSet->PullUp) { + preConfigOut->PullUp = preConfigIn->PullUp; + } + if (preConfigSet->PushPull) { + preConfigOut->PushPull = preConfigIn->PushPull; + } + if (preConfigSet->CFG_A) { + preConfigOut->CFG_A = preConfigIn->CFG_A; + } + if (preConfigSet->CFG_B) { + preConfigOut->CFG_B = preConfigIn->CFG_B; + } + if (preConfigSet->CFG_C) { + preConfigOut->CFG_C = preConfigIn->CFG_C; + } + if (preConfigSet->CFG_D) { + preConfigOut->CFG_D = preConfigIn->CFG_D; + } + if (preConfigSet->CFG_E) { + preConfigOut->CFG_E = preConfigIn->CFG_E; + } + if (preConfigSet->CFG_F) { + preConfigOut->CFG_F = preConfigIn->CFG_F; + } + if (preConfigSet->CFG_G) { + preConfigOut->CFG_G = preConfigIn->CFG_G; + } + if (preConfigSet->CFG_H) { + preConfigOut->CFG_H = preConfigIn->CFG_H; + } + if (preConfigSet->CFG_I) { + preConfigOut->CFG_I = preConfigIn->CFG_I; + } + if (preConfigSet->CFG_J) { + preConfigOut->CFG_J = preConfigIn->CFG_J; + } + if (preConfigSet->IsValid) { + preConfigOut->IsValid = preConfigIn->IsValid; + } + return; +} + +static void printUsage(void) +{ + printf("\n"); + printf("ntc2preconfig\n"); + printf("\n"); + printf("Runs NTC2_PreConfig\n"); + printf("\n"); + printf("\t-p8 or -p9\tConfigure Nuvoton TPM for P8 or P9\n"); + printf("\t-override\tpermits individual register values, read-modify-write\n"); + printf("\n"); + printf("Values to set, each is a hex byte, (default do not change)\n"); + printf("\n"); + printf("\t[-i2cLoc1_2\tbyte]\n"); + printf("\t[-i2cLoc3_4\tbyte]\n"); + printf("\t[-AltCfg\tbyte]\n"); + printf("\t[-Direction\tbyte]\n"); + printf("\t[-PullUp\tbyte]\n"); + printf("\t[-PushPull\tbyte]\n"); + printf("\t[-CFG_A\t\tbyte]\n"); + printf("\t[-CFG_B\t\tbyte]\n"); + printf("\t[-CFG_C\t\tbyte]\n"); + printf("\t[-CFG_D\t\tbyte]\n"); + printf("\t[-CFG_E\t\tbyte]\n"); + printf("\t[-CFG_F\t\tbyte]\n"); + printf("\t[-CFG_G\t\tbyte]\n"); + printf("\t[-CFG_H\t\tbyte]\n"); + printf("\t[-CFG_I\t\tbyte]\n"); + printf("\t[-CFG_J\t\tbyte]\n"); + printf("\t[-IsValid\tbyte]\n"); + exit(1); +} + + + diff --git a/libstb/tss2/ibmtpm20tss/utils/nvcertify.c b/libstb/tss2/ibmtpm20tss/utils/nvcertify.c new file mode 100644 index 000000000000..81bde6938405 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvcertify.c @@ -0,0 +1,449 @@ +/********************************************************************************/ +/* */ +/* NV_Certify */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_Certify_In in; + NV_Certify_Out out; + TPMI_DH_OBJECT signHandle = 0; + const char *keyPassword = NULL; + char hierarchyAuthChar = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_RH_NV_INDEX nvIndex = 0; + uint16_t size = 0; + uint16_t offset = 0; /* default 0 */ + TPMS_ATTEST tpmsAttest; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *certifyDataFilename = NULL; + TPM_ALG_ID sigAlg = TPM_ALG_RSA; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* certifying key */ + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyAuthChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("\n"); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.signHandle = signHandle; + in.nvIndex = nvIndex; + in.qualifyingData.t.size = 0; + if (sigAlg == TPM_ALG_RSA) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (sigAlg == TPM_ALG_ECDSA) { + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + else { /* HMAC */ + in.inScheme.scheme = TPM_ALG_HMAC; + in.inScheme.details.hmac.hashAlg = halg; + } + in.size = size; + in.offset = offset; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Certify, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, nvPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, + out.certifyInfo.t.size, + attestInfoFilename); + } + /* unmarshal the TPM2B_ATTEST output to a TPMS_ATTEST structure */ + if (rc == 0) { + uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; + uint32_t tmpSize = out.certifyInfo.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if ((rc == 0) && (certifyDataFilename != NULL)) { + /* TPMS_NV_DIGEST_CERTIFY_INFO */ + if ((offset == 0) && (size == 0)) { + rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.nvDigest.nvDigest.t.buffer, + tpmsAttest.attested.nvDigest.nvDigest.t.size, + certifyDataFilename); + } + /* TPMS_NV_CERTIFY_INFO */ + else { + rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.nv.nvContents.t.buffer, + tpmsAttest.attested.nv.nvContents.t.size, + certifyDataFilename); + } + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("nvcertify: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvcertify: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvcertify\n"); + printf("\n"); + printf("Runs TPM2_NV_Certify\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); + printf("\t-hk\tcertifying key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t-sz\tdata size\n"); + printf("\t[-off\toffset (default 0)]\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\t[-od\tcertified data file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvchangeauth.c b/libstb/tss2/ibmtpm20tss/utils/nvchangeauth.c new file mode 100644 index 000000000000..e2244ac4ac64 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvchangeauth.c @@ -0,0 +1,255 @@ +/********************************************************************************/ +/* */ +/* NV_ChangeAuth */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_ChangeAuth_In in; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *password = NULL; + const char *newPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.nvIndex = nvIndex; + } + /* convert password string to TPM2B */ + if (rc == 0) { + if (newPassword == NULL) { + in.newAuth.t.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&in.newAuth.b, + newPassword, sizeof(in.newAuth.t.buffer)); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_ChangeAuth, + sessionHandle0, password, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvchangeauth: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvchangeauth: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvchangeauth\n"); + printf("\n"); + printf("Runs TPM2_NV_ChangeAuth\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdo\tpassword (default empty)\n"); + printf("\t-pwdn\tnew password (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvdefinespace.c b/libstb/tss2/ibmtpm20tss/utils/nvdefinespace.c new file mode 100644 index 000000000000..34e158664130 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvdefinespace.c @@ -0,0 +1,591 @@ +/********************************************************************************/ +/* */ +/* NV Define Space */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +#define TPMA_NVA_CLEAR_STCLEAR 0x08000000 + + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_DefineSpace_In in; + char hierarchyChar = 0; + char hierarchyAuthChar = '\0'; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + unsigned int hashSize = SHA256_DIGEST_SIZE; + char typeChar = 'o'; + unsigned int typeCount = 0; + TPMI_RH_NV_INDEX nvIndex = 0; + uint16_t dataSize = 0; + TPMA_NV nvAttributes; /* final attributes to command */ + TPMA_NV setAttributes; /* attributes to add to defaults*/ + TPMA_NV clearAttributes; /* attributes to subtract from defaults */ + const char *policyFilename = NULL; + const char *nvPassword = NULL; + const char *parentPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* nvAttributes first accumumates attributes that are default side effects of other arguments. + E.g., specifying a policy sets POLICYWRITE and POLICYREAD. After all arguments are + processed, setAttributes and clearAttributes may optional fine tune the attributes. E.g., + POLICYWRITE can be cleared. */ + + /* default values */ + nvAttributes.val = 0; + setAttributes.val = TPMA_NVA_NO_DA; + clearAttributes.val = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (typeCount > 1) { + printf("-ty can only be specified once\n"); + printUsage(); + } + /* Authorization attributes */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + nvAttributes.val |= TPMA_NVA_OWNERWRITE | TPMA_NVA_OWNERREAD; + } + else if (hierarchyAuthChar == 'p') { + nvAttributes.val |= TPMA_NVA_PPWRITE | TPMA_NVA_PPREAD; + } + else if (hierarchyAuthChar == '\0') { + nvAttributes.val |= TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD; + } + else { + printf("-hia has bad parameter\n"); + printUsage(); + } + } + if (rc == 0) { + if (hierarchyChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + switch (typeChar) { + case 'o': + nvAttributes.val |= TPMA_NVA_ORDINARY; + break; + case 'c': + nvAttributes.val |= TPMA_NVA_COUNTER; + dataSize = 8; + break; + case 'b': + nvAttributes.val |= TPMA_NVA_BITS; + dataSize = 8; + break; + case 'e': + nvAttributes.val |= TPMA_NVA_EXTEND; + dataSize = hashSize; + break; + case 'p': + nvAttributes.val |= TPMA_NVA_PIN_PASS; + dataSize = 8; + break; + case 'f': + nvAttributes.val |= TPMA_NVA_PIN_FAIL; + dataSize = 8; + break; + default: + printf("Illegal -ty\n"); + printUsage(); + } + } + /* Table 75 - Definition of Types for TPM2B_AUTH */ + if (rc == 0) { + if (nvPassword == NULL) { + in.auth.b.size = 0; + } + /* if there was a password specified, permit index authorization */ + else { + /* PIN index cannot use index AUTHWRITE authorization */ + if (((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_FAIL) && + ((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_PASS)) { + nvAttributes.val |= TPMA_NVA_AUTHWRITE; + } + nvAttributes.val |= TPMA_NVA_AUTHREAD; + rc = TSS_TPM2B_StringCopy(&in.auth.b, + nvPassword, sizeof(in.auth.t.buffer)); + } + } + /* optional authorization policy */ + if (rc == 0) { + if (policyFilename != NULL) { + if (rc == 0) { + nvAttributes.val |= TPMA_NVA_POLICYWRITE | TPMA_NVA_POLICYREAD; + rc = TSS_File_Read2B(&in.publicInfo.nvPublic.authPolicy.b, + sizeof(in.publicInfo.nvPublic.authPolicy.t.buffer), + policyFilename); + } + /* sanity check that the size of the policy hash matches the name algorithm */ + if (rc == 0) { + if (in.publicInfo.nvPublic.authPolicy.b.size != hashSize) { + printf("Policy size %u does not match name algorithm %u\n", + in.publicInfo.nvPublic.authPolicy.b.size, hashSize); + rc = TPM_RC_POLICY; + } + } + } + else { + in.publicInfo.nvPublic.authPolicy.t.size = 0; /* default empty policy */ + } + } + /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure publicInfo */ + /* Table 196 - Definition of TPMS_NV_PUBLIC Structure nvPublic */ + if (rc == 0) { + in.publicInfo.nvPublic.nvIndex = nvIndex; /* the handle of the data area */ + in.publicInfo.nvPublic.nameAlg = nalg; /* hash algorithm used to compute the name + of the Index and used for the + authPolicy */ + in.publicInfo.nvPublic.attributes = nvAttributes; /* the default Index attributes */ + /* additional set attributes */ + in.publicInfo.nvPublic.attributes.val |= setAttributes.val; + /* clear attributes */ + in.publicInfo.nvPublic.attributes.val &= ~(clearAttributes.val); + in.publicInfo.nvPublic.dataSize = dataSize; /* the size of the data area */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_DefineSpace, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + printf("nvdefinespace: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvdefinespace: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvdefinespace\n"); + printf("\n"); + printf("Runs TPM2_NV_DefineSpace\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t\t01xxxxxx\n"); + printf("\t-hi\tauthorizing hierarchy (o, p)\n"); + printf("\t\to owner, p platform\n"); + printf("\t\tp sets PLATFORMCREATE\n"); + printf("\t[-pwdp\tpassword for hierarchy (default empty)]\n"); + printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n"); + printf("\n"); + printf("\t\tdefault AUTHWRITE, AUTHREAD\n"); + printf("\t\to sets OWNERWRITE, OWNERREAD\n"); + printf("\t\tp sets PPWRITE, PPREAD (platform)\n"); + printf("\n"); + printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); + printf("\t\tsets AUTHWRITE (if not PIN index), AUTHREAD\n"); + printf("\t[-nalg\tname algorithm (sha1, sha256, sha384 sha512) (default sha256)]\n"); + printf("\t[-sz\tdata size in decimal (default 0)]\n"); + printf("\t\tIgnored for other than ordinary index\n"); + printf("\t[-ty\tindex type (o, c, b, e, p, f) (default ordinary)]\n"); + printf("\t\tordinary, counter, bits, extend, pin pass, pin fail\n"); + printf("\t[-pol\tpolicy file (default empty)]\n"); + printf("\t\tsets POLICYWRITE, POLICYREAD\n"); + printf("\t[+at\tattributes to add (may be specified more than once)]\n"); + printf("\n"); + printf("\t\tppw (PPWRITE)\t\tppr (PPREAD) \n"); + printf("\t\tow (OWNERWRITE)\tor (OWNERREAD) \n"); + printf("\t\taw (AUTHWRITE)\tar (AUTHREAD) \n"); + printf("\t\twd (WRITEDEFINE)\tgl (GLOBALLOCK) \n"); + printf("\t\trst (READ_STCLEAR)\twst (WRITE_STCLEAR) \n"); + printf("\t\twa (WRITEALL)\tody (ORDERLY) \n"); + printf("\t\tpold (POLICY_DELETE) \tstc (CLEAR_STCLEAR) \n"); + printf("\n"); + printf("\t[-at\tattributes to delete (may be specified more than once)]\n"); + printf("\n"); + printf("\t\tppw (PPWRITE)\t\tppr (PPREAD)\n"); + printf("\t\tow (OWNERWRITE)\tor (OWNERREAD)\n"); + printf("\t\taw (AUTHWRITE)\tar (AUTHREAD)\n"); + printf("\t\tpw (POLICYWRITE)\tpr (POLICYREAD)\n"); + printf("\t\tda (NO_DA) (default set)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvextend.c b/libstb/tss2/ibmtpm20tss/utils/nvextend.c new file mode 100644 index 000000000000..ce9943984b7b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvextend.c @@ -0,0 +1,274 @@ +/********************************************************************************/ +/* */ +/* NV Extend */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_Extend_In in; + const char *data = NULL; + const char *datafilename = NULL; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if ((data == NULL) && (datafilename == NULL)) { + printf("Data string or data file must be specified\n"); + printUsage(); + } + if ((data != NULL) && (datafilename != NULL)) { + printf("Data string and data file cannot both be specified\n"); + printUsage(); + } + if ((rc == 0) && (data != NULL)) { + rc = TSS_TPM2B_StringCopy(&in.data.b, + data, sizeof(in.data.t.buffer)); + + } + if ((rc == 0) && (datafilename != NULL)) { + rc = TSS_File_Read2B(&in.data.b, + sizeof(in.data.t.buffer), + datafilename); + } + if (rc == 0) { + in.authHandle = nvIndex; + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Extend, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvextend: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvextend: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvextend\n"); + printf("\n"); + printf("Runs TPM2_NV_Extend\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdn\tpassword for NV index (default empty)\n"); + printf("\t-ic\tdata string\n"); + printf("\t-if\tdata file\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvglobalwritelock.c b/libstb/tss2/ibmtpm20tss/utils/nvglobalwritelock.c new file mode 100644 index 000000000000..2a737ec5ed48 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvglobalwritelock.c @@ -0,0 +1,237 @@ +/********************************************************************************/ +/* */ +/* NV GlobalWriteLock */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_GlobalWriteLock_In in; + char hierarchyAuthChar = 0; + const char *password = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("\n"); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_GlobalWriteLock, + sessionHandle0, password, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvglobalwritelock: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvglobalwritelock: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvglobalwritelock\n"); + printf("\n"); + printf("Runs TPM2_NV_GlobalWriteLock\n"); + printf("\n"); + printf("\t-hia\thierarchy authorization (o, p)\n"); + printf("\t[-pwd\tauthorization password (default empty)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvincrement.c b/libstb/tss2/ibmtpm20tss/utils/nvincrement.c new file mode 100644 index 000000000000..84889930b54e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvincrement.c @@ -0,0 +1,233 @@ +/********************************************************************************/ +/* */ +/* NV_Increment */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_Increment_In in; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.authHandle = nvIndex; + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Increment, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvincrement: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvincrement: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvincrement\n"); + printf("\n"); + printf("Runs TPM2_NV_Increment\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdn\tpassword for NV index (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvread.c b/libstb/tss2/ibmtpm20tss/utils/nvread.c new file mode 100644 index 000000000000..34eebf896287 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvread.c @@ -0,0 +1,483 @@ +/********************************************************************************/ +/* */ +/* NV Read */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include "ekutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_Read_In in; + NV_Read_Out out; + uint16_t offset = 0; /* default 0 */ + uint16_t readLength = 0; /* bytes to read */ + int ireadLength = 0; /* bytes to read as integer */ + int cert = FALSE; /* boolean, read certificate */ + const char *certificateFilename = NULL; + int readLengthSet = FALSE; + char hierarchyAuthChar = 0; + const char *datafilename = NULL; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + uint32_t pinCount = 0; /* these two initialized to suppress falose gcc -O3 + warnings */ + uint32_t pinLimit = 0; + int inData = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + unsigned char *readBuffer = NULL; + uint32_t nvBufferMax; + uint16_t bytesRead; /* bytes read so far */ + int done = FALSE; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i= 0) && (ireadLength <= 0xffff)) { + readLength = (uint16_t)ireadLength; + } + else { + printf("-sz %d out of range\n", ireadLength); + printUsage(); + } + } + else if (!strcmp("-cert",argv[i])) { + cert = TRUE; + } + else if (strcmp(argv[i],"-ocert") == 0) { + i++; + if (i < argc) { + certificateFilename = argv[i]; + } + else { + printf("-ocert option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i], "-id") == 0) { + i++; + if (i < argc) { + pinCount = atoi(argv[i]); + i++; + if (i < argc) { + pinLimit = atoi(argv[i]); + inData = TRUE; + } + else { + printf("-id option needs two values\n"); + printUsage(); + } + } + else { + printf("-id option needs two values\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se0") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle0); + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes0); + if (sessionAttributes0 > 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyAuthChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("\n"); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* Determine the readLength from the NV index type. This is just for the utility. An + application would already know the index type. */ + if (!readLengthSet) { /* if caller specifies a read length, use it */ + NV_ReadPublic_In in; + NV_ReadPublic_Out out; + if (rc == 0) { + in.nvIndex = nvIndex; + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_ReadPublic, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + TPMI_ALG_HASH nameAlg; + uint32_t nvType = (out.nvPublic.nvPublic.attributes.val & TPMA_NVA_TPM_NT_MASK) >> 4; + switch (nvType) { + case TPM_NT_ORDINARY: + readLength = out.nvPublic.nvPublic.dataSize; + break; + case TPM_NT_COUNTER: + case TPM_NT_BITS: + case TPM_NT_PIN_FAIL: + case TPM_NT_PIN_PASS: + readLength = 8; + break; + case TPM_NT_EXTEND: + nameAlg = out.nvPublic.nvPublic.nameAlg; + readLength = TSS_GetDigestSize(nameAlg); + break; + } + } + } + if (rc == 0) { + if (readLength > 0) { + readBuffer = malloc(readLength); /* freed @1 */ + if (readBuffer == NULL) { + printf("Cannot malloc %u bytes for read buffer\n", readLength); + exit(1); + } + } + else { + readBuffer = NULL; + } + } + if ((rc == 0) && inData) { + if (readLength != 8) { + printf("-id needs read length 8, is %u\n", readLength); + exit(1); + } + } + /* data may have to be read in chunks. Read the TPM_PT_NV_BUFFER_MAX, the chunk size */ + if (rc == 0) { + rc = readNvBufferMax(tssContext, + &nvBufferMax); + } + if (rc == 0) { + in.nvIndex = nvIndex; + in.offset = offset; /* start at supplied offset */ + bytesRead = 0; /* bytes read so far */ + } + /* call TSS to execute the command */ + while ((rc == 0) && !done) { + if (rc == 0) { + /* read a chunk */ + in.offset = offset + bytesRead; + if ((uint32_t)(readLength - bytesRead) < nvBufferMax) { + in.size = readLength - bytesRead; /* last chunk */ + } + else { + in.size = nvBufferMax; /* next chunk */ + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvread: reading %u bytes\n", in.size); + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Read, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + /* copy the results to the read buffer */ + if ((rc == 0) && (readBuffer != NULL)) { /* check to handle 0 size read */ + memcpy(readBuffer + bytesRead, out.data.b.buffer, out.data.b.size); + } + if (rc == 0) { + bytesRead += out.data.b.size; + if (bytesRead == readLength) { + done = TRUE; + } + } + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (datafilename != NULL) && (readBuffer != NULL)) { + rc = TSS_File_WriteBinaryFile(readBuffer, readLength, datafilename); + } + if (rc == 0) { + /* if not tracing the certificate, trace the result */ + if (!cert) { + if (tssUtilsVerbose) printf("nvread: success\n"); + TSS_PrintAll("nvread: data", readBuffer, readLength); + } + if (cert || (certificateFilename != NULL)) { + void *x509Certificate = NULL; /* opaque structure */ + /* convert the DER stream to crypto library structure */ + rc = convertDerToX509(&x509Certificate, /* freed @2 */ + readLength, + readBuffer); + /* if cert, trace the certificate using openssl print function */ + if ((rc == 0) && cert) { + x509PrintStructure(x509Certificate); + } + /* if a file name was specified, write the certificate in PEM format */ + if ((rc == 0) && (certificateFilename != NULL)) { + rc = convertX509ToPem(certificateFilename, + x509Certificate); + } + x509FreeStructure(x509Certificate); /* @2 */ + } + } + /* PIN index regression test aid, compare expected to actual */ + if (rc == 0) { + if (inData) { + uint32_t tmpSize = 8; /* readLength was checked previously */ + uint8_t *tmpBuffer = readBuffer; + uint32_t actual; /* data comes off TPM big endian (nbo) */ + + TSS_UINT32_Unmarshalu(&actual, &tmpBuffer, &tmpSize); + if (pinCount != actual) { + printf("Error: Expected pinCount %u Actual %u\n", pinCount, actual); + rc = TSS_RC_BAD_READ_VALUE; + } + TSS_UINT32_Unmarshalu(&actual, &tmpBuffer, &tmpSize); + if (pinLimit != actual) { + printf("Error: Expected pinLimit %u Actual %u\n", pinLimit, actual); + rc = TSS_RC_BAD_READ_VALUE; + } + } + } + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("nvread: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(readBuffer); /* @1 */ + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvread\n"); + printf("\n"); + printf("Runs TPM2_NV_Read\n"); + printf("\n"); + printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); + printf("\t[-sz\tdata size (default to size of index)]\n"); + printf("\t\tcounter, bits, pin read 8 bytes, extend reads based on hash algorithm\n"); + printf("\t[-cert\tdumps the certificate\n"); + printf("\t01c00002\tRSA EK certificate\n"); + printf("\t01c0000a\tECC EK certificate\n"); + printf("\t[-ocert\t certificate file name, writes in PEM format\n"); + printf("\t[-off\t offset (default 0)]\n"); + printf("\t[-of\t data file (default do not save)]\n"); + printf("\t[-id\tdata values for pinCount and pinLimit verification, (4 bytes each)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvreadlock.c b/libstb/tss2/ibmtpm20tss/utils/nvreadlock.c new file mode 100644 index 000000000000..94e7f3ff27b3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvreadlock.c @@ -0,0 +1,260 @@ +/********************************************************************************/ +/* */ +/* NV ReadLock */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: nvreadlock.c 1290 2018-08-01 14:45:24Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_ReadLock_In in; + char hierarchyAuthChar = 0; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyAuthChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("\n"); + printUsage(); + } + } + if (rc == 0) { + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_ReadLock, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvreadlock: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvreadlock: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvreadlock\n"); + printf("\n"); + printf("Runs TPM2_NV_ReadLock\n"); + printf("\n"); + printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdn\tpassword for NV index (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvreadpublic.c b/libstb/tss2/ibmtpm20tss/utils/nvreadpublic.c new file mode 100644 index 000000000000..cf36b96ec389 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvreadpublic.c @@ -0,0 +1,351 @@ +/********************************************************************************/ +/* */ +/* NV ReadPublic */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +/* for endian conversion */ +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_ReadPublic_In in; + NV_ReadPublic_Out out; + TPMI_RH_NV_INDEX nvIndex = 0; + TPMI_ALG_HASH nalg = TPM_ALG_NULL; + TPMI_ALG_HASH nameHashAlg; + const char *nvPublicFilename = NULL; + const char *nameFilename = NULL; + int noSpace = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_ReadPublic, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* NOTE: The caller validates the result to the extent that it does not trust the NV index to be + defined properly */ + + /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure - nvPublic*/ + /* Table 196 - Definition of TPMS_NV_PUBLIC Structure */ + /* Table 83 - Definition of TPM2B_NAME Structure t */ + + /* TPMS_NV_PUBLIC hash alg vs expected */ + if (rc == 0) { + if ((nalg != TPM_ALG_NULL) && (out.nvPublic.nvPublic.nameAlg != nalg)) { + printf("nvreadpublic: TPM2B_NV_PUBLIC hash algorithm does not match expected\n"); + rc = TSS_RC_MALFORMED_NV_PUBLIC; + } + } + /* TPM2B_NAME hash algorithm vs expected */ + if (rc == 0) { + uint16_t tmp16; + memcpy(&tmp16, out.nvName.t.name, sizeof(uint16_t)); + /* nameHashAlg = ntohs(*(TPMI_ALG_HASH *)(out.nvName.t.name)); */ + nameHashAlg = ntohs(tmp16); + if ((nalg != TPM_ALG_NULL) && (nameHashAlg != nalg)) { + printf("nvreadpublic: TPM2B_NAME hash algorithm does not match expected\n"); + rc = TSS_RC_MALFORMED_NV_PUBLIC; + } + } + /* TPMS_NV_PUBLIC index vs expected */ + if (rc == 0) { + if (out.nvPublic.nvPublic.nvIndex != in.nvIndex) { + printf("nvreadpublic: TPM2B_NV_PUBLIC index does not match expected\n"); + rc = TSS_RC_MALFORMED_NV_PUBLIC; + } + } + /* save the public key */ + if ((rc == 0) && (nvPublicFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.nvPublic, + (MarshalFunction_t)TSS_TPM2B_NV_PUBLIC_Marshalu, + nvPublicFilename); + } + /* save the Name */ + if ((rc == 0) && (nameFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.nvName.b.buffer, + out.nvName.b.size, + nameFilename); + } + if (rc == 0) { + printf("nvreadpublic: name algorithm %04x\n", out.nvPublic.nvPublic.nameAlg); + printf("nvreadpublic: data size %u\n", out.nvPublic.nvPublic.dataSize); + printf("nvreadpublic: attributes %08x\n", out.nvPublic.nvPublic.attributes.val); + TSS_TPMA_NV_Print(out.nvPublic.nvPublic.attributes, 0); + TSS_PrintAll("nvreadpublic: policy", + out.nvPublic.nvPublic.authPolicy.t.buffer, + out.nvPublic.nvPublic.authPolicy.t.size); + TSS_PrintAll("nvreadpublic: name", + out.nvName.t.name, out.nvName.t.size); + if (noSpace) { + unsigned int b; + for (b = 0 ; b < out.nvName.t.size ; b++) { + printf("%02x", out.nvName.t.name[b]); + } + printf("\n"); + } + if (tssUtilsVerbose) printf("nvreadpublic: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvreadpublic: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvreadpublic\n"); + printf("\n"); + printf("Runs TPM2_NV_ReadPublic\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-nalg\texpected name hash algorithm (sha1, sha256, sha384 sha512)\n" + "\t\t(default no check)]\n"); + printf("\t[-opu\tNV public file name (default do not save)]\n"); + printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n"); + printf("\t[-on\tbinary format Name file name]\n"); + printf("\t\tUseful to paste into policy\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvsetbits.c b/libstb/tss2/ibmtpm20tss/utils/nvsetbits.c new file mode 100644 index 000000000000..e11515639371 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvsetbits.c @@ -0,0 +1,254 @@ +/********************************************************************************/ +/* */ +/* NV SetBits */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_SetBits_In in; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.bits = 0; /* default no bits */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.authHandle = nvIndex; + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_SetBits, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvsetbits: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvsetbits: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvsetbits\n"); + printf("\n"); + printf("Runs TPM2_NV_SetBits\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); + printf("\t[-bit\tbit to set, can be specified multiple times]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvundefinespace.c b/libstb/tss2/ibmtpm20tss/utils/nvundefinespace.c new file mode 100644 index 000000000000..32071dfc82c1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvundefinespace.c @@ -0,0 +1,258 @@ +/********************************************************************************/ +/* */ +/* NV Undefine Space */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_UndefineSpace_In in; + char hierarchyChar = 0; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *parentPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (hierarchyChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + in.nvIndex = nvIndex; /* the NV Index to remove from NV space */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_UndefineSpace, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvundefinespace: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvundefinespace: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvundefinespace\n"); + printf("\n"); + printf("Runs TPM2_NV_UndefineSpace\n"); + printf("\n"); + printf("\t-hi\thierarchy (o, p)\n"); + printf("\t\to owner, p platform\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdp\tpassword for hierarchy (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvundefinespacespecial.c b/libstb/tss2/ibmtpm20tss/utils/nvundefinespacespecial.c new file mode 100644 index 000000000000..408799eb78d7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvundefinespacespecial.c @@ -0,0 +1,244 @@ +/********************************************************************************/ +/* */ +/* NV Undefine Space Special */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_UndefineSpaceSpecial_In in; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + const char *platformPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (rc == 0) { + in.platform = TPM_RH_PLATFORM; + in.nvIndex = nvIndex; /* the NV Index to remove from NV space */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_UndefineSpaceSpecial, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, platformPassword, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvundefinespacespecial: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvundefinespacespecial: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvundefinespacespecial\n"); + printf("\n"); + printf("Runs TPM2_NV_UndefineSpaceSpecial\n"); + printf("\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwdp\tpassword for platform (default empty)]\n"); + printf("\t[-pwdn\tpassword for NV index (default empty)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvwrite.c b/libstb/tss2/ibmtpm20tss/utils/nvwrite.c new file mode 100644 index 000000000000..0d508a6a5c44 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvwrite.c @@ -0,0 +1,415 @@ +/********************************************************************************/ +/* */ +/* NV Write */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include "ekutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_Write_In in; + uint16_t offset = 0; /* default 0 */ + uint32_t pinPass = 0; /* these two initialized to suppress falose gcc -O3 + warnings */ + uint32_t pinLimit = 0; + int inData = FALSE; + unsigned int dataSource = 0; + const char *commandData = NULL; + const char *datafilename = NULL; + char hierarchyAuthChar = 0; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + uint32_t nvBufferMax; + size_t writeLength; /* file bytes to write */ + unsigned char *writeBuffer = NULL; /* file buffer to write */ + uint16_t bytesWritten; /* bytes written so far */ + int done = FALSE; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + if (dataSource > 1) { + printf("More than one input data source (-if, -ic, -id\n"); + printUsage(); + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyAuthChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("\n"); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* data may have to be written in chunks. Read the chunk size */ + if (rc == 0) { + rc = readNvBufferMax(tssContext, + &nvBufferMax); + } + /* if there is no input data source, default to 0 byte write */ + if ((rc == 0) && (dataSource == 0)) { + in.data.b.size = 0; + } + /* -if, file data can be written in chunks */ + if ((rc == 0) && (datafilename != NULL)) { + rc = TSS_File_ReadBinaryFile(&writeBuffer, /* freed @1 */ + &writeLength, + datafilename); + } + if ((rc == 0) && (datafilename != NULL)) { + if (writeLength > 0xffff) { /* overflow TPM2B uint16_t */ + printf("nvwrite: size %u greater than 0xffff\n", (unsigned int)writeLength); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* -id, for pin pass or pin fail */ + if ((rc == 0) && (inData)) { + uint32_t tmpData; + in.data.b.size = sizeof(uint32_t) + sizeof(uint32_t); + tmpData = htonl(pinPass); + memcpy(in.data.b.buffer, &tmpData, sizeof(tmpData)); + tmpData = htonl(pinLimit); + memcpy(in.data.b.buffer + sizeof(tmpData), &tmpData, sizeof(tmpData)); + } + /* -ic, command line data must fit in one write */ + if ((rc == 0) && (commandData != NULL)) { + rc = TSS_TPM2B_StringCopy(&in.data.b, commandData, nvBufferMax); + } + if (rc == 0) { + in.nvIndex = nvIndex; + in.offset = offset; /* beginning offset */ + bytesWritten = 0; + } + while ((rc == 0) && !done) { + uint16_t writeBytes = 0; /* bytes to write in this pass, initialized to + suppress false gcc -O3 warning */ + if (rc == 0) { + /* for data from file, write a chunk */ + if (datafilename != NULL) { + in.offset = offset + bytesWritten; + if ((uint32_t)(writeLength - bytesWritten) < nvBufferMax) { + writeBytes = (uint16_t)writeLength - bytesWritten; /* last chunk */ + } + else { + writeBytes = nvBufferMax; /* next chunk */ + } + rc = TSS_TPM2B_Create(&in.data.b, writeBuffer + bytesWritten, writeBytes, + sizeof(in.data.t.buffer)); + } + } + /* call TSS to execute the command */ + if (rc == 0) { + if (tssUtilsVerbose) printf("nvwrite: writing %u bytes\n", in.data.b.size); + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_Write, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + /* data file can be written in chunks, other options are single write */ + if (rc == 0) { + if (datafilename == NULL) { + done = TRUE; + } + else { + bytesWritten += writeBytes; + if (bytesWritten == writeLength) { + done = TRUE; + } + } + } + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvwrite: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvwrite: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + if (rc == TSS_RC_FILE_OPEN) { + printf("Possible cause: missing nvreadpublic before nvwrite\n"); + } + rc = EXIT_FAILURE; + } + free(writeBuffer); /* @1 */ + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvwrite\n"); + printf("\n"); + printf("Runs TPM2_NV_Write\n"); + printf("\n"); + printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwdn\tauthorization password (default empty)]\n"); + printf("\t\thierarchy or NV index password\n"); + printf("\t[-ic\tdata string]\n"); + printf("\t[-if\tdata file]\n"); + printf("\t[-id\tdata values, pinPass and pinLimit (4 bytes each)]\n"); + printf("\t\tif none is specified, a 0 byte write occurs\n"); + printf("\t\t-id is normally used for pin pass or pin fail indexes\n"); + printf("\t[-off\toffset (default 0)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/nvwritelock.c b/libstb/tss2/ibmtpm20tss/utils/nvwritelock.c new file mode 100644 index 000000000000..9d6c8cfff2bb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/nvwritelock.c @@ -0,0 +1,259 @@ +/********************************************************************************/ +/* */ +/* NV WriteLock */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + NV_WriteLock_In in; + char hierarchyAuthChar = 0; + TPMI_RH_NV_INDEX nvIndex = 0; + const char *nvPassword = NULL; /* default no password */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { + printf("NV index handle not specified or out of range, MSB not 01\n"); + printUsage(); + } + /* Authorization handle */ + if (rc == 0) { + if (hierarchyAuthChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyAuthChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyAuthChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("\n"); + printUsage(); + } + } + if (rc == 0) { + in.nvIndex = nvIndex; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_NV_WriteLock, + sessionHandle0, nvPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("nvwritelock: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("nvwritelock: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("nvwritelock\n"); + printf("\n"); + printf("Runs TPM2_NV_WriteLock\n"); + printf("\n"); + printf("\t[-hia\thierarchy authorization (o, p) (default index authorization)]\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t-pwdn\tpassword for NV index (default empty)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/objectchangeauth.c b/libstb/tss2/ibmtpm20tss/utils/objectchangeauth.c new file mode 100644 index 000000000000..64005d253f87 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/objectchangeauth.c @@ -0,0 +1,328 @@ +/********************************************************************************/ +/* */ +/* ObjectChangeAuth */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ObjectChangeAuth_In in; + ObjectChangeAuth_Out out; + TPMI_DH_OBJECT parentHandle = TPM_RH_NULL; + TPMI_DH_OBJECT objectHandle = TPM_RH_NULL; + const char *objectPassword = NULL; + const char *newPassword = NULL; + const char *newPasswordFilename = NULL; + uint8_t *newPasswordBuffer = NULL; + size_t newPasswordBufferLength = 0; + const char *newPasswordPtr = NULL; + const char *privateKeyFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (parentHandle == TPM_RH_NULL) { + printf("Missing or bad parent handle parameter -hp\n"); + printUsage(); + } + if (objectHandle == TPM_RH_NULL) { + printf("Missing or bad object handle parameter -ho\n"); + printUsage(); + } + if ((newPassword != NULL) && (newPasswordFilename != NULL)) { + printf("Only one of -pwdn and -ipwdn can be specified\n"); + printUsage(); + } + if (rc == 0) { + in.objectHandle = objectHandle; + in.parentHandle = parentHandle; + } + if (rc == 0) { + /* use passsword from command line */ + if (newPassword != NULL) { + newPasswordPtr = newPassword; + } + /* use password from file */ + else if (newPasswordFilename != NULL) { + rc = TSS_File_ReadBinaryFile(&newPasswordBuffer, /* freed @2 */ + &newPasswordBufferLength, + newPasswordFilename); + newPasswordPtr = (const char *)newPasswordBuffer; + } + /* empty password */ + else { + newPasswordPtr = NULL; + } + } + /* convert password string to TPM2B */ + if (rc == 0) { + if (newPasswordPtr == NULL) { + in.newAuth.t.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&in.newAuth.b, + newPasswordPtr, sizeof(in.newAuth.t.buffer)); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ObjectChangeAuth, + sessionHandle0, objectPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* save the private key */ + if ((rc == 0) && (privateKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPrivate, + (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshalu, + privateKeyFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("objectchangeauth: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("objectchangeauth: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("objectchangeauth\n"); + printf("\n"); + printf("Runs TPM2_ObjectChangeAuth\n"); + printf("\n"); + printf("\t-hp\tparent handle\n"); + printf("\t-ho\tobject handle\n"); + printf("\t[-pwdo\tpassword for object (default empty)]\n"); + printf("\t[-pwdn\tnew password for object (default empty)]\n"); + printf("\t[-pwdni\tnew password file for object, nul terminated (default empty)]\n"); + printf("\t[-opr\tprivate key file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c b/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c new file mode 100644 index 000000000000..06b07ef0c399 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c @@ -0,0 +1,582 @@ +/********************************************************************************/ +/* */ +/* Object Templates */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* These are templates suitable for creating typical objects. The functions are shared by create + and createprimary + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "objecttemplates.h" + +/* asymPublicTemplate() is a template for an ECC or RSA key. + + It can create these types: + + TYPE_ST: storage key (decrypt, restricted, RSA NULL scheme, EC NULL scheme) + TYPE_DEN: decryption key (not storage key, RSA NULL scheme, EC NULL scheme) + TYPE_DEO: decryption key (not storage key, RSA OAEP scheme, EC NULL scheme) + TYPE_DEE: decryption key (not storage key, RSA ES scheme, EC NULL scheme) + TYPE_SI: signing key (unrestricted, RSA NULL schemem EC NULL scheme) + TYPE_SIR: signing key (restricted, RSA RSASSA scheme, EC ECDSA scheme) + TYPE_GP: general purpose key + TYPE_DAA: signing key (unrestricted, ECDAA) + TYPE_DAAR: signing key (restricted, ECDAA) +*/ + +TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + int keyType, /* see above */ + TPMI_ALG_PUBLIC algPublic, /* RSA or ECC */ + TPMI_RSA_KEY_BITS keyBits, /* RSA modulus */ + TPMI_ECC_CURVE curveID, /* for ECC */ + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + publicArea->type = algPublic; /* RSA or ECC */ + publicArea->nameAlg = nalg; + + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_ST: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + case TYPE_SI: + case TYPE_DAA: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_SIR: + case TYPE_DAAR: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + case TYPE_GP: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + } + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + } + if (rc == 0) { + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + + /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ + if (algPublic == TPM_ALG_RSA) { + /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS rsaDetail */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ + publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + case TYPE_ST: + publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ + publicArea->parameters.rsaDetail.symmetric.keyBits.aes = 128; + /* Table 126 - TPMU_SYM_MODE mode */ + publicArea->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + break; + } + + /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME scheme */ + switch (keyType) { + case TYPE_DEN: + case TYPE_GP: + case TYPE_ST: + case TYPE_SI: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; + break; + case TYPE_DEO: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_OAEP; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg; + break; + case TYPE_DEE: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSAES; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg; + break; + case TYPE_SIR: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSASSA; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg; + break; + } + + /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type keyBits */ + publicArea->parameters.rsaDetail.keyBits = keyBits; + publicArea->parameters.rsaDetail.exponent = 0; + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 177 - Definition of TPMU_PUBLIC_ID */ + publicArea->unique.rsa.t.size = 0; + } + else { /* algPublic == TPM_ALG_ECC */ + /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure eccDetail */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_DAA: + case TYPE_DAAR: + case TYPE_GP: + /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ + publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + case TYPE_ST: + publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; + /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ + publicArea->parameters.eccDetail.symmetric.keyBits.aes = 128; + /* Table 126 - TPMU_SYM_MODE mode */ + publicArea->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB; + break; + } + /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure scheme */ + /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type scheme */ + switch (keyType) { + case TYPE_GP: + case TYPE_SI: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ + publicArea->parameters.eccDetail.curveID = curveID; + /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ + /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + break; + case TYPE_SIR: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + publicArea->parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg; + /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ + publicArea->parameters.eccDetail.curveID = curveID; + /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ + /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + /* Table 149 - Definition of TPMU_KDF_SCHEME Union */ + /* Table 148 - Definition of Types for KDF Schemes, hash-based key- + or mask-generation functions */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure hashAlg */ + publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = halg; + break; + case TYPE_DAA: + case TYPE_DAAR: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA; + publicArea->parameters.eccDetail.scheme.details.ecdaa.hashAlg = halg; + publicArea->parameters.eccDetail.scheme.details.ecdaa.count = 1; + publicArea->parameters.eccDetail.curveID = curveID; + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + publicArea->unique.ecc.y.t.size = 0; + publicArea->unique.ecc.x.t.size = 0; + break; + case TYPE_ST: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + publicArea->parameters.eccDetail.scheme.details.anySig.hashAlg = 0; + publicArea->parameters.eccDetail.curveID = TPM_ECC_NIST_P256; + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0; + break; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 177 - Definition of TPMU_PUBLIC_ID */ + publicArea->unique.ecc.x.t.size = 0; + publicArea->unique.ecc.y.t.size = 0; + } + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* symmetricCipherTemplate() is a template for an AES 128 CFB key + + */ + +TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + int rev116, /* TPM rev 116 compatibility, sets SIGN */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + publicArea->type = TPM_ALG_SYMCIPHER; + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + /* rev 116 used DECRYPT for both decrypt and encrypt. After 116, encrypt required SIGN */ + if (!rev116) { + /* actually encrypt */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + } + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ + { + /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS symDetail */ + { + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT sym */ + /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ + publicArea->parameters.symDetail.sym.algorithm = TPM_ALG_AES; + /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ + publicArea->parameters.symDetail.sym.keyBits.aes = 128; + /* Table 126 - Definition of TPMU_SYM_MODE Union */ + publicArea->parameters.symDetail.sym.mode.aes = TPM_ALG_CFB; + } + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* keyedHashPublicTemplate() is a template for an HMAC key + + It can create these types: + + TYPE_KH: HMAC key, unrestricted + TYPE_KHR: HMAC key, restricted +*/ + +TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + int keyType, /* see above */ + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + switch (keyType) { + case TYPE_KH: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_KHR: + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + } + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg = halg; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* derivationParentPublicTemplate() is a template for a derivation parent + + The key is not restricted +*/ + +TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be + overridden here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means + empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDTPM; + publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_XOR; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + publicArea->parameters.keyedHashDetail.scheme.details.xorr.kdf = TPM_ALG_KDF1_SP800_108; + publicArea->parameters.keyedHashDetail.scheme.details.xorr.hashAlg = halg; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* blPublicTemplate() is a template for a sealed data blob. + +*/ + +TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +TPM_RC getPolicy(TPMT_PUBLIC *publicArea, + const char *policyFilename) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (policyFilename != NULL) { + rc = TSS_File_Read2B(&publicArea->authPolicy.b, + sizeof(publicArea->authPolicy.t.buffer), + policyFilename); + } + else { + publicArea->authPolicy.t.size = 0; /* default empty policy */ + } + } + return rc; +} + +void printUsageTemplate(void) +{ + printf("\t[Asymmetric Key Algorithm]\n"); + printf("\n"); + printf("\t-rsa keybits (default)\n"); + printf("\t\t(2048 default)\n"); + printf("\t-ecc curve\n"); + printf("\t\tbnp256\n"); + printf("\t\tnistp256\n"); + printf("\t\tnistp384\n"); + printf("\n"); + printf("\tKey attributes\n"); + printf("\n"); + printf("\t\t-bl\tdata blob for unseal (create only)\n"); + printf("\t\t\trequires -if\n"); + printf("\t\t-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n"); + printf("\t\t-deo\tdecryption, (unrestricted, RSA OAEP, EC NULL scheme)\n"); + printf("\t\t-dee\tdecryption, (unrestricted, RSA ES, EC NULL scheme)\n"); + printf("\t\t-des\tencryption/decryption, AES symmetric\n"); + printf("\t\t\t[-116 for TPM rev 116 compatibility]\n"); + printf("\t\t-st\tstorage (restricted)\n"); + printf("\t\t\t[default for primary keys]\n"); + printf("\t\t-si\tunrestricted signing (RSA and EC NULL scheme)\n"); + printf("\t\t-sir\trestricted signing (RSA RSASSA, EC ECDSA scheme)\n"); + printf("\t\t-dau\tunrestricted ECDAA signing key pair\n"); + printf("\t\t-dar\trestricted ECDAA signing key pair\n"); + printf("\t\t-kh\tkeyed hash (unrestricted, hmac)\n"); + printf("\t\t-khr\tkeyed hash (restricted, hmac)\n"); + printf("\t\t-dp\tderivation parent\n"); + printf("\t\t-gp\tgeneral purpose, not storage\n"); + printf("\n"); + printf("\t\t[-kt\t(can be specified more than once)]\n" + "\t\t\tf\tfixedTPM (default for primary keys and derivation parents)\n" + "\t\t\tp\tfixedParent (default for primary keys and derivation parents)\n" + "\t\t\tnf\tno fixedTPM (default for non-primary keys)\n" + "\t\t\tnp\tno fixedParent (default for non-primary keys)\n" + "\t\t\ted\tencrypted duplication (default not set)\n"); + printf("\t[-da\tobject subject to DA protection (default no)]\n"); + printf("\t[-pol\tpolicy file (default empty)]\n"); + printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); + printf("\t[-if\tdata (inSensitive) file name]\n"); + printf("\n"); + printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + return; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/objecttemplates.h b/libstb/tss2/ibmtpm20tss/utils/objecttemplates.h new file mode 100644 index 000000000000..8779178180c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/objecttemplates.h @@ -0,0 +1,108 @@ +/********************************************************************************/ +/* */ +/* Object Templates */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef OBJECTTEMPLATES_H +#define OBJECTTEMPLATES_H + +/* object type */ + +#define TYPE_BL 1 +#define TYPE_ST 2 +#define TYPE_DEN 3 +#define TYPE_DEO 4 +#define TYPE_SI 5 +#define TYPE_SIR 6 +#define TYPE_GP 7 +#define TYPE_DES 8 +#define TYPE_KH 9 +#define TYPE_DP 10 +#define TYPE_DAA 11 +#define TYPE_DAAR 12 +#define TYPE_KHR 13 +#define TYPE_DEE 14 + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, + TPMA_OBJECT addObjectAttributes, + TPMA_OBJECT deleteObjectAttributes, + int type, + TPMI_ALG_PUBLIC algPublic, + TPMI_RSA_KEY_BITS keyBits, + TPMI_ECC_CURVE curveID, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *policyFilename); + TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, + TPMA_OBJECT addObjectAttributes, + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, + int rev116, + const char *policyFilename); + TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, + TPMA_OBJECT addObjectAttributes, + TPMA_OBJECT deleteObjectAttributes, + int type, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *policyFilename); + TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, + TPMA_OBJECT addObjectAttributes, + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, + TPMI_ALG_HASH halg, + const char *policyFilename); + TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, + TPMA_OBJECT addObjectAttributes, + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, + const char *policyFilename); + + void printUsageTemplate(void); + + TPM_RC getPolicy(TPMT_PUBLIC *publicArea, + const char *policyFilename); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/pcrallocate.c b/libstb/tss2/ibmtpm20tss/utils/pcrallocate.c new file mode 100644 index 000000000000..70007dc8447d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/pcrallocate.c @@ -0,0 +1,342 @@ +/********************************************************************************/ +/* */ +/* PCR_Allocate */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void setPcrSelect(TPMS_PCR_SELECTION *pcrSelections, + TPM_ALG_ID hashAlg, + uint8_t select); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PCR_Allocate_In in; + PCR_Allocate_Out out; + const char *platformPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + unsigned int bankNumber = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* at least one bank must be selected */ + if (rc == 0) { + if (bankNumber == 0) { + printf("No PCR algorithm specified\n"); + printUsage(); + } + } + if (rc == 0) { + in.authHandle = TPM_RH_PLATFORM; + in.pcrAllocation.count = bankNumber; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Allocate, + sessionHandle0, platformPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("pcrallocate: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("pcrallocate: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void setPcrSelect(TPMS_PCR_SELECTION *pcrSelections, + TPM_ALG_ID hashAlg, + uint8_t select) +{ + pcrSelections->hash = hashAlg; + pcrSelections->sizeofSelect = 3; + pcrSelections->pcrSelect[0] = select; + pcrSelections->pcrSelect[1] = select; + pcrSelections->pcrSelect[2] = select; + return; +} + +static void printUsage(void) +{ + printf("\n"); + printf("pcrallocate\n"); + printf("\n"); + printf("Runs TPM2_PCR_Allocate\n"); + printf("\n"); + printf("\nAllocates banks for a full set of PCR 0-23. Not all\n" + "hardware TPMs support multiple banks or all algorithms\n"); + printf("\n"); + printf("\t[-pwdp\tplatform hierarchy password (default empty)]\n"); + printf("\t+sha1 -sha1 allocate / deallocate a SHA-1 bank\n"); + printf("\t+sha256 -sha256 allocate / deallocate a SHA-256 bank\n"); + printf("\t+sha384 -sha384 allocate / deallocate a SHA-384 bank\n"); + printf("\t+sha512 -sha512 allocate / deallocate a SHA-512 bank\n"); + printf("\t\tMore than one algorithm can be specified\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/pcrevent.c b/libstb/tss2/ibmtpm20tss/utils/pcrevent.c new file mode 100644 index 000000000000..affd0edf2525 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/pcrevent.c @@ -0,0 +1,317 @@ +/********************************************************************************/ +/* */ +/* PCR_Event */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PCR_Event_In in; + PCR_Event_Out out; + TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; + const char *data = NULL; + const char *datafilename = NULL; + const char *outFilename1 = NULL; /* for sha1 */ + const char *outFilename2 = NULL; /* for sha256 */ + const char *outFilename3 = NULL; /* for sha384 */ + const char *outFilename5 = NULL; /* for sha512 */ + int process1 = FALSE; /* these catch the case */ + int process2 = FALSE; /* where an output file was */ + int process3 = FALSE; /* specified but the TPM did */ + int process5 = FALSE; /* not return the algorithm */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i= IMPLEMENTATION_PCR) { + printf("Missing or bad PCR handle parameter -ha\n"); + printUsage(); + } + if ((data == NULL) && (datafilename == NULL)) { + printf("Data string or data file must be specified\n"); + printUsage(); + } + if ((data != NULL) && (datafilename != NULL)) { + printf("Data string and data file cannot both be specified\n"); + printUsage(); + } + if (rc == 0) { + in.pcrHandle = pcrHandle; + } + if (rc == 0) { + if (data != NULL) { + if (tssUtilsVerbose) printf("Event data %u bytes\n", (unsigned int)strlen(data)); + rc = TSS_TPM2B_StringCopy(&in.eventData.b, data, sizeof(in.eventData.t.buffer)); + } + } + if (datafilename != NULL) { + rc = TSS_File_Read2B(&in.eventData.b, + sizeof(in.eventData.t.buffer), + datafilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Event, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint32_t c; + printf("pcrevent: success\n"); + /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ + /* Table 71 - Definition of TPMT_HA Structure digests[] */ + /* Table 70 - Definition of TPMU_HA Union digests */ + printf("pcrevent: count %u\n", out.digests.count); + + for (c = 0 ; c < out.digests.count ;c++) { + switch (out.digests.digests[c].hashAlg) { + case TPM_ALG_SHA1: + if (tssUtilsVerbose) printf("Hash algorithm SHA-1\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.digests.digests[c].digest.sha1, + SHA1_DIGEST_SIZE); + if (outFilename1 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha1, + SHA1_DIGEST_SIZE, + outFilename1); + process1 = FALSE; + } + break; + case TPM_ALG_SHA256: + if (tssUtilsVerbose) printf("Hash algorithm SHA-256\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.digests.digests[c].digest.sha256, + SHA256_DIGEST_SIZE); + if (outFilename2 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha256, + SHA256_DIGEST_SIZE, + outFilename2); + process2 = FALSE; + } + break; + case TPM_ALG_SHA384: + if (tssUtilsVerbose) printf("Hash algorithm SHA-384\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.digests.digests[c].digest.sha384, + SHA384_DIGEST_SIZE); + if (outFilename3 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha384, + SHA384_DIGEST_SIZE, + outFilename3); + process3 = FALSE; + } + break; + case TPM_ALG_SHA512: + if (tssUtilsVerbose) printf("Hash algorithm SHA-512\n"); + if (tssUtilsVerbose) TSS_PrintAll("Digest", + (uint8_t *)&out.digests.digests[c].digest.sha512, + SHA512_DIGEST_SIZE); + if (outFilename5 != NULL) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha512, + SHA512_DIGEST_SIZE, + outFilename5); + process5 = FALSE; + } + break; + default: + printf("Hash algorithm %04x unknown\n", out.digests.digests[c].hashAlg); + break; + } + } + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("pcrevent: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + if (rc == 0) { + if (process1) { + printf("-of1 specified but TPM did not return SHA-1\n"); + rc = EXIT_FAILURE; + } + if (process2) { + printf("-of2 specified but TPM did not return SHA-256\n"); + rc = EXIT_FAILURE; + } + if (process3) { + printf("-of3 specified but TPM did not return SHA-384\n"); + rc = EXIT_FAILURE; + } + if (process5) { + printf("-of5 specified but TPM did not return SHA-512\n"); + rc = EXIT_FAILURE; + } + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("pcrevent\n"); + printf("\n"); + printf("Runs TPM2_PCR_Event\n"); + printf("\n"); + printf("\t-ha\tpcr handle\n"); + printf("\t-ic\tdata string\n"); + printf("\t-if\tdata file\n"); + printf("\t[-of1\tsha1 output digest file (default do not save)]\n"); + printf("\t[-of2\tsha256 output digest file (default do not save)]\n"); + printf("\t[-of3\tsha384 output digest file (default do not save)]\n"); + printf("\t[-of5\tsha512 output digest file (default do not save)]\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/pcrextend.c b/libstb/tss2/ibmtpm20tss/utils/pcrextend.c new file mode 100644 index 000000000000..be582099c40d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/pcrextend.c @@ -0,0 +1,269 @@ +/********************************************************************************/ +/* */ +/* PCR_Extend */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + uint32_t algs; /* hash algorithm iterator */ + TSS_CONTEXT *tssContext = NULL; + PCR_Extend_In in; + TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; + const char *dataString = NULL; + const char *datafilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ + in.digests.count = 0xffffffff; /* flag for default hash algorithm */ + + /* command line argument defaults */ + for (i=1 ; (i HASH_COUNT) { + printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT); + printUsage(); + } + i++; + if (i < argc) { + /* Table 100 - Definition of TPML_DIGEST_VALUES Structure digests */ + /* Table 71 - Definition of TPMT_HA Structure */ + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type hashAlg */ + if (strcmp(argv[i],"sha1") == 0) { + in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA1; + } + else if (strcmp(argv[i],"sha256") == 0) { + in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA256; + } + else if (strcmp(argv[i],"sha384") == 0) { + in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA384; + } + else if (strcmp(argv[i],"sha512") == 0) { + in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA512; + } + else { + printf("Bad parameter %s for -halg\n", argv[i]); + printUsage(); + } + } + else { + printf("-halg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-ic") == 0) { + i++; + if (i < argc) { + dataString = argv[i]; + } + else { + printf("-ic option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i], "-if") == 0) { + i++; + if (i < argc) { + datafilename = argv[i]; + } else { + printf("-if option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (pcrHandle >= IMPLEMENTATION_PCR) { + printf("Missing or bad PCR handle parameter -ha\n"); + printUsage(); + } + if ((dataString == NULL) && (datafilename == NULL)) { + printf("Data string or data file must be specified\n"); + printUsage(); + } + if ((dataString != NULL) && (datafilename != NULL)) { + printf("Data string and data file cannot both be specified\n"); + printUsage(); + } + if ((dataString != NULL) && (strlen(dataString) > sizeof(TPMU_HA))) { + printf("Data length greater than maximum hash size %lu bytes\n", + (unsigned long)sizeof(TPMU_HA)); + printUsage(); + } + /* handle default hash algorithm */ + if (in.digests.count == 0xffffffff) { /* if none specified */ + in.digests.count = 1; + in.digests.digests[0].hashAlg = TPM_ALG_SHA256; + } + if (rc == 0) { + in.pcrHandle = pcrHandle; + /* Table 70 - Definition of TPMU_HA Union */ + /* append zero padding to maximum hash algorithm length */ + for (algs = 0 ; algs < in.digests.count ; algs++) { + memset((uint8_t *)&in.digests.digests[algs].digest, 0, sizeof(TPMU_HA)); + } + } + if (rc == 0) { + if (dataString != NULL) { + if (tssUtilsVerbose) printf("Extending %u bytes from stream into %u banks\n", + (unsigned int)strlen(dataString), in.digests.count); + for (algs = 0 ; algs < in.digests.count ; algs++) { + memcpy((uint8_t *)&in.digests.digests[algs].digest, + dataString, strlen(dataString)); + } + } + } + if (datafilename != NULL) { + unsigned char *fileData = NULL; + size_t length; + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&fileData, /* freed @1 */ + &length, datafilename); + } + if (rc == 0) { + if (length > sizeof(TPMU_HA)) { + printf("Data length greater than maximum hash size %lu bytes\n", + (unsigned long)sizeof(TPMU_HA)); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("Extending %u bytes from file into %u banks\n", + (unsigned int)length, in.digests.count); + for (algs = 0 ; algs < in.digests.count ; algs++) { + memcpy((uint8_t *)&in.digests.digests[algs].digest, fileData, length); + } + } + free(fileData); /* @1 */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("pcrextend: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("pcrextend: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("pcrextend\n"); + printf("\n"); + printf("Runs TPM2_PCR_Extend\n"); + printf("\n"); + printf("\t-ha\tpcr handle\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t\t-halg may be specified more than once\n"); + printf("\n"); + printf("\t-ic\tdata string, 0 pad appended to halg length\n"); + printf("\t-if\tdata file, 0 pad appended to halg length\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/pcrread.c b/libstb/tss2/ibmtpm20tss/utils/pcrread.c new file mode 100644 index 000000000000..768af5046d9d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/pcrread.c @@ -0,0 +1,437 @@ +/********************************************************************************/ +/* */ +/* PCR_Read */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include +#include + +static void printPcrRead(PCR_Read_Out *out); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PCR_Read_In in; + PCR_Read_Out out; + TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; + const char *datafilename = NULL; + TPMI_ALG_HASH ahalg = TPM_ALG_SHA256; + uint32_t sizeInBytes = 0; /* initialized to suppress false gcc -O3 + warning */ + const char *sadfilename = NULL; + int noSpace = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.pcrSelectionIn.count = 0xffffffff; + + /* command line argument defaults */ + for (i=1 ; (i HASH_COUNT) { + printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT); + printUsage(); + } + i++; + if (i < argc) { + if (strcmp(argv[i],"sha1") == 0) { + in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA1; + } + else if (strcmp(argv[i],"sha256") == 0) { + in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA256; + } + else if (strcmp(argv[i],"sha384") == 0) { + in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA384; + } + else if (strcmp(argv[i],"sha512") == 0) { + in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA512; + } + else { + printf("Bad parameter %s for -halg\n", argv[i]); + printUsage(); + } + } + else { + printf("-halg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-ahalg") == 0) { + i++; + if (i < argc) { + if (strcmp(argv[i],"sha1") == 0) { + ahalg = TPM_ALG_SHA1; + } + else if (strcmp(argv[i],"sha256") == 0) { + ahalg = TPM_ALG_SHA256; + } + else if (strcmp(argv[i],"sha384") == 0) { + ahalg = TPM_ALG_SHA384; + } + else if (strcmp(argv[i],"sha512") == 0) { + ahalg = TPM_ALG_SHA512; + } + else { + printf("Bad parameter %s for -ahalg\n", argv[i]); + printUsage(); + } + } + else { + printf("-halg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i], "-of") == 0) { + i++; + if (i < argc) { + datafilename = argv[i]; + } else { + printf("-of option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i], "-iosad") == 0) { + i++; + if (i < argc) { + sadfilename = argv[i]; + } else { + printf("-iosad option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-ns") == 0) { + noSpace = TRUE; + } + else if (strcmp(argv[i],"-se0") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle0); + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes0); + if (sessionAttributes0 > 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (pcrHandle >= IMPLEMENTATION_PCR) { + printf("Missing or bad PCR handle parameter -ha\n"); + printUsage(); + } + /* handle default hash algorithm */ + if (in.pcrSelectionIn.count == 0xffffffff) { /* if none specified */ + in.pcrSelectionIn.count = 1; + in.pcrSelectionIn.pcrSelections[0].hash = TPM_ALG_SHA256; + } + if (rc == 0) { + uint16_t c; + /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ + for (c = 0 ; c < in.pcrSelectionIn.count ; c++) { + in.pcrSelectionIn.pcrSelections[c].sizeofSelect = 3; + in.pcrSelectionIn.pcrSelections[c].pcrSelect[0] = 0; + in.pcrSelectionIn.pcrSelections[c].pcrSelect[1] = 0; + in.pcrSelectionIn.pcrSelections[c].pcrSelect[2] = 0; + in.pcrSelectionIn.pcrSelections[c].pcrSelect[pcrHandle / 8] = 1 << (pcrHandle % 8); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Read, + sessionHandle0, NULL, sessionAttributes0, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* first hash algorithm, in binary */ + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("pcrread: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + if ((rc == 0) && (datafilename != NULL) && (out.pcrValues.count != 0)) { + rc = TSS_File_WriteBinaryFile(out.pcrValues.digests[0].t.buffer, + out.pcrValues.digests[0].t.size, + datafilename); + } + /* auth session hash algorithm for cpHash and rpHash */ + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(ahalg); + } + /* option to output cpHash and rpHash to test session audit of PCR Read */ + if (sadfilename != NULL) { + TPMT_HA cpHash; + uint8_t cpBuffer [MAX_COMMAND_SIZE]; + uint16_t cpBufferSize = 0; + TPMT_HA rpHash; + uint8_t rpBuffer [MAX_RESPONSE_SIZE]; + uint16_t rpBufferSize = 0; + uint8_t *tmpptr; + uint32_t tmpsize; + TPMT_HA sessionDigest; + uint8_t *sessionDigestData = NULL; + size_t sessionDigestSize; + /* calculate cpHash from CC || parameters */ + if (rc == 0) { + tmpptr = cpBuffer; + tmpsize = sizeof(cpBuffer); + rc = TSS_TPML_PCR_SELECTION_Marshalu(&in.pcrSelectionIn, + &cpBufferSize, &tmpptr, &tmpsize); + } + if (rc == 0) { + TPM_CC commandCode = TPM_CC_PCR_Read; + TPM_CC commandCodeNbo = htonl(commandCode); + cpHash.hashAlg = ahalg; + rc = TSS_Hash_Generate(&cpHash, /* largest size of a digest */ + sizeof(TPM_CC), &commandCodeNbo, + cpBufferSize, cpBuffer, + 0, NULL); + } + if ((rc == 0) && tssUtilsVerbose) { +#if 0 + TSS_PrintAll("cpBuffer", cpBuffer, cpBufferSize); + TSS_PrintAll("cpHash", (uint8_t *)&cpHash.digest, sizeInBytes); +#endif + } + /* calculate rpHash from RC || CC || parameters */ + if (rc == 0) { + tmpptr = rpBuffer; + tmpsize = sizeof(rpBuffer); + rc = TSS_UINT32_Marshalu(&out.pcrUpdateCounter, + &rpBufferSize, &tmpptr, &tmpsize); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&out.pcrSelectionOut, + &rpBufferSize, &tmpptr, &tmpsize); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_Marshalu(&out.pcrValues, + &rpBufferSize, &tmpptr, &tmpsize); + } + if (rc == 0) { + TPM_CC commandCode = TPM_CC_PCR_Read; + TPM_CC commandCodeNbo = htonl(commandCode); + rpHash.hashAlg = ahalg; + rc = TSS_Hash_Generate(&rpHash, /* largest size of a digest */ + sizeof(TPM_RC), &rc, /* RC is always 0, no need to endian + convert */ + sizeof(TPM_CC), &commandCodeNbo, + rpBufferSize, rpBuffer, + 0, NULL); + } + if ((rc == 0) && tssUtilsVerbose) { +#if 0 + TSS_PrintAll("rpBuffer", rpBuffer, rpBufferSize); + TSS_PrintAll("rpHash", (uint8_t *)&rpHash.digest, sizeInBytes); +#endif + } + /* read the original session digest, must be initialized to all zero */ + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&sessionDigestData, /* freed @1 */ + &sessionDigestSize, + sadfilename); + } + /* sanity check the size against the session digest hash algorithm */ + if (rc == 0) { + if (sizeInBytes != sessionDigestSize) { + printf("pcrread: -ahalg size %u does not match digest size %u from %s\n", + (unsigned int)sizeInBytes, (unsigned int)sessionDigestSize, sadfilename); + } + } + /* extend cpHash and rpHash */ + if (rc == 0) { + sessionDigest.hashAlg = ahalg; + rc = TSS_Hash_Generate(&sessionDigest, + sizeInBytes, sessionDigestData, + sizeInBytes, (uint8_t *)&cpHash.digest, + sizeInBytes, (uint8_t *)&rpHash.digest, + 0, NULL); + } + if ((rc == 0) && tssUtilsVerbose) { + TSS_PrintAll("Session digest old", sessionDigestData, sizeInBytes); + TSS_PrintAll("Session digest new", (uint8_t *)&sessionDigest.digest, sizeInBytes); + } + if (rc == 0) { + /* write back the result */ + rc = TSS_File_WriteBinaryFile((uint8_t *)&sessionDigest.digest, + sizeInBytes, + sadfilename); + } + free(sessionDigestData); /* @1 */ + } + if (rc == 0) { + /* machine readable format */ + if (noSpace) { + uint32_t count; + /* TPM can return count 0 if the requested algorithm is not allocated */ + if (out.pcrValues.count != 0) { + for (count = 0 ; count < out.pcrValues.count ; count++) { + uint32_t bp; + for (bp = 0 ; bp < out.pcrValues.digests[count].t.size ; bp++) { + printf("%02x", out.pcrValues.digests[count].t.buffer[bp]); + } + printf("\n"); + } + } + else { + printf("count %u\n", out.pcrValues.count); + } + } + /* human readable format, all hash algorithms */ + else { + printPcrRead(&out); + if (tssUtilsVerbose) printf("pcrread: success\n"); + } + } + return rc; +} + +static void printPcrRead(PCR_Read_Out *out) +{ + uint32_t i; + + /* Table 99 - Definition of TPML_DIGEST Structure */ + printf("count %u pcrUpdateCounter %u \n", out->pcrValues.count, out->pcrUpdateCounter); + for (i = 0 ; i < out->pcrValues.count ; i++) { + TSS_PrintAll("digest", out->pcrValues.digests[i].t.buffer, out->pcrValues.digests[i].t.size); + } + return; +} + +static void printUsage(void) +{ + printf("\n"); + printf("pcrread\n"); + printf("\n"); + printf("Runs TPM2_PCR_Read\n"); + printf("\n"); + printf("\t-ha\tpcr handle\n"); + printf("\t-halg\t(sha1, sha256, sha384, sha512) (default sha256)\n"); + printf("\t\t-halg may be specified more than once\n"); + printf("\t[-of\tdata file for first algorithm specified, in binary]\n"); + printf("\t[-ahalg\t to extend session audit digest for testing (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-iosad\t file for session audit digest testing]\n"); + printf("\t[-ns\tno space, no text, no newlines]\n"); + printf("\t\tUsed for scripting policy construction\n"); + printf("\n"); + printf("\t-se0 session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/pcrreset.c b/libstb/tss2/ibmtpm20tss/utils/pcrreset.c new file mode 100644 index 000000000000..f47e673a40c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/pcrreset.c @@ -0,0 +1,144 @@ +/********************************************************************************/ +/* */ +/* PCR_Reset */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PCR_Reset_In in; + TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i= IMPLEMENTATION_PCR) { + printf("Missing or bad PCR handle parameter -ha\n"); + printUsage(); + } + if (rc == 0) { + in.pcrHandle = pcrHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PCR_Reset, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("pcrreset: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("pcrreset: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("pcrreset\n"); + printf("\n"); + printf("Runs TPM2_PCR_Reset\n"); + printf("\n"); + printf("\t-ha\tpcr handle\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/Policies.txt b/libstb/tss2/ibmtpm20tss/utils/policies/Policies.txt new file mode 100644 index 000000000000..165bb7c11ec2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/Policies.txt @@ -0,0 +1,138 @@ +################################################################################# +# # +# TPM2 regression test Directory of files # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +Note that PolicySecret uses a double hash, with the second hash being +the policyRef. An empty policyRef is represented by a blank line. + +aaa the characters aaa +bits48321601.bin uint64 with those bits set +msgtpmgen.bin message with TPM_GENERATED +policyauthorizesha1.txt policyauthorize using rsapubkey.pem +policyauthorizesha256.txt " +policyauthorizesha384.txt " +policyauthorizesha512.txt " +policyauthorizenv.txt policy authorize NV +policyauthorizenv-unseal.txt policyauthorizenv + policyccunseal +policyccactivate.txt policy command code activate credential +policycccertify.txt policy command code certify +policycccreate-auth.txt policy command code create + policy authvalue +policyccduplicate.txt policy command code duplicate +policyccnvchangeauth-auth.txt policy command code nvchangeauth + policy authvalue +policyccquote.txt policy command code quote +policyccsign.txt policy command code sign +policyccsign-auth.txt policy command code sign + policy authvalue +policyccundefinespacespecial-auth policy command code undefinespacespecial + policy authvalue +policycountertimer.txt policy counter timer +policycphash.txt policy cphash +policycphashhash.txt policy cphash data +policydupsel-no.txt policy duplicatation select no includeObject +policydupsel-yes.txt policy duplicatation select with includeObject +policyiwgek.txt standard IWG EK policy, and IWG PolicyA (EH auth) +policyiwgekcsha256.txt standard IWG EK policyC (auth NV) +policyiwgekcsha384.txt standard IWG EK policyC +policyiwgekcsha512.txt standard IWG EK policyC +policyiwgekbsha256.txt standard IWG EK policyB (policy OR) +policyiwgekbsha384.txt standard IWG EK policyB (policy OR) +policyiwgekbsha512.txt standard IWG EK policyB (policy OR) +policynvargs.txt policy nv arguments +policynvnv.txt policy nv has name and args +policyor.txt policy command code sign | quote +policypcr.txt policy pcr intermediate file +policypcr0.txt 20 zeros +policypcr16aaasha1.txt sha1 PCR 16 extend of aaa +policypcr16aaasha256.txt sha256 PCR 16 extend of aaa +policypcr16aaasha384.txt sha384 PCR 16 extend of aaa +policypcr16aaasha512.txt sha512 PCR 16 extend of aaa +policysecretnv.txt policy secret using nv index +policysecretnvpf.txt policy secret using NV PIN fail index +policysecretnvpp.txt policy secret using NV PIN pass index +policysecretp.txt policy secret using platform auth +policysecretsha256.txt policy secret using loaded object +policysignedsha1.txt policy signed using pubkey.pem Name +policysignedsha256.txt policy signed using pubkey.pem Name +policysignedsha384.txt policy signed using pubkey.pem Name +policysignedsha512.txt policy signed using pubkey.pem Name +policytemplate.txt template hash input to policytemplatehash +policytemplatehash.txt policy template for signing key +policywrittenset.txt policy nv written with written set + +policywrittenclrsigned.txt policy nv written with written clear + policy signed +policywrittensetsigned.txt policy nv written with written set + policy signed +policyorwrittensigned.txt policy OR of the above two policies + +pnhnamehash.txt name hash + +nvwritecphasha.txt intermediate value +nvwriteahasha.txt intermediate value externally signed +nvwritecphashb.txt intermediate value +nvwriteahashb.txt intermediate value externally signed + +privkey.pem RSA private key for policy signed +pubkey.pem RSA public key for policy signed +p256privkey.pem ECC private key for policy signed +p256pubkey.pem ECC public key for policy signed + +sha1.bin big endian sha1 algorithm ID, for policyAuthorizeNV +sha256.bin big endian sha256 algorithm ID, for policyAuthorizeNV +sha384.bin big endian sha384 algorithm ID, for policyAuthorizeNV +sha512.bin big endian sha512 algorithm ID, for policyAuthorizeNV + +sha1aaa.bin sha1 of aaa +sha1extaaa.bin sha1 extend of aaa +sha1extaaa0.bin sha1 extend of aaa zero padded +sha1exthaaa.bin sha1 extend of hash of aaa + +sha256aaa.bin sha256 of aaa +sha256extaaa.bin sha256 extend of aaa +sha256extaaa0.bin sha256 extend of aaa zero padded +sha256exthaaa.bin sha256 extend of hash of aaa + +sha384aaa.bin sha384 of aaa +sha384extaaa.bin sha384 extend of aaa +sha384exthaaa.bin sha384 extend of hash of aaa +sha384extaaa0.bin sha384 extend of aaa zero padded + +sha512aaa.bin sha512 of aaa +sha512extaaa.bin sha512 extend of aaa +sha512exthaaa.bin sha512 extend of hash of aaa +sha512extaaa0.bin sha512 extend of aaa zero padded + +zero4.bin 4 bytes of zero (e.g., just expiration data for policysigned) +zero8.bin 8 bytes of zero +zerosha256.bin 32 bytes of zero \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/aaa b/libstb/tss2/ibmtpm20tss/utils/policies/aaa new file mode 100644 index 000000000000..7c4a013e52c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/aaa @@ -0,0 +1 @@ +aaa \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/bits48321601.bin b/libstb/tss2/ibmtpm20tss/utils/policies/bits48321601.bin new file mode 100644 index 0000000000000000000000000000000000000000..97baddd9cce02a3237d33aab4b23cb829b8e2b83 GIT binary patch literal 8 LcmZQzWB@||02lxT literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/msgtpmgen.bin b/libstb/tss2/ibmtpm20tss/utils/policies/msgtpmgen.bin new file mode 100644 index 000000000000..4caf4d3277da --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/msgtpmgen.bin @@ -0,0 +1 @@ +ÿTCG1234567890123456 \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.bin b/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.bin new file mode 100644 index 0000000000000000000000000000000000000000..c6c65138fc2cd8a30daa65ea7ebf6c2804e643f6 GIT binary patch literal 36 scmZQzU|={uL+)J$i}l@iJgfJVZcg53^YfjOR>clAd$#J$p*qV10S-zJ5&!@I literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.txt b/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.txt new file mode 100644 index 000000000000..1cd347b78382 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahasha.txt @@ -0,0 +1 @@ +00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahashb.bin b/libstb/tss2/ibmtpm20tss/utils/policies/nvwriteahashb.bin new file mode 100644 index 0000000000000000000000000000000000000000..023e08fce73d8c5ee973a2f8484686df76a38745 GIT binary patch literal 36 scmZQzU|_f(!SQqTY32H!>nAy7+JtmF@|mvW-3~r+%X0ssYvj~%‚Çm6ChîVQÕ´hLþÑÐj×e#?Â’”ý,Å \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha512.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha512.txt new file mode 100644 index 000000000000..0a93611c044b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyauthorizesha512.txt @@ -0,0 +1,2 @@ +0000016a000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.bin new file mode 100644 index 000000000000..8e9ce1cc1805 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.bin @@ -0,0 +1 @@ +å‡Áµ‡0÷!ãþ¤+FÀE[$o–®è]ë;æMfj \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.txt new file mode 100644 index 000000000000..51a225a95e8f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccactivate.txt @@ -0,0 +1 @@ +0000016c00000147 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.bin new file mode 100644 index 000000000000..4618ce54db0c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.bin @@ -0,0 +1 @@ +Žš:ÎX?yóDÿx[¾©ðzÇú3%³Ôš!ÝQ”ÆXP \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.txt new file mode 100644 index 000000000000..ce2f5ce5e41c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policycccertify.txt @@ -0,0 +1 @@ +0000016c00000148 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.bin new file mode 100644 index 000000000000..b1edb1ee93f6 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.bin @@ -0,0 +1 @@ +KP÷?.øÀ–ÉмkI Ší»†üZTï ÓD \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.txt new file mode 100644 index 000000000000..c285110d2bd1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policycccreate-auth.txt @@ -0,0 +1,2 @@ +0000016c00000153 +0000016b diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.bin new file mode 100644 index 000000000000..5d2e7fcd3f69 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.bin @@ -0,0 +1 @@ +¾õkŒÈNí×R,Ù“V½+¿R ÃøJî«¨è¢ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.txt new file mode 100644 index 000000000000..9e7ea4149c88 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccduplicate.txt @@ -0,0 +1 @@ +0000016c0000014b diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.bin new file mode 100644 index 000000000000..5afe18824ac0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.bin @@ -0,0 +1 @@ +ªƒ¥˜Ù:VÉÊoê|?üNcWÿm“á›J¶ªá+ Þ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.txt new file mode 100644 index 000000000000..b41a131c671e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccnvchangeauth-auth.txt @@ -0,0 +1,2 @@ +0000016c0000013b +0000016b diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.bin new file mode 100644 index 000000000000..136ccb5ef7ff --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.bin @@ -0,0 +1 @@ + 9ÊÕþh‡ˆø#<>>ãÏ'ªÉâïãHjëN0LÍ' \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.txt new file mode 100644 index 000000000000..3b5cb8b43327 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccquote.txt @@ -0,0 +1 @@ +0000016c00000158 \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyccsign-auth.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyccsign-auth.bin new file mode 100644 index 000000000000..29cddc83ad38 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyccsign-auth.bin @@ -0,0 +1 @@ +~¡ àü²DòKÈ÷L(¨¹íñKSêLÏù“¤š8Ã÷?È \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha512.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha512.txt new file mode 100644 index 000000000000..4e04c86c10a9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgekcsha512.txt @@ -0,0 +1 @@ +00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha256.bin new file mode 100644 index 000000000000..48f4c1630d2c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha256.bin @@ -0,0 +1 @@ +ƒq—gD„³øÌF¥×$ýR×nR dò¡Ú3iª \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha384.bin new file mode 100644 index 000000000000..2e183e6a2f6f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha384.bin @@ -0,0 +1 @@ +‹¿"fS|µn@‹±8$Ì´18qÆÛS \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha512.bin new file mode 100644 index 000000000000..e75ad1d70a2c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyiwgeksha512.bin @@ -0,0 +1 @@ +;vP,Š%ª {?ÆF¡°úàc°;ShùÄÍÞÊÿ‘Ýh+¬…ÔØ2·êEÞ_Å¿ Ä¡‘|Ô/ Aãù˜àî \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.bin new file mode 100644 index 0000000000000000000000000000000000000000..fd3224bfb805806266901c77838daff3909a1d89 GIT binary patch literal 32 qcmV+*0N?+XF!=z(OlAqe#gajI!LmJ{)RXl2!kEY~O5+cgqWwu1-Vwh5 literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.txt new file mode 100644 index 000000000000..9b684114601f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policynamehash.txt @@ -0,0 +1 @@ +0000017018e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policynvargs.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policynvargs.txt new file mode 100644 index 0000000000000000000000000000000000000000..4f4d97c4a15e2f16ef61e8b3d31182382bc88b6d GIT binary patch literal 13 LcmZQzKmaZP02crY literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.bin new file mode 100644 index 0000000000000000000000000000000000000000..df080a73e76146d5474cc3d1b2ed1e09fad62e3d GIT binary patch literal 20 ccmdlp+sD6}Ax$z`_U4>Pb!)?)%V_-p09oM)7XSbN literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.txt new file mode 100644 index 000000000000..a124ea9bf61a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policynvnv.txt @@ -0,0 +1 @@ +000001492c513f149e737ec4063fc1d37aee9beabc4b4bbf00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyor.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyor.bin new file mode 100644 index 000000000000..a5002edcd890 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyor.bin @@ -0,0 +1 @@ +kþÂ:¾W°*Î9Ý»`ú9M¬{8–VW„³süa’”)Û \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyor.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policyor.txt new file mode 100644 index 000000000000..5028df975011 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policyor.txt @@ -0,0 +1 @@ +00000171cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27 \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policyorwrittensigned.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policyorwrittensigned.bin new file mode 100644 index 0000000000000000000000000000000000000000..488b0686012a3f61abdd1f4ca06f9d64a9b8c246 GIT binary patch literal 32 ocmZQ$SZ7jYup!;-vQg`TGi%*KÍÂxì•×èï …Ç8.­Fär1£8TåÏ.m#gm9Z“QóðVMfø{üa \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.bin new file mode 100644 index 000000000000..e5fd0af1f6c0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.bin @@ -0,0 +1 @@ +¶ÝC‚Êä]ОQÑc¤$õò \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.txt new file mode 100644 index 000000000000..237c93913b36 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha1.txt @@ -0,0 +1 @@ +1d47f68aced515f7797371b554e32d47981aa0a0 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.bin new file mode 100644 index 000000000000..56600b4e3da9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.bin @@ -0,0 +1 @@ +vDöê×`Ú¹6Õ…ìۄΚyÝáÇà¢Ù   \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.txt new file mode 100644 index 000000000000..78108c462076 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha256.txt @@ -0,0 +1 @@ +c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.bin new file mode 100644 index 0000000000000000000000000000000000000000..d10b3e266b5e8ea4ded9aec2cd0cea5d000920bd GIT binary patch literal 48 zcmV-00MGyGs*8})X|^%Ig^}dHDWejH1o9Y60`7xq`^3h7D8YY*>LRxQJqG-=SEIGW G_dJz=0U62w literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.txt new file mode 100644 index 000000000000..8deef9b248c5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha384.txt @@ -0,0 +1 @@ +292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.bin new file mode 100644 index 000000000000..8aa9e595c488 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.bin @@ -0,0 +1 @@ +W%™dØtð…,pA̾!Âß~æ±™êfF·û#UwK–~«âeÛZR‚œ¯<Àä™6]ì >m*bm. \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.txt new file mode 100644 index 000000000000..19f7ca22a4f5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcr16aaasha512.txt @@ -0,0 +1 @@ +7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policypcrbm0.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policypcrbm0.bin new file mode 100644 index 000000000000..bd0f292e05dc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policypcrbm0.bin @@ -0,0 +1 @@ +m8I8áÕ‹Vq’U”?if¶ú,# \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.bin new file mode 100644 index 0000000000000000000000000000000000000000..b5fac8d9d06709014a12fffa8abd525219421968 GIT binary patch literal 32 qcmV+*0N?+{llidk8n+(Gt^lte3-pLLo~stY_zj==ZID4uFUGSV{Sejw literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.txt new file mode 100644 index 000000000000..02facd93e5b7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnv.txt @@ -0,0 +1,2 @@ +00000151000be0651081c2fcda306993da43d1de5b24be426e2d61907b42835469136c97681f + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.bin new file mode 100644 index 000000000000..912504be7f0f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.bin @@ -0,0 +1 @@ +VÚR'0ܾ¨­Y¼¥ •  ÓØ ¨²Ø[Åß \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.txt new file mode 100644 index 000000000000..884fab490a04 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpf.txt @@ -0,0 +1,2 @@ +00000151000b8e42e7023c8851a2fabdb3ecffa9d155bc40058b7da1261f2c790442959f8d6e + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.bin new file mode 100644 index 000000000000..86f9ff20f48c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.bin @@ -0,0 +1 @@ +VäÇ&××Ý<½L®À.ƒ<73<ûùÃ_«S# ß} \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.txt new file mode 100644 index 000000000000..51ce1a57be86 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretnvpp.txt @@ -0,0 +1,2 @@ +00000151000bda1cbd54bb81546c1c7630ddd409503a0d6d0305161b1588d66bc8fa17daad81 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.bin new file mode 100644 index 000000000000..712f412b86f0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.bin @@ -0,0 +1 @@ +ȱ).ÿ,ç£ú±®Ù­%O°?Àš¼-јQaºh½Ç \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.txt new file mode 100644 index 000000000000..af4ef622deba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretp.txt @@ -0,0 +1,2 @@ +000001514000000C + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256.bin new file mode 100644 index 000000000000..712f412b86f0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256.bin @@ -0,0 +1 @@ +ȱ).ÿ,ç£ú±®Ù­%O°?Àš¼-јQaºh½Ç \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256ha.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha256ha.bin new file mode 100644 index 0000000000000000000000000000000000000000..27ef362b96cbe92431cca42b3d99e1f60a39f855 GIT binary patch literal 34 scmV+-0Nwup3&^o4F8?g&qxuiAuGy_6Pq0709Gbi>(U?(Tx@Zx-$067e6951J literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384.bin new file mode 100644 index 0000000000000000000000000000000000000000..25fa9b86e0fe9a8a7c5f62f7f9ab9077382a5f2b GIT binary patch literal 48 zcmV-00MGxjgp9Olsh3 GcK`)cm>6vU literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384ha.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha384ha.bin new file mode 100644 index 0000000000000000000000000000000000000000..cca7c0f544cf47b8b41309287c091f2847842bae GIT binary patch literal 50 zcmV-20L}jZ46=lbv}viATquj=qdqE0go|rS*A;=dRDaZ4TM-bo{Gfqy{*UB9@$+!z I3F>zM1y<%5c>n+a literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512.bin new file mode 100644 index 000000000000..d94cc53867d7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512.bin @@ -0,0 +1 @@ +Åî íÏ%˜à@\óœÞaþÕ*tñU#m±€‹MB±JªýúéÈ%jÉåÌ„°&»v%S¿Ž“˜þòÍÒ'ƒ¬ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512ha.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretpsha512ha.bin new file mode 100644 index 0000000000000000000000000000000000000000..8e34a7647bdf1728434af2c224fbe7f2629fad77 GIT binary patch literal 66 zcmV-I0KNYJ4aM#a?aw8c;6Pjj8uOgqVgA)Bbn#UqZLu1Fi%mkYN~-<(>BuE&$>q$1 YuqL~9B~!nSlbHVU&C(|s0Ud*^AbUb0X#fBK literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.bin new file mode 100644 index 000000000000..38af02870d9e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.bin @@ -0,0 +1 @@ +KÊ·ì¢|\Úœqæu(cÒ‡Ò3ìIz¾ˆñï”]\ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.txt new file mode 100644 index 000000000000..cdc7ff2ec598 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysecretsha256.txt @@ -0,0 +1,2 @@ +00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.bin new file mode 100644 index 000000000000..12608cc1288e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.bin @@ -0,0 +1 @@ +zNàvëµÏîÁ‚ÌL³ ^Y©¹e¡Y¯Í=¿Tû \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.txt new file mode 100644 index 000000000000..bad371553f3a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha1.txt @@ -0,0 +1,2 @@ +0000016000044234c24fc1b9de6693a62453417d2734d7538f6f + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.bin new file mode 100644 index 000000000000..154bcb994331 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.bin @@ -0,0 +1 @@ +Þ¿ú<˜ ñ}ÑÐ{Týá“å@Pžp–ªs'S³ƒ1 \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.txt new file mode 100644 index 000000000000..828550927f85 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha256.txt @@ -0,0 +1,2 @@ +00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.bin new file mode 100644 index 000000000000..becd3c03d85e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.bin @@ -0,0 +1 @@ +EÅÚv’:poßVêçßÛAâu$IT”f“kÄüˆ«\ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.txt new file mode 100644 index 000000000000..e903b2e36985 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha384.txt @@ -0,0 +1,2 @@ +00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.bin new file mode 100644 index 000000000000..bdef3a8474c0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.bin @@ -0,0 +1 @@ +Í4–9ê@ˆ^ú7‹§!ñxmR»“GœsEˆ<Ü o \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.txt new file mode 100644 index 000000000000..dbfdcca551ae --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policysignedsha512.txt @@ -0,0 +1,2 @@ +00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.bin new file mode 100644 index 000000000000..5eee12049ba5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.bin @@ -0,0 +1 @@ +ïdÚ‘ü¬‚ô6(„(Sتø}üáEé%ÏþXhª-"¶ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.txt new file mode 100644 index 000000000000..d1e3d48722c7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplate.txt @@ -0,0 +1 @@ +0001000b000404720000001000100800000000000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.bin new file mode 100644 index 000000000000..8cd392a52d14 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.bin @@ -0,0 +1 @@ +û”±Cå+•·ìD7y™ÖGp®K$¯Z¸~FòX¯ëÞ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.txt new file mode 100644 index 000000000000..a995ed01b911 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policytemplatehash.txt @@ -0,0 +1 @@ +00000190ef64da9118fcac82f4361b28842853d8aaf87dfce145e925cffe5868aa2d22b6 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.bin new file mode 100644 index 000000000000..ce19999769ea --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.bin @@ -0,0 +1 @@ +H x.‚Â@ˆ2Äßœ¾‡o’T½à[ .©RH>·iò \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.txt new file mode 100644 index 000000000000..407fb27896f4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenclrsigned.txt @@ -0,0 +1,3 @@ +0000018f00 +00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.bin new file mode 100644 index 000000000000..4f6bb8cffed8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.bin @@ -0,0 +1 @@ +0sHß_ëíe”æý¬„"ã \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.txt new file mode 100644 index 000000000000..89b8feb8b3cc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittenset.txt @@ -0,0 +1 @@ +0000018f01 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.bin b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.bin new file mode 100644 index 000000000000..4c3623c3894f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.bin @@ -0,0 +1,3 @@ + Cº<;M±È?×…ùÜ +‚IöyJ8æE +PV´ëÒF \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.txt b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.txt new file mode 100644 index 000000000000..9f806068dbf9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/policywrittensetsigned.txt @@ -0,0 +1,3 @@ +0000018f01 +00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/rsaprivkey.der b/libstb/tss2/ibmtpm20tss/utils/policies/rsaprivkey.der new file mode 100644 index 0000000000000000000000000000000000000000..de6eeba2893d3075353cb3e2cae4f92db72eb024 GIT binary patch literal 1191 zcmV;Y1X%kpf&`-i0RRGm0RaHIL$+sX@jZ1UvhQZrf`8V`UFXm zA&of4J(JHybogUi`fLNrll|6>CD4TA5i=}(rs*019}8@L>$y-RAAIP{i)ZD7EA7j9 zJ)7cSHg6hHYpjE;OaFla0|5X50)hbm0GP`1)#BLnp{CNI7)cqC-|N!+UyIiFFf>^L zkV7K&ZVoyM+FZsG{Yxyt9p7Jg&L1On^E&O`^Fa5a+RLe4)GddOVNm(Jqf)qh9g+IWdcW9@j<7z0e z#dpt|<}jJkpI!UXHh-__G1ajLY4vm~1=tOm zqC4r|oOHmv4El@XKDZvj z;KO&=o|1m$24KMDtRBhUNY>H=F;vHdEmbr1o|+tU&^XgNDU0)c@5 z$%?NIqOk=Q&&{{EYPObGNJ8SkQ@H$`2Aw{nbqoEFi@z{Rc6J?+F&5ASbp)(fL(pi+ z&Hjt6)~IlmJOtVeZLeHIF(qacOP3eW*&)(E=*sj#0)c@5ygKz9Cm+7hwJKav%OOueHoSa_AQ?p| z>OeWz`B4fCK|Fe3rGs-4*y+cdqrd)n?!P~xs_`!HP`J0p>v0@`Ej4BC5(2^}*1+*k z;v3@3a2q=!-&6*L0!{Dnqm-(e3rR*U=|p8>fVX?Twd!IQ@1JK+Ikz5mz0p%}*=~;k z0)c>A2eH%nb=@bGiiBO>jYH7#DvQE&&P)QS79#Q^58PskOgo~MX!$4DHAa<;$t05H zW?#N8wYMKQqH*74@rMtis2&q&d=FyFbwN{sIvqI~Fk@0`mc@xp)Hx4?&#dwHYxNN_ zNx-O!q&BB5wf4}J>>qS7L^yPlZY)YS8(cvGfq+!x-RnHbX_213Cv0eTxZmb;Gf1nsZF4QwO?%pO)J4?V|1)eE6ic-4z5d*vZ4`3zR;8dGFY7hy>vv)TCosey^i~b{ zd17bDQUfCA$y$$AsieF{AEAm&?a^$lf1=%(BXACYfN)tjteSmv)>9a*fy*(ju}#Ž¦ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha256.bin new file mode 100644 index 0000000000000000000000000000000000000000..874b07183955f2c0b5622ca7ad8c1fc6ae5537d5 GIT binary patch literal 2 JcmZSJ1^@sJ01N;C literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha256aaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha256aaa.bin new file mode 100644 index 000000000000..4b3b4bf37b43 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha256aaa.bin @@ -0,0 +1 @@ +˜4‡mÏ°\±g¥ÂIS륌JÈ›ßWò/ ¯~èð \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa.bin new file mode 100644 index 000000000000..f59fde9c8ddc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa.bin @@ -0,0 +1 @@ +wËïâÜ$ĶE_†Qb…’f‹+çA¤ÕËÞÛšJI \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa0.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa0.bin new file mode 100644 index 000000000000..a69594742351 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha256extaaa0.bin @@ -0,0 +1 @@ +—dÑ¿·âÃ_“s+Jã6´5N¼èÐÖ>¾» \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha256exthaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha256exthaaa.bin new file mode 100644 index 000000000000..53c667bfa04e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha256exthaaa.bin @@ -0,0 +1 @@ +ß Ó=æ{±Ç&¦ \Тëa·Éî‘fëÏÜÛ« \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha384.bin new file mode 100644 index 0000000000000000000000000000000000000000..6f60177722d463e0554349cfe3f89f714468e7cf GIT binary patch literal 2 JcmZSJ0RR9F01W^D literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha384aaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha384aaa.bin new file mode 100644 index 000000000000..3131cd6a5ec9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha384aaa.bin @@ -0,0 +1,2 @@ +Žå½ÖJ£u6ÁòW¦´IcÌ2{}}Ë,´z"=3ADb¿¡„H|órÎ +ßÈ?ƒ6Ø \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa.bin new file mode 100644 index 000000000000..873c7a7770e8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa.bin @@ -0,0 +1 @@ +ñ樖¤_uËï‰ÇN³š“Iß5NÆþ*å›Vˆ ˜˜Ž;ã`Èi2·ßY \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa0.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha384extaaa0.bin new file mode 100644 index 0000000000000000000000000000000000000000..59599c543f8864b139ca9e573d0eb3c409ea00c8 GIT binary patch literal 48 zcmV-00MGv^DP!XtG{SPd>L(RIl&_Ldt(V#7L~Da>I&*xG%17TUIglaF-2jC?@PwDe Gq$7kV%ok7q literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha384exthaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha384exthaaa.bin new file mode 100644 index 000000000000..65bbe15aacc1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha384exthaaa.bin @@ -0,0 +1 @@ +a¼p9┇°±F]dæ­2¦ÕÂ[E§K¼§Ì$%6Ê@ù6DðØ°˜ê¦P—M \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha512.bin new file mode 100644 index 0000000000000000000000000000000000000000..c4b6c7e46931d6999241c775954d471456a16372 GIT binary patch literal 2 JcmZSJ1pojK01f~E literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha512aaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha512aaa.bin new file mode 100644 index 000000000000..81f23f001c82 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha512aaa.bin @@ -0,0 +1 @@ +ÖöD±˜é{]‡XÖÓ@ÍG‡ú뛉Áç`‚ˆfKçrWJXÐ3¼ñ à”_ðdhëå>-ÿ6âHBLrs}¬ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa.bin new file mode 100644 index 000000000000..b26d4de439f2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa.bin @@ -0,0 +1 @@ +eOÉËÙ³¸YA¢ëºw"³?r)ÄÈ#ǧò L¥T³5 Æ™R™ö9Äñ :¯gȽå‰ÅêBà›o<ê¡PœÕ \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa0.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha512extaaa0.bin new file mode 100644 index 0000000000000000000000000000000000000000..a9135d89edad2c6fa33797b3a93da0f728b323f6 GIT binary patch literal 64 zcmV-G0Kfl#;pEQ&Qj-&F@h})LIku)o>Hv#%uh95LYMcI38u+cKXQo&v&(26-cT%2I W@q-Ganzw*fE3TxRXQ*>D|L1re=piEj literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/sha512exthaaa.bin b/libstb/tss2/ibmtpm20tss/utils/policies/sha512exthaaa.bin new file mode 100644 index 000000000000..316b842d5cc7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policies/sha512exthaaa.bin @@ -0,0 +1 @@ +˾³)a$LœG€„ ´:v?º–ïÁÙRôãà,Š1Šå? §¡tè#ãÍÆRo¶wm6G'M¦)Ûɧl* \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zero4.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zero4.bin new file mode 100644 index 0000000000000000000000000000000000000000..593f4708db84ac8fd0f5cc47c634f38c013fe9e4 GIT binary patch literal 4 LcmZQzU|;|M00aO5 literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zero8.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zero8.bin new file mode 100644 index 0000000000000000000000000000000000000000..1b1cb4d44c57c2d7a5122870fa6ac3e62ff7e94e GIT binary patch literal 8 KcmZQzfB*mh2mk>9 literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zerosha1.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zerosha1.bin new file mode 100644 index 0000000000000000000000000000000000000000..df879cf49534a5672299e8e57970c3d2ef1be71d GIT binary patch literal 20 KcmZQzzytsQ6aWDL literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zerosha256.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zerosha256.bin new file mode 100644 index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04 GIT binary patch literal 32 KcmZQzzz+ZbAOHaX literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zerosha384.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zerosha384.bin new file mode 100644 index 0000000000000000000000000000000000000000..2a560968cf1f21e1b2d29af08f907797bf3b9038 GIT binary patch literal 48 LcmZQzAPoQj05AXn literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policies/zerosha512.bin b/libstb/tss2/ibmtpm20tss/utils/policies/zerosha512.bin new file mode 100644 index 0000000000000000000000000000000000000000..9017fd98b5f67d928cc64c59b2c025472ce74f8c GIT binary patch literal 64 LcmZQzpbP*206+i% literal 0 HcmV?d00001 diff --git a/libstb/tss2/ibmtpm20tss/utils/policyauthorize.c b/libstb/tss2/ibmtpm20tss/utils/policyauthorize.c new file mode 100644 index 000000000000..73c40dd61159 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyauthorize.c @@ -0,0 +1,307 @@ +/********************************************************************************/ +/* */ +/* PolicyAuthorize */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyAuthorize_In in; + TPMI_SH_POLICY policySession = 0; + const char *approvedPolicyFilename = NULL; + const char *policyRefFilename = NULL; + const char *signingKeyNameFilename = NULL; + const char *ticketFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* validate command line parameters */ + if (policySession == 0) { + printf("Missing parameter -ha\n"); + printUsage(); + } + if (approvedPolicyFilename == NULL) { + printf("Missing parameter -appr\n"); + printUsage(); + } + if (policyRefFilename == NULL) { + in.policyRef.b.size = 0; /* default empty buffer */ + } + if (signingKeyNameFilename == NULL) { + printf("Missing parameter -skn\n"); + printUsage(); + } + if (ticketFilename == NULL) { + printf("Missing parameter -tk\n"); + printUsage(); + } + /* set in parameters */ + if (rc == 0) { + in.policySession = policySession; + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.approvedPolicy.b, + sizeof(in.approvedPolicy.t.buffer), + approvedPolicyFilename); + } + if ((rc == 0) && (policyRefFilename != NULL)) { + rc = TSS_File_Read2B(&in.policyRef.b, + sizeof(in.policyRef.t.buffer), + policyRefFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.keySign.b, + sizeof(in.keySign.t.name), + signingKeyNameFilename); + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.checkTicket, + (UnmarshalFunction_t)TSS_TPMT_TK_VERIFIED_Unmarshalu, + ticketFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyAuthorize, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyauthorize: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyauthorize: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policyauthorize\n"); + printf("\n"); + printf("Runs TPM2_PolicyAuthorize\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-appr\tfile name of digest of the policy being approved\n"); + printf("\t[-pref\tpolicyRef file] (default none)\n"); + printf("\t-skn\tsigning key Name file name\n"); + printf("\t-tk\tticket file name\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policyauthorizenv.c b/libstb/tss2/ibmtpm20tss/utils/policyauthorizenv.c new file mode 100644 index 000000000000..0c5dbbff001b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyauthorizenv.c @@ -0,0 +1,279 @@ +/********************************************************************************/ +/* */ +/* PolicyAuthorizeNV */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyAuthorizeNV_In in; + char hierarchyChar = 0; + const char *authPassword = NULL; /* default no password */ + TPMI_RH_NV_INDEX nvIndex = 0; + TPMI_SH_POLICY policySession = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (nvIndex == 0) { + printf("Missing NV index handle parameter -ha\n"); + printUsage(); + } + if (policySession == 0) { + printf("Missing policy session handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + if (hierarchyChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + in.nvIndex = nvIndex; + in.policySession = policySession; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyAuthorizeNV, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyauthorizenv: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyauthorizenv: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policyauthorizenv\n"); + printf("\n"); + printf("Runs TPM2_PolicyAuthorizeNV\n"); + printf("\n"); + printf("\t[-hi\thierarchy authHandle (o, p)]\n"); + printf("\t\tdefault NV index\n"); + printf("\t-ha\tNV index handle\n"); + printf("\t[-pwda\tpassword for authorization (default empty)]\n"); + printf("\t-hs\tpolicy session handle\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policyauthvalue.c b/libstb/tss2/ibmtpm20tss/utils/policyauthvalue.c new file mode 100644 index 000000000000..99cfdad3f985 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyauthvalue.c @@ -0,0 +1,142 @@ +/********************************************************************************/ +/* */ +/* PolicyAuthValue */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + TPMI_SH_POLICY policySession = 0; + PolicyAuthValue_In in; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + TPMI_SH_POLICY policySession = 0; + TPM_CC commandCode = 0; + PolicyCommandCode_In in; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyCounterTimer_In in; + TPMI_SH_POLICY policySession = 0; + const char *operandBData = NULL; + const char *operandBFilename = NULL; + uint16_t offset = 0; /* default 0 */ + TPM_EO operation = 0; /* default A = B */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing policy session handle parameter -hs\n"); + printUsage(); + } + if ((operandBData == NULL) && (operandBFilename == NULL)) { + printf("operandB data string or data file must be specified\n"); + printUsage(); + } + if ((operandBData != NULL) && (operandBFilename != NULL)) { + printf("operandB data string and data file cannot both be specified\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + in.offset = offset; + in.operation = operation; + } + if (operandBData != NULL) { + rc = TSS_TPM2B_StringCopy(&in.operandB.b, + operandBData, sizeof(in.operandB.t.buffer)); + + } + if (operandBFilename != NULL) { + rc = TSS_File_Read2B(&in.operandB.b, + sizeof(in.operandB.t.buffer), + operandBFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyCounterTimer, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policycountertimer: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policycountertimer: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policycountertimer\n"); + printf("\n"); + printf("Runs TPM2_PolicyCounterTimer\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-ic\tdata string (operandB)\n"); + printf("\t-if\tdata file (operandB) \n"); + printf("\t[-off\toffset (default 0)]\n"); + printf("\t-op\toperation (default A = B)\n"); + printf("\n"); + printf("\t\t0 A = B \n"); + printf("\t\t1 A != B \n"); + printf("\t\t2 A > B signed \n"); + printf("\t\t3 A > B unsigned \n"); + printf("\t\t4 A < B signed \n"); + printf("\t\t5 A < B unsigned \n"); + printf("\t\t6 A >= B signed \n"); + printf("\t\t7 A >= B unsigned \n"); + printf("\t\t8 A <= B signed \n"); + printf("\t\t9 A <= B unsigned \n"); + printf("\t\tA All bits SET in B are SET in A. ((A&B)=B) \n"); + printf("\t\tB All bits SET in B are CLEAR in A. ((A&B)=0) \n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policycphash.c b/libstb/tss2/ibmtpm20tss/utils/policycphash.c new file mode 100644 index 000000000000..3936a745d8ca --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policycphash.c @@ -0,0 +1,245 @@ +/********************************************************************************/ +/* */ +/* PolicyCpHash */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyCpHash_In in; + TPMI_SH_POLICY policySession = 0; + const char *cpHashAFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (cpHashAFilename == NULL) { + printf("Missing handle parameter -cp\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.cpHashA.b, + sizeof(in.cpHashA.t.buffer), + cpHashAFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyCpHash, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policycphash: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policycphash: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + + + +static void printUsage(void) +{ + printf("\n"); + printf("policycphash\n"); + printf("\n"); + printf("Runs TPM2_PolicyCpHash\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-cp\tcpHash file\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policyduplicationselect.c b/libstb/tss2/ibmtpm20tss/utils/policyduplicationselect.c new file mode 100644 index 000000000000..06f9fcc234fd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyduplicationselect.c @@ -0,0 +1,272 @@ +/********************************************************************************/ +/* */ +/* PolicyDuplicationSelect */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyDuplicationSelect_In in; + TPMI_SH_POLICY policySession = 0; + const char *newParentNameFilename = NULL; + const char *objectNameFilename = NULL; + TPMI_YES_NO includeObject = NO; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (newParentNameFilename == NULL) { + printf("Missing handle parameter -inpn\n"); + printUsage(); + } + if (objectNameFilename == NULL) { + printf("include object -io requires object Name -ion\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + in.includeObject = includeObject; + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.newParentName.b, + sizeof(in.newParentName.t.name), + newParentNameFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.objectName.b, + sizeof(in.objectName.t.name), + objectNameFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyDuplicationSelect, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyduplicationselect: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyduplicationselect: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + + + +static void printUsage(void) +{ + printf("\n"); + printf("policyduplicationselect\n"); + printf("\n"); + printf("Runs TPM2_PolicyDuplicationSelect\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-inpn\tnew parent Name file\n"); + printf("\t-ion\tobject Name file\n"); + printf("\t[-io\tinclude object (default no)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policygetdigest.c b/libstb/tss2/ibmtpm20tss/utils/policygetdigest.c new file mode 100644 index 000000000000..25a6ed38d9f8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policygetdigest.c @@ -0,0 +1,162 @@ +/********************************************************************************/ +/* */ +/* PolicyGetDigest */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyGetDigest_In in; + PolicyGetDigest_Out out; + TPMI_SH_POLICY policySession = 0; + const char *digestFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); +static int Format_FromHexascii(unsigned char *binary, + const char *string, + size_t length); +static int Format_ByteFromHexascii(unsigned char *byte, + const char *string); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + char *prc = NULL; /* pointer return code */ + const char *inFilename = NULL; + const char *outFilename = NULL; + int pr = FALSE; + int nz = FALSE; + int noSpace = FALSE; + TPMT_HA digest; + /* initialized to suppress false gcc -O3 warning */ + uint32_t sizeInBytes = 0; /* hash algorithm mapped to size */ + uint32_t startSizeInBytes = 0; /* starting buffer for extend */ + FILE *inFile = NULL; + FILE *outFile = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line defaults */ + digest.hashAlg = TPM_ALG_SHA256; + + for (i=1 ; (i= '0') && (c <= '9')) { + *byte += c - '0'; + } + else if ((c >= 'a') && (c <= 'f')) { + *byte += c + 10 - 'a'; + } + else if ((c >= 'A') && (c <= 'F')) { + *byte += c + 10 - 'A'; + } + else { + printf("Format_ByteFromHexascii: " + "Error: Line has non hex ascii character: %02x %c\n", c, c); + rc = EXIT_FAILURE; + } + } + return rc; +} + + +static void printUsage(void) +{ + printf("\n"); + printf("policymaker\n"); + printf("\n"); + printf("\t[-halg\thash algorithm (sha1 sha256 sha384 sha512) (default sha256)]\n"); + printf("\t[-nz\tdo not extend starting with zeros, just hash the last line]\n"); + printf("\t-if\tinput policy statements in hex ascii\n"); + printf("\t[-of\toutput file - policy hash in binary]\n"); + printf("\t[-pr\tstdout - policy hash in hex ascii]\n"); + printf("\t[-ns\tadditionally print policy hash in hex ascii on one line]\n"); + printf("\t\tUseful to paste into policy OR\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policymakerpcr.c b/libstb/tss2/ibmtpm20tss/utils/policymakerpcr.c new file mode 100644 index 000000000000..41f8faf69920 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policymakerpcr.c @@ -0,0 +1,439 @@ +/********************************************************************************/ +/* */ +/* policymakerpcr */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + policymakerpcr calculates a policyPCR term suitable for input to policymaker + + Inputs are: + + a hash algorithm + + a byte mask, totally big endian, e.g. 010000 is PCR 16 + + a file with lines in hexascii representing PCRs, e.g., the output of pcrread -ns + removed + + This assumes that the byte mask and PCR value file are consistent. + + Outputs are: + + if specified, a file with a hex ascii policyPCR line suitable for input to policymaker + + if specified, a print of the hash + + Example: + + policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt + + Where policypcr16aaasha1.txt is represents the SHA-1 value of PCR 16 + + e.g., 1d47f68aced515f7797371b554e32d47981aa0a0 +*/ + +#include +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include + +static void printUsage(void); +static void printPolicyPCR(FILE *out, + uint32_t sizeInBytes, + TPML_PCR_SELECTION *pcrs, + TPMT_HA *digest); +static int Format_FromHexascii(unsigned char *binary, + const char *string, + size_t length); +static int Format_ByteFromHexascii(unsigned char *byte, + const char *string); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + char *prc = NULL; /* pointer return code */ + const char *inFilename = NULL; + const char *outFilename = NULL; + FILE *inFile = NULL; + FILE *outFile = NULL; + /* initialized to suppress false gcc -O3 warning */ + uint32_t sizeInBytes = 0; /* hash algorithm mapped to size */ + uint32_t pcrmask = 0xffffffff; /* pcr register mask */ + TPML_PCR_SELECTION pcrs; + unsigned int pcrCount = 0; + TPMU_HA pcr[IMPLEMENTATION_PCR]; /* all the PCRs */ + int pr = FALSE; + TPMT_HA digest; + uint8_t pcrBytes[IMPLEMENTATION_PCR * sizeof(TPMU_HA)]; + uint16_t pcrLength; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line defaults */ + digest.hashAlg = TPM_ALG_SHA256; + + for (i=1 ; (i> 0) & 0xff; + pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >> 8) & 0xff; + pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff; + } + /* read the input file to the PCR array, assumes the PCR select bm has the correct number of + bits */ + /* iterate through each line */ + for (pcrCount = 0 ; + (rc == 0) && (pcrCount < IMPLEMENTATION_PCR) && (inFile != NULL) ; + pcrCount++) { + + char lineString[256]; /* returned line in hex ascii */ + uint32_t lineLength; + + if (rc == 0) { + prc = fgets(lineString, sizeof(lineString), inFile); + } + /* no more lines, pcrCount is number of PCRs processed */ + if (rc == 0) { + if (prc == NULL) { + break; + } + } + if (rc == 0) { + lineLength = strlen(lineString); + if (lineLength == 0) { + break; + } + if (lineString[lineLength-1] == '\n') { + lineString[lineLength-1] = '0'; + lineLength--; + } + } + if (rc == 0) { + if (lineLength != (sizeInBytes *2)) { + printf("Line length %u is not twice digest size %u\n", lineLength, sizeInBytes); + rc = -1; + } + } + /* convert hex ascii to binary */ + if ((rc == 0) && (prc != NULL)) { + rc = Format_FromHexascii((uint8_t *)&pcr[pcrCount], + lineString, lineLength/2); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("PCR %u\n", pcrCount); + if (tssUtilsVerbose) TSS_PrintAll("PCR", (uint8_t *)&pcr[pcrCount], sizeInBytes); + } + } + /* serialize PCRs */ + if (rc == 0) { + unsigned int pc; + uint8_t *buffer = pcrBytes; + uint32_t size = IMPLEMENTATION_PCR * sizeof(TPMU_HA); + pcrLength = 0; + for (pc = 0 ; (rc == 0) && (pc < pcrCount) ; pc++) { + rc = TSS_Array_Marshalu((uint8_t *)&pcr[pc], sizeInBytes, &pcrLength, &buffer, &size); + } + } + /* hash the marshaled PCR array */ + if (rc == 0) { + rc = TSS_Hash_Generate(&digest, + pcrLength, pcrBytes, + 0, NULL); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_PrintAll("PCR composite digest", (uint8_t *)&digest.digest, sizeInBytes); + } + if ((rc == 0) && pr) { + printPolicyPCR(stdout, + sizeInBytes, + &pcrs, + &digest); + } + if (outFilename != NULL) { + if (rc == 0) { + outFile = fopen(outFilename, "wb"); + if (outFile == NULL) { + printf("Error opening %s for %s, %s\n", outFilename , "W", strerror(errno)); + rc = EXIT_FAILURE; + } + } + if (rc == 0) { + printPolicyPCR(outFile, + sizeInBytes, + &pcrs, + &digest); + } + } + if (inFile != NULL) { + fclose(inFile); + } + if (outFile != NULL) { + fclose(outFile); + } + if (rc != 0) { + rc = EXIT_FAILURE; + } + return rc; +} + +static void printPolicyPCR(FILE *out, + uint32_t sizeInBytes, + TPML_PCR_SELECTION *pcrs, + TPMT_HA *digest) +{ + unsigned int i; + uint8_t *pcrDigest = (uint8_t *)&digest->digest; + + fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 24)); + fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 16)); + fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 8)); + fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 0)); + /* NOTE only handles count of 1, 1 hash algorithm */ + fprintf(out, "%08x", pcrs->count); + + fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 8)); + fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 0)); + + fprintf(out, "%02x", pcrs->pcrSelections[0].sizeofSelect); + + fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[0]); + fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[1]); + fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[2]); + + for (i = 0 ; i < sizeInBytes ; i++) { + fprintf(out, "%02x", pcrDigest[i]); + } + fprintf(out, "\n"); + return; +} + +/* Format_FromHexAscii() converts 'string' in hex ascii to 'binary' of 'length' + + It assumes that the string has enough bytes to accommodate the length. +*/ + +static int Format_FromHexascii(unsigned char *binary, + const char *string, + size_t length) +{ + int rc = 0; + size_t i; + + for (i = 0 ; (rc == 0) && (i < length) ; i++) { + rc = Format_ByteFromHexascii(binary + i, + string + (i * 2)); + + } + return rc; +} + +/* Format_ByteFromHexAscii() converts two bytes of hex ascii to one byte of binary + */ + +static int Format_ByteFromHexascii(unsigned char *byte, + const char *string) +{ + int rc = 0; + size_t i; + char c; + *byte = 0; + + for (i = 0 ; (rc == 0) && (i < 2) ; i++) { + (*byte) <<= 4; /* big endian, shift up the nibble */ + c = *(string + i); /* extract the next character from the string */ + + if ((c >= '0') && (c <= '9')) { + *byte += c - '0'; + } + else if ((c >= 'a') && (c <= 'f')) { + *byte += c + 10 - 'a'; + } + else if ((c >= 'A') && (c <= 'F')) { + *byte += c + 10 - 'A'; + } + else { + printf("Format_ByteFromHexascii: " + "Error: Line has non hex ascii character: %c\n", c); + rc = EXIT_FAILURE; + } + } + return rc; +} + + +static void printUsage(void) +{ + printf("\n"); + printf("policymakerpcr\n"); + printf("\n"); + printf("Creates a policyPCR term suitable for input to policymaker (hex ascii)\n"); + printf("\n"); + printf("Assumes that the byte mask and PCR values are consistent\n"); + printf("\n"); + printf("\t[-halg\thash algorithm (sha1 sha256 sha384 sha512) (default sha256)]\n"); + printf("\t-bm\tpcr byte mask in hex, big endian\n"); + printf("\n"); + printf("\te.g. 010000 selects PCR 16\n"); + printf("\te.g. ffffff selects all 24 PCRs\n"); + printf("\n"); + printf("\t-if input file - PCR values, hex ascii, one per line, %u max\n", IMPLEMENTATION_PCR); + printf("\trequired unless pcr mask is 0\n"); + printf("\n"); + printf("\t[-of\toutput file - policy hash in binary]\n"); + printf("\t[-pr\tstdout - policy hash in hex ascii]\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policynamehash.c b/libstb/tss2/ibmtpm20tss/utils/policynamehash.c new file mode 100644 index 000000000000..e1263d25b7f7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policynamehash.c @@ -0,0 +1,256 @@ +/********************************************************************************/ +/* */ +/* PolicyNameHash */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyNameHash_In in; + TPMI_SH_POLICY policySession = 0; + const char *nameHashFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + uint8_t *buffer = NULL; + size_t length = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (nameHashFilename == NULL) { + printf("Missing handle parameter -nh\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + nameHashFilename); + } + if (rc == 0) { + if (length <= sizeof(in.nameHash.t.buffer)) { + in.nameHash.t.size = (uint16_t)length; + memcpy(&in.nameHash.t.buffer, buffer, length); + } + else { + printf("Name length %u too large\n", (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + in.policySession = policySession; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyNameHash, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policynamehash: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policynamehash: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policynamehash\n"); + printf("\n"); + printf("Runs TPM2_PolicyNameHash\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-nh\tNameHash file - TPM2B_DIGEST\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policynv.c b/libstb/tss2/ibmtpm20tss/utils/policynv.c new file mode 100644 index 000000000000..002751f32b60 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policynv.c @@ -0,0 +1,360 @@ +/********************************************************************************/ +/* */ +/* PolicyNV */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyNV_In in; + char hierarchyChar = 0; + const char *authPassword = NULL; /* default no password */ + TPMI_RH_NV_INDEX nvIndex = 0; + TPMI_SH_POLICY policySession = 0; + const char *operandBData = NULL; + const char *operandBFilename = NULL; + uint16_t offset = 0; /* default 0 */ + TPM_EO operation = 0; /* default A = B */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (nvIndex == 0) { + printf("Missing NV index handle parameter -ha\n"); + printUsage(); + } + if (policySession == 0) { + printf("Missing policy session handle parameter -hs\n"); + printUsage(); + } + if ((operandBData == NULL) && (operandBFilename == NULL)) { + printf("operandB data string or data file must be specified\n"); + printUsage(); + } + if ((operandBData != NULL) && (operandBFilename != NULL)) { + printf("operandB data string and data file cannot both be specified\n"); + printUsage(); + } + if (rc == 0) { + if (hierarchyChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else if (hierarchyChar == 0) { + in.authHandle = nvIndex; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + if (rc == 0) { + in.nvIndex = nvIndex; + in.policySession = policySession; + in.offset = offset; + in.operation = operation; + } + if (operandBData != NULL) { + rc = TSS_TPM2B_StringCopy(&in.operandB.b, + operandBData, sizeof(in.operandB.t.buffer)); + + } + if (operandBFilename != NULL) { + rc = TSS_File_Read2B(&in.operandB.b, + sizeof(in.operandB.t.buffer), + operandBFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyNV, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policynv: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policynv: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policynv\n"); + printf("\n"); + printf("Runs TPM2_PolicyNV\n"); + printf("\n"); + printf("\t[-hi\thierarchy authHandle (o, p)]\n"); + printf("\t\tdefault NV index\n"); + printf("\n"); + printf("\t-ha\tNV index handle (operand A)\n"); + printf("\t[-pwda\tpassword for authorization (default empty)]\n"); + printf("\t-hs\tpolicy session handle\n"); + printf("\t-ic\tdata string (operandB)\n"); + printf("\t-if\tdata file (operandB) \n"); + printf("\t[-off\toffset (default 0)]\n"); + printf("\t-op\toperation (default A = B)\n"); + printf("\n"); + printf("\t\t0 A = B \n"); + printf("\t\t1 A != B \n"); + printf("\t\t2 A > B signed \n"); + printf("\t\t3 A > B unsigned \n"); + printf("\t\t4 A < B signed \n"); + printf("\t\t5 A < B unsigned \n"); + printf("\t\t6 A >= B signed \n"); + printf("\t\t7 A >= B unsigned \n"); + printf("\t\t8 A <= B signed \n"); + printf("\t\t9 A <= B unsigned \n"); + printf("\t\tA All bits SET in B are SET in A. ((A&B)=B) \n"); + printf("\t\tB All bits SET in B are CLEAR in A. ((A&B)=0) \n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policynvwritten.c b/libstb/tss2/ibmtpm20tss/utils/policynvwritten.c new file mode 100644 index 000000000000..1e688bee9b74 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policynvwritten.c @@ -0,0 +1,247 @@ +/********************************************************************************/ +/* */ +/* PolicyNvWritten */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyNvWritten_In in; + TPMI_SH_POLICY policySession = 0; + char writtenSetChar = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing policy session handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + if (writtenSetChar == 'y') { + in.writtenSet = YES; + } + else if (writtenSetChar == 'n') { + in.writtenSet = NO; + } + else { + printf("Missing or illegal -ws\n"); + printUsage(); + } + } + if (rc == 0) { + in.policySession = policySession; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyNvWritten, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policynvwritten: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policynvwritten: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policynvwritten\n"); + printf("\n"); + printf("Runs TPM2_PolicyNvWritten\n"); + printf("\n"); + printf("\t-hs\tpolicy session handle\n"); + printf("\t-ws\twritten set (y, n)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policyor.c b/libstb/tss2/ibmtpm20tss/utils/policyor.c new file mode 100644 index 000000000000..692ce4f162a8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyor.c @@ -0,0 +1,251 @@ +/********************************************************************************/ +/* */ +/* PolicyOR */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + uint32_t j; + PolicyOR_In in; + TPMI_SH_POLICY policySession = 0; + const char *pHashListFilename[8]; + uint32_t count = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (count < 2) { + printf("-if must be specified 2 to 8 times\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + in.pHashList.count = count; + } + /* -if is specified 2-8 times and fills the pHashListFilename array of policy AND term file names */ + for (j = 0 ; ((j < count) && (rc == 0)) ; j++) { + rc = TSS_File_Read2B(&in.pHashList.digests[j].b, + sizeof(in.pHashList.digests[j].t.buffer), + pHashListFilename[j]); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyOR, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyor: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyor: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policyor\n"); + printf("\n"); + printf("Runs TPM2_PolicyOR\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-if\tpolicy digest file (2-8 -if specifiers required)\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policypassword.c b/libstb/tss2/ibmtpm20tss/utils/policypassword.c new file mode 100644 index 000000000000..d9b806dd6a36 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policypassword.c @@ -0,0 +1,142 @@ +/********************************************************************************/ +/* */ +/* PolicyPassword */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + TPMI_SH_POLICY policySession = 0; + PolicyPassword_In in; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyPCR_In in; + TPMI_SH_POLICY policySession = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + uint32_t pcrmask = 0xffffffff; /* pcr register mask */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (pcrmask == 0xffffffff) { + printf("Missing handle parameter -bm\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + /* NOTE not implemented yet */ + in.pcrDigest.b.size = 0; + /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + in.pcrs.count = 1; /* hard code one hash algorithm */ + /* Table 85 - Definition of TPMS_PCR_SELECTION Structure - pcrSelections */ + in.pcrs.pcrSelections[0].hash = halg; + in.pcrs.pcrSelections[0].sizeofSelect= 3; /* hard code 24 PCRs */ + /* TCG always marshals lower PCR first */ + in.pcrs.pcrSelections[0].pcrSelect[0] = (pcrmask >> 0) & 0xff; + in.pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >> 8) & 0xff; + in.pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyPCR, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policypcr: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policypcr: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policypcr\n"); + printf("\n"); + printf("Runs TPM2_PolicyPCR\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t-bm\tpcr mask in hex\n"); + printf("\t\te.g., -bm 10000 is PCR 16, 000001 is PCR 0\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policyrestart.c b/libstb/tss2/ibmtpm20tss/utils/policyrestart.c new file mode 100644 index 000000000000..4978ba41b0d2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policyrestart.c @@ -0,0 +1,218 @@ +/********************************************************************************/ +/* */ +/* PolicyRestart */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyRestart_In in; + TPMI_SH_POLICY sessionHandle = 0; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (sessionHandle == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (rc == 0) { + in.sessionHandle = sessionHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyRestart, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyrestart: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyrestart: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policyrestart\n"); + printf("\n"); + printf("Runs TPM2_PolicyRestart\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policysecret.c b/libstb/tss2/ibmtpm20tss/utils/policysecret.c new file mode 100644 index 000000000000..20642d87121e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policysecret.c @@ -0,0 +1,358 @@ +/********************************************************************************/ +/* */ +/* PolicySecret */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicySecret_In in; + PolicySecret_Out out; + TPMI_DH_ENTITY authHandle = 0; + TPMI_SH_POLICY policySession = 0; + const char *nonceTPMFilename = NULL; + const char *cpHashAFilename = NULL; + const char *policyRefFilename = NULL; + int32_t expiration = 0; + const char *ticketFilename = NULL; + const char *timeoutFilename = NULL; + const char *entityPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + in.nonceTPM.b.size = 0; + in.cpHashA.b.size = 0; + in.policyRef.b.size = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (authHandle == 0) { + printf("Missing authorizing entity handle parameter -hs\n"); + printUsage(); + } + if (policySession == 0) { + printf("Missing policy session handle parameter -hs\n"); + printUsage(); + } + if (rc == 0) { + in.authHandle = authHandle; + in.policySession = policySession; + } + if ((rc == 0) && (nonceTPMFilename != NULL)) { + rc = TSS_File_Read2B(&in.nonceTPM.b, + sizeof(in.nonceTPM.t.buffer), + nonceTPMFilename); + } + if ((rc == 0) && (cpHashAFilename != NULL)) { + rc = TSS_File_Read2B(&in.cpHashA.b, + sizeof(in.cpHashA.t.buffer), + cpHashAFilename); + } + if ((rc == 0) && (policyRefFilename != NULL)) { + rc = TSS_File_Read2B(&in.policyRef.b, + sizeof(in.policyRef.t.buffer), + policyRefFilename); + } + if (rc == 0) { + in.expiration = expiration; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicySecret, + sessionHandle0, entityPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.policyTicket, + (MarshalFunction_t)TSS_TPMT_TK_AUTH_Marshalu, + ticketFilename); + } + if ((rc == 0) && (timeoutFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.timeout.b.buffer, + out.timeout.b.size, + timeoutFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policysecret: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policysecret: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policysecret\n"); + printf("\n"); + printf("Runs TPM2_PolicySecret\n"); + printf("\n"); + printf("\t-ha\tauthorizing entity handle\n"); + printf("\t-hs\tpolicy session handle\n"); + printf("\t[-in\tnonceTPM file (default none)]\n"); + printf("\t[-cp\tcpHash file (default none)]\n"); + printf("\t[-pref\tpolicyRef file (default none)]\n"); + printf("\t[-exp\texpiration (default none)]\n"); + printf("\t[-pwde\tauthorizing entity password (default empty)]\n"); + printf("\t[-tk\tticket file name]\n"); + printf("\t[-to\ttimeout file name]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policysigned.c b/libstb/tss2/ibmtpm20tss/utils/policysigned.c new file mode 100644 index 000000000000..469cec9b29e3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policysigned.c @@ -0,0 +1,456 @@ +/********************************************************************************/ +/* */ +/* PolicySigned */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); +static TPM_RC signAHash(TPM2B_PUBLIC_KEY_RSA *signature, + TPMT_HA *aHash, + const char *signingKeyFilename, + const char *signingKeyPassword); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicySigned_In in; + PolicySigned_Out out; + TPMI_DH_OBJECT authObject = 0; + TPMI_SH_POLICY policySession = 0; + const char *nonceTPMFilename = NULL; + const char *cpHashAFilename = NULL; + const char *policyRefFilename = NULL; + const char *ticketFilename = NULL; + const char *timeoutFilename = NULL; + int32_t expiration = 0; + const char *signingKeyFilename = NULL; + const char *signingKeyPassword = NULL; + const char *signatureFilename = NULL; + uint8_t *signature = NULL; + size_t signatureLength; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMT_HA aHash; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + in.nonceTPM.b.size = 0; /* three of the components to aHash are optional */ + in.cpHashA.b.size = 0; + in.policyRef.b.size = 0; + + for (i=1 ; (i sizeof(in.auth.signature.rsassa.sig.t.buffer)) { + printf("Signature length %lu is greater than buffer %lu\n", + (unsigned long)signatureLength, + (unsigned long)sizeof(in.auth.signature.rsassa.sig.t.buffer)); + rc = TSS_RC_RSA_SIGNATURE; + } + } + if (rc == 0) { + in.auth.signature.rsassa.sig.t.size = (uint16_t)signatureLength; + memcpy(&in.auth.signature.rsassa.sig.t.buffer, signature, signatureLength); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicySigned, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.policyTicket, + (MarshalFunction_t)TSS_TPMT_TK_AUTH_Marshalu, + ticketFilename); + } + if ((rc == 0) && (timeoutFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.timeout.b.buffer, + out.timeout.b.size, + timeoutFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policysigned: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policysigned: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(signature); /* @1 */ + return rc; +} + +/* signAHash() signs digest, returns signature. The signature TPM2B_PUBLIC_KEY_RSA is a member of + the TPMT_SIGNATURE command parameter. + + This sample signer uses a pem file signingKeyFilename with signingKeyPassword. + +*/ + +TPM_RC signAHash(TPM2B_PUBLIC_KEY_RSA *signature, + TPMT_HA *aHash, + const char *signingKeyFilename, + const char *signingKeyPassword) +{ + TPM_RC rc = 0; + void *rsaKey = NULL; + uint32_t sizeInBytes; /* hash algorithm mapped to size */ + size_t signatureLength; /* RSA_Sign() output */ + + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(aHash->hashAlg); +#if 0 + if (tssUtilsVerbose) { + TSS_PrintAll("signAHash: aHash", + (uint8_t *)(&aHash->digest), sizeInBytes); + } +#endif + } + /* read the PEM format private key into the private key structure */ + if (rc == 0) { + rc = convertPemToRsaPrivKey((void **)&rsaKey, /* freed @1 */ + signingKeyFilename, (void *)signingKeyPassword); + } + /* sign aHash */ + if (rc == 0) { + rc = signRSAFromRSA(signature->t.buffer, &signatureLength, + sizeof(signature->t.buffer), + (uint8_t *)(&aHash->digest), sizeInBytes, + aHash->hashAlg, + rsaKey); + } + if (rc == 0) { + signature->t.size = (uint16_t)signatureLength; /* length of RSA key checked above */ +#if 0 + if (tssUtilsVerbose) TSS_PrintAll("signAHash: signature", + signature->t.buffer, signature->t.size); +#endif + } + TSS_RsaFree(rsaKey); /* @1 *//* FIXME may be wrong for mbedtls */ + return rc; +} + + +static void printUsage(void) +{ + printf("\n"); + printf("policysigned\n"); + printf("\n"); + printf("Runs TPM2_PolicySigned\n"); + printf("\n"); + printf("\t-hk\tsignature verification key handle\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t[-in\tnonceTPM file (default none)]\n"); + printf("\t[-cp\tcpHash file (default none)]\n"); + printf("\t[-pref\tpolicyRef file (default none)]\n"); + printf("\t[-exp\texpiration in decimal (default none)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t-sk\tRSA signing key file name (PEM format)\n"); + printf("\t\tUse this signing key.\n"); + printf("\t-is\tsignature file name\n"); + printf("\t\tUse this signature from e.g., a smart card or other HSM.\n"); + printf("\t[-pwdk\tsigning key password (default null)]\n"); + printf("\t[-tk\tticket file name]\n"); + printf("\t[-to\ttimeout file name]\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/policytemplate.c b/libstb/tss2/ibmtpm20tss/utils/policytemplate.c new file mode 100644 index 000000000000..97c739f6679a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/policytemplate.c @@ -0,0 +1,166 @@ +/********************************************************************************/ +/* */ +/* PolicyTemplate */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyTemplate_In in; + TPMI_SH_POLICY policySession = 0; + const char *templateFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + PolicyTicket_In in; + TPMI_SH_POLICY policySession = 0; + const char *timeoutFilename = NULL; + const char *cpHashAFilename = NULL; + const char *policyRefFilename = NULL; + const char *authNameFilename = NULL; + char hierarchyChar = 0; + TPMI_RH_HIERARCHY primaryHandle = TPM_RH_NULL; + const char *ticketFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + in.cpHashA.b.size = 0; + in.policyRef.b.size = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policySession == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (timeoutFilename == NULL) { + printf("Missing timeout file name parameter -to\n"); + printUsage(); + } + if (ticketFilename == NULL) { + printf("Missing ticket file name parameter -tk\n"); + printUsage(); + } + if ((authNameFilename == NULL) && (hierarchyChar == 0)) { + printf("Missing parameter -na or -hi\n"); + printUsage(); + } + if ((authNameFilename != NULL) && (hierarchyChar != 0)) { + printf("Cannot specify both -na and -hi\n"); + printUsage(); + } + if (rc == 0) { + in.policySession = policySession; + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.timeout.b, + sizeof(in.timeout.t.buffer), + timeoutFilename); + } + if ((rc == 0) && (cpHashAFilename != NULL)) { + rc = TSS_File_Read2B(&in.cpHashA.b, + sizeof(in.cpHashA.t.buffer), + cpHashAFilename); + } + if ((rc == 0) && (policyRefFilename != NULL)) { + rc = TSS_File_Read2B(&in.policyRef.b, + sizeof(in.policyRef.t.buffer), + policyRefFilename); + } + /* if the authorizing entity was an object */ + if ((rc == 0) && (authNameFilename != NULL)) { + rc = TSS_File_Read2B(&in.authName.b, + sizeof(in.authName.t.name), + authNameFilename); + } + /* if the authorizing object was a hierarchy */ + if ((rc == 0) && (hierarchyChar != 0)) { + if (hierarchyChar == 'e') { + primaryHandle = TPM_RH_ENDORSEMENT; + } + else if (hierarchyChar == 'o') { + primaryHandle = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + primaryHandle = TPM_RH_PLATFORM; + } + else { + printf("Bad parameter %c for -hi\n", hierarchyChar); + printUsage(); + } + rc = TSS_TPM2B_CreateUint32(&in.authName.b, primaryHandle, sizeof(in.authName.t.name)); + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.ticket, + (UnmarshalFunction_t)TSS_TPMT_TK_AUTH_Unmarshalu, + ticketFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_PolicyTicket, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("policyticket: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("policyticket: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("policyticket\n"); + printf("\n"); + printf("Runs TPM2_PolicyTicket\n"); + printf("\n"); + printf("\t-ha\tpolicy session handle\n"); + printf("\t-to\ttimeout file name\n"); + printf("\t[-cp\tcpHash file (default none)]\n"); + printf("\t[-pref\tpolicyRef file (default none)]\n"); + printf("\t-na\tauthName file (not hierarchy)\n"); + printf("\t-hi\thierarchy (e, o, p) (authName is hierarchy)\n"); + printf("\t\te endorsement, o owner, p platform\n"); + printf("\t-tk\tticket file name\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/powerup.c b/libstb/tss2/ibmtpm20tss/utils/powerup.c new file mode 100644 index 000000000000..164b20c85116 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/powerup.c @@ -0,0 +1,128 @@ +/********************************************************************************/ +/* */ +/* Simulator Power up */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +/* FIXME should really be in tpmtcpprotocol.h */ +#ifdef TPM_WINDOWS +#include /* for simulator startup */ +#endif + +#include +#include +#include /* for simulator power up */ + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + unsigned int tmpSession; + TPMA_OBJECT object; + TPMA_SESSION session; + TPMA_STARTUP_CLEAR startup; + TPMA_NV nv; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include "objecttemplates.h" +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + int noSpace = FALSE; + TPM2B_PUBLIC inPublic; + TPM2B_NV_PUBLIC nvPublic; + int keyType = TYPE_SI; + TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_RSASSA; + uint32_t keyTypeSpecified = 0; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + const char *nvPublicFilename = NULL; + const char *publicKeyFilename = NULL; + const char *derKeyFilename = NULL; + const char *pemKeyFilename = NULL; + const char *nameFilename = NULL; + int userWithAuth = TRUE; + int object = TRUE; /* TPM object, false if NV index */ + unsigned int inputCount = 0; + TPM2B_TEMPLATE marshaled; + uint16_t written; + uint32_t size; + uint8_t *buffer; + TPMT_HA name; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 1) { + printf("Too many key attributes\n"); + printUsage(); + } + if ((publicKeyFilename != NULL) && (!userWithAuth)) { + printf("userWithAuth unused for TPM2B_PUBLIC input\n"); + printUsage(); + + } + /* loadexternal key pair cannot be restricted (storage key) and must have NULL symmetric + scheme*/ + if (derKeyFilename != NULL) { + if (keyType == TYPE_ST) { + keyType = TYPE_DEN; + } + } + if (rc == 0) { + /* TPM format key, output from create */ + if (publicKeyFilename != NULL) { + rc = TSS_File_ReadStructureFlag(&inPublic, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + TRUE, /* NULL permitted */ + publicKeyFilename); + } + /* NV Index public area */ + else if (nvPublicFilename != 0) { + rc = TSS_File_ReadStructure(&nvPublic, + (UnmarshalFunction_t)TSS_TPM2B_NV_PUBLIC_Unmarshalu, + nvPublicFilename); + + } + /* PEM format, output from e.g. openssl, readpublic, createprimary, create */ + else if (pemKeyFilename != NULL) { + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaPemToPublic(&inPublic, + keyType, + scheme, + nalg, + halg, + pemKeyFilename); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcPemToPublic(&inPublic, + keyType, + scheme, + nalg, + halg, + pemKeyFilename); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("-rsa algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + } + /* DER format key pair */ + else if (derKeyFilename != NULL) { + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaDerToPublic(&inPublic, + keyType, + scheme, + nalg, + halg, + derKeyFilename); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = convertEcDerToPublic(&inPublic, + keyType, + scheme, + nalg, + halg, + derKeyFilename); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("-rsa algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + } + else { + printf("Failure parsing -ipu, -ipem, -ider\n"); + printUsage(); + } + } + /* TPM object */ + if (object) { + if (rc == 0) { + name.hashAlg = inPublic.publicArea.nameAlg; + if (!userWithAuth) { + inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_USERWITHAUTH; + } + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_PUBLIC_Print(&inPublic.publicArea, 2); + } + if (rc == 0) { + written = 0; + size = sizeof(marshaled.t.buffer); + buffer = marshaled.t.buffer; + + rc = TSS_TPMT_PUBLIC_Marshalu(&inPublic.publicArea, &written, &buffer, &size); + marshaled.t.size = written; + } + } + /* TPM NV Index */ + else { + if (rc == 0) { + name.hashAlg = nvPublic.nvPublic.nameAlg; + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_NV_PUBLIC_Print(&nvPublic.nvPublic, 2); + } + if (rc == 0) { + written = 0; + size = sizeof(marshaled.t.buffer); + buffer = marshaled.t.buffer; + + rc = TSS_TPMS_NV_PUBLIC_Marshalu(&nvPublic.nvPublic, &written, &buffer, &size); + marshaled.t.size = written; + } + } + if (rc == 0) { + rc = TSS_Hash_Generate(&name, + marshaled.t.size, marshaled.t.buffer, + 0, NULL); + } + /* trace the Name */ + if ((rc == 0) && noSpace) { + printf("%02X%02x", name.hashAlg >> 8, name.hashAlg & 0xff); + for (i = 0; i < TSS_GetDigestSize(name.hashAlg); i++) { + printf("%02x", name.digest.tssmax[i]); + } + printf("\n"); + } + /* save the Name */ + if ((rc == 0) && (nameFilename != NULL)) { + rc = TSS_File_WriteStructure(&name, + (MarshalFunction_t)TSS_TPMT_HA_Marshalu, + nameFilename); + } + if (rc != 0) { + const char *msg; + const char *submsg; + const char *num; + printf("publicname: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("publicname\n"); + printf("\n"); + printf("Calculates the public name of an entity. There are times that a policy creator\n" + "has TPM, PEM, or DER format information, but does not have access to a TPM.\n" + "This utility accepts these inputs and outputs the name in the 'no spaces'\n" + "format suitable for pasting into a policy. The binary format is used in the\n" + "regression test\n"); + printf("\n"); + printf("\t-invpu\tTPM2B_NV_PUBLIC public key file name\n"); + printf("\t-ipu\tTPM2B_PUBLIC public key file name\n"); + printf("\t-ipem\tPEM format public key file name\n"); + printf("\t-ider\tDER format plaintext key pair file name]\n"); + printf("\t[-on\tbinary format Name file name]\n"); + printf("\t[-ns\tprint Name in hexacsii]\n"); + printf("\n"); + printf("\t\t-pem and -ider optional arguments\n"); + printf("\n"); + printf("\t[-rsa\t(default)]\n"); + printf("\t[-ecc\t]\n"); + printf("\t[-scheme for signing key (default RSASSA scheme)]\n"); + printf("\t\trsassa\n"); + printf("\t\trsapss\n"); + printf("\t\tnull\n"); + printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); + printf("\t[-si\tsigning (default) RSA]\n"); + printf("\t[-st\tstorage (default NULL scheme)]\n"); + printf("\t[-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/quote.c b/libstb/tss2/ibmtpm20tss/utils/quote.c new file mode 100644 index 000000000000..c29fad04bff7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/quote.c @@ -0,0 +1,439 @@ +/********************************************************************************/ +/* */ +/* Quote */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Quote_In in; + Quote_Out out; + TPMI_DH_OBJECT signHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_HASH palg = TPM_ALG_SHA256; + const char *keyPassword = NULL; + TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; + const char *signatureFilename = NULL; + const char *attestInfoFilename = NULL; + const char *qualifyingDataFilename = NULL; + TPM_ALG_ID sigAlg = TPM_ALG_RSA; + TPMS_ATTEST tpmsAttest; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.PCRselect.pcrSelections[0].sizeofSelect = 3; + in.PCRselect.pcrSelections[0].pcrSelect[0] = 0; + in.PCRselect.pcrSelections[0].pcrSelect[1] = 0; + in.PCRselect.pcrSelections[0].pcrSelect[2] = 0; + /* command line argument defaults */ + for (i=1 ; (i 23) { + printf("Bad PCR handle parameter %u for -hp\n",pcrHandle); + printUsage(); + } + /* accumulate PCR select bits */ + else { + in.PCRselect.pcrSelections[0].pcrSelect[pcrHandle / 8] |= 1 << (pcrHandle % 8); + } + } + else { + printf("Missing parameter for -hp\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-hk") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &signHandle); + } + else { + printf("Missing parameter for -hk\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-pwdk") == 0) { + i++; + if (i < argc) { + keyPassword = argv[i]; + } + else { + printf("-pwdk option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-halg") == 0) { + i++; + if (i < argc) { + if (strcmp(argv[i],"sha1") == 0) { + halg = TPM_ALG_SHA1; + } + else if (strcmp(argv[i],"sha256") == 0) { + halg = TPM_ALG_SHA256; + } + else if (strcmp(argv[i],"sha384") == 0) { + halg = TPM_ALG_SHA384; + } + else if (strcmp(argv[i],"sha512") == 0) { + halg = TPM_ALG_SHA512; + } + else { + printf("Bad parameter %s for -halg\n", argv[i]); + printUsage(); + } + } + else { + printf("-halg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-palg") == 0) { + i++; + if (i < argc) { + if (strcmp(argv[i],"sha1") == 0) { + palg = TPM_ALG_SHA1; + } + else if (strcmp(argv[i],"sha256") == 0) { + palg = TPM_ALG_SHA256; + } + else if (strcmp(argv[i],"sha384") == 0) { + palg = TPM_ALG_SHA384; + } + else if (strcmp(argv[i],"sha512") == 0) { + palg = TPM_ALG_SHA512; + } + else { + printf("Bad parameter %s for -palg\n", argv[i]); + printUsage(); + } + } + else { + printf("-palg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-salg") == 0) { + i++; + if (i < argc) { + if (strcmp(argv[i],"rsa") == 0) { + sigAlg = TPM_ALG_RSA; + } + else if (strcmp(argv[i],"ecc") == 0) { + sigAlg = TPM_ALG_ECDSA; + } + else if (strcmp(argv[i],"hmac") == 0) { + sigAlg = TPM_ALG_HMAC; + } + else { + printf("Bad parameter %s for -salg\n", argv[i]); + printUsage(); + } + } + else { + printf("-salg option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-os") == 0) { + i++; + if (i < argc) { + signatureFilename = argv[i]; + } + else { + printf("-os option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-oa") == 0) { + i++; + if (i < argc) { + attestInfoFilename = argv[i]; + } + else { + printf("-oa option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-qd") == 0) { + i++; + if (i < argc) { + qualifyingDataFilename = argv[i]; + } + else { + printf("-qd option needs a value\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se0") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle0); + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes0); + if (sessionAttributes0 > 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (signHandle == 0) { + printf("Missing sign handle parameter -hk\n"); + printUsage(); + } + if (pcrHandle >= IMPLEMENTATION_PCR) { + printf("Missing PCR handle parameter -hp\n"); + printUsage(); + } + if (rc == 0) { + /* Handle of key that will perform quoting */ + in.signHandle = signHandle; + /* data supplied by the caller */ + if (sigAlg == TPM_ALG_RSA) { + /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + in.inScheme.scheme = TPM_ALG_RSASSA; + /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (sigAlg == TPM_ALG_ECDSA) { + in.inScheme.scheme = TPM_ALG_ECDSA; + in.inScheme.details.ecdsa.hashAlg = halg; + } + else { /* HMAC */ + in.inScheme.scheme = TPM_ALG_HMAC; + in.inScheme.details.hmac.hashAlg = halg; + } + /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + in.PCRselect.count = 1; + /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ + in.PCRselect.pcrSelections[0].hash = palg; + } + if (rc == 0) { + if (qualifyingDataFilename != NULL) { + rc = TSS_File_Read2B(&in.qualifyingData.b, + sizeof(in.qualifyingData.t.buffer), + qualifyingDataFilename); + } + else { + in.qualifyingData.t.size = 0; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Quote, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + uint8_t *tmpBuffer = out.quoted.t.attestationData; + uint32_t tmpSize = out.quoted.t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); + } + if (rc == 0) { + int match; + match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); + if (!match) { + printf("quote: failed, extraData != qualifyingData\n"); + rc = EXIT_FAILURE; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + if ((rc == 0) && (attestInfoFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.quoted.t.attestationData, + out.quoted.t.size, + attestInfoFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); + if (tssUtilsVerbose) printf("quote: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("quote: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("quote\n"); + printf("\n"); + printf("Runs TPM2_Quote\n"); + printf("\n"); + printf("\t-hp\tpcr handle (may be specified more than once)\n"); + printf("\t-hk\tquoting key handle\n"); + printf("\t[-pwdk\tpassword for quoting key (default empty)]\n"); + printf("\t[-halg\tfor signing (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-palg\tfor PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t[-qd\tqualifying data file name]\n"); + printf("\t[-os\tquote signature file name (default do not save)]\n"); + printf("\t[-oa\tattestation output file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/readclock.c b/libstb/tss2/ibmtpm20tss/utils/readclock.c new file mode 100644 index 000000000000..dba92a8988fb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/readclock.c @@ -0,0 +1,161 @@ +/********************************************************************************/ +/* */ +/* ReadClock */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ReadClock_Out out; + const char *timeFilename = NULL; + const char *clockFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (itime), + timeFilename) ; + } + if ((rc == 0) && (clockFilename != NULL)) { + rc = TSS_File_WriteBinaryFile((uint8_t *)&out.currentTime.clockInfo.clock, + sizeof(((TPMS_TIME_INFO *)NULL)->clockInfo.clock), + clockFilename); + } + if (rc == 0) { + TSS_TPMS_TIME_INFO_Print(&out.currentTime, 0); + if (tssUtilsVerbose) printf("readclock: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("readclock: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("readclock\n"); + printf("\n"); + printf("Runs TPM2_ReadClock\n"); + printf("\n"); + printf("\t[-otime time file name (default do not save)]\n"); + printf("\t[-oclock clock file name (default do not save)]\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/readpublic.c b/libstb/tss2/ibmtpm20tss/utils/readpublic.c new file mode 100644 index 000000000000..757da33d414b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/readpublic.c @@ -0,0 +1,284 @@ +/********************************************************************************/ +/* */ +/* ReadPublic */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printReadPublic(ReadPublic_Out *out); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ReadPublic_In in; + ReadPublic_Out out; + TPMI_DH_PCR objectHandle = TPM_RH_NULL; + const char *publicKeyFilename = NULL; + const char *pemFilename = NULL; + int noSpace = FALSE; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (objectHandle == TPM_RH_NULL) { + printf("Missing or bad object handle parameter -ho\n"); + printUsage(); + } + if (rc == 0) { + in.objectHandle = objectHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ReadPublic, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + /* save the public key */ + if ((rc == 0) && (publicKeyFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.outPublic, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + publicKeyFilename); + } + /* save the optional PEM public key */ + if ((rc == 0) && (pemFilename != NULL)) { + rc = convertPublicToPEM(&out.outPublic, + pemFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printReadPublic(&out); + if (noSpace) { + unsigned int b; + for (b = 0 ; b < out.name.t.size ; b++) { + printf("%02x", out.name.t.name[b]); + } + printf("\n"); + } + if (tssUtilsVerbose) printf("readpublic: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("readpublic: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printReadPublic(ReadPublic_Out *out) +{ + TSS_TPMT_PUBLIC_Print(&out->outPublic.publicArea, 0); + TSS_PrintAll("name", + out->name.t.name, + out->name.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("readpublic\n"); + printf("\n"); + printf("Runs TPM2_ReadPublic\n"); + printf("\n"); + printf("\t-ho\tobject handle\n"); + printf("\t[-opu\tpublic key file name (default do not save)]\n"); + printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n"); + printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n"); + printf("\t\tUseful to paste into policy\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/reg.bat b/libstb/tss2/ibmtpm20tss/utils/reg.bat new file mode 100644 index 000000000000..1f1a5de17d13 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/reg.bat @@ -0,0 +1,383 @@ +@echo off + +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +set soc= +set mssim= +if "%TPM_INTERFACE_TYPE%" == "" ( + set soc=1 +) +if "%TPM_INTERFACE_TYPE%" == "socsim" ( + set soc=1 +) +if defined soc ( + if "%TPM_SERVER_TYPE%" == "" ( + set mssim=1 + ) + if "%TPM_SERVER_TYPE%" == "mssim" ( + set mssim=1 + ) +) + +set ITERATE_ALGS=sha1 sha256 sha384 sha512 +set BAD_ITERATE_ALGS=sha256 sha384 sha512 sha1 + +if defined mssim ( + call regtests\inittpm.bat + IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed inittpm.bat" + exit /B 1 + ) +) + +for /f %%i in ('%TPM_EXE_PATH%getrandom -by 16 -ns') do set TPM_SESSION_ENCKEY=%%i +echo "Session state encryption key" +echo %TPM_SESSION_ENCKEY% + +call regtests\initkeys.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed initkeys.bat" + exit /B 1 +) + +call regtests\testrng.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testrng.bat" + exit /B 1 +) + +call regtests\testpcr.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testpcr.bat" + exit /B 1 +) + +call regtests\testprimary.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testprimary.bat" + exit /B 1 +) + +call regtests\testcreateloaded.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testcreateloaded.bat" + exit /B 1 +) + +call regtests\testhmacsession.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testhmacsession.bat" + exit /B 1 +) + +call regtests\testbind.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testbind.bat" + exit /B 1 +) + +call regtests\testsalt.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testsalt.bat" + exit /B 1 +) + +call regtests\testhierarchy.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testhierarchy.bat" + exit /B 1 +) + +call regtests\teststorage.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed teststorage.bat" + exit /B 1 +) + +call regtests\testchangeauth.bat + IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testchangeauth.bat" + exit /B 1 +) + +call regtests\testencsession.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testencsession.bat" + exit /B 1 +) + +call regtests\testsign.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testsign.bat" + exit /B 1 +) + +call regtests\testnv.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testnv.bat" + exit /B 1 +) + +call regtests\testnvpin.bat + IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testnvpin.bat" + exit /B 1 + ) + +call regtests\testevict.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testevict.bat" + exit /B 1 +) + +call regtests\testrsa.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testrsa.bat" + exit /B 1 +) + +call regtests\testaes.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testaes.bat" + exit /B 1 +) + +call regtests\testaes138.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testaes138.bat" + exit /B 1 +) + +call regtests\testhmac.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testhmac.bat" + exit /B 1 +) + +call regtests\testattest.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testattest.bat" + exit /B 1 +) + +call regtests\testpolicy.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testpolicy.bat" + exit /B 1 +) + +call regtests\testpolicy138.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testpolicy138.bat" + exit /B 1 +) + +call regtests\testcontext.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testcontext.bat" + exit /B 1 +) + +call regtests\testclocks.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testclocks.bat" + exit /B 1 +) + +call regtests\testda.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testda.bat" + exit /B 1 +) + +call regtests\testunseal.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testunseal.bat" + exit /B 1 +) + +call regtests\testdup.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testdup.bat" + exit /B 1 +) + +call regtests\testecc.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testecc.bat" + exit /B 1 +) + +call regtests\testcredential.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testcredential.bat" + exit /B 1 +) + +call regtests\testattest155.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testattest155.bat" + exit /B 1 +) + +call regtests\testx509.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testx509.bat" + exit /B 1 +) + +call regtests\testgetcap.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testgetcap.bat" + exit /B 1 +) + +call regtests\testshutdown.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testshutdown.bat" + exit /B 1 +) + +call regtests\testchangeseed.bat +IF !ERRORLEVEL! NEQ 0 ( + echo "" + echo "Failed testchangeseed.bat" + exit /B 1 +) + +REM cleanup + +%TPM_EXE_PATH%flushcontext -ha 80000000 + +rm -f dec.bin +rm -f derpriv.bin +rm -f derpub.bin +rm -f despriv.bin +rm -f despub.bin +rm -f empty.bin +rm -f enc.bin +rm -f khprivsha1.bin +rm -f khprivsha256.bin +rm -f khprivsha384.bin +rm -f khprivsha512.bin +rm -f khpubsha1.bin +rm -f khpubsha256.bin +rm -f khpubsha384.bin +rm -f khpubsha512.bin +rm -f msg.bin +rm -f noncetpm.bin +rm -f policyapproved.bin +rm -f prich.bin +rm -f pritk.bin +rm -f pssig.bin +rm -f run.out +rm -f sig.bin +rm -f signeccpriv.bin +rm -f signeccpub.bin +rm -f signeccpub.pem +rm -f signpriv.bin +rm -f signpub.bin +rm -f signpub.pem +rm -f signpub.pem +rm -f signrpriv.bin +rm -f signrpub.bin +rm -f signrpub.pem +rm -f stoch.bin +rm -f storeeccpriv.bin +rm -f storeeccpub.bin +rm -f storepriv.bin +rm -f storepub.bin +rm -f stotk.bin +rm -f tkt.bin +rm -f tmp.bin +rm -f tmp1.bin +rm -f tmp2.bin +rm -f tmppriv.bin +rm -f tmppub.bin +rm -f tmpsha1.bin +rm -f tmpsha256.bin +rm -f tmpsha384.bin +rm -f tmpsha512.bin +rm -f tmpspriv.bin +rm -f tmpspub.bin +rm -f to.bin +rm -f zero.bin + +echo "" +echo "Success" + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/reg.sh b/libstb/tss2/ibmtpm20tss/utils/reg.sh new file mode 100755 index 000000000000..3cdb75ab4436 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/reg.sh @@ -0,0 +1,599 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2014 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# handles are +# 80000000 platform hierarchy primary storage key +# password pps +# storage key under primary +# password sto +# storepriv.bin +# signing key under primary +# password sig +# signpriv.bin +# RSA encryption key under primary +# password dec +# decpriv.bin + +# at test entry and exit, there is a platform primary key at 80000000 and +# storage and signing keys under them, ready to load. +# The exception is the last test case, which rolls the seeds. + +# This is a namespace prefix +# For the basic tarball, PREFIX is set to ./ (the current directory) + +PREFIX=./ + +# The distro releases prefix all the TPM 2.0 utility names with tss, +# so PREFIX is set to tss + +# PREFIX=tss + +#PREFIX="valgrind ./" + +# hash algorithms to be used for testing + +export ITERATE_ALGS="sha1 sha256 sha384 sha512" +export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1" + +printUsage () +{ + echo "" + echo "" + echo "-h help" + echo "-a all tests" + echo "-1 random number generator" + echo "-2 PCR" + echo "-3 primary keys" + echo "-4 createloaded - rev 146" + echo "-5 HMAC session - no bind or salt" + echo "-6 HMAC session - bind" + echo "-7 HMAC session - salt" + echo "-8 Hierarchy" + echo "-9 Storage" + echo "-10 Object Change Auth" + echo "-11 Encrypt and decrypt sessions" + echo "-12 Sign" + echo "-13 NV" + echo "-14 NV PIN Index - rev 138" + echo "-15 Evict control" + echo "-16 RSA encrypt decrypt" + echo "-17 AES encrypt decrypt" + echo "-18 AES encrypt decrypt - rev 138" + echo "-19 HMAC and Hash" + echo "-20 Attestation" + echo "-21 Policy" + echo "-22 Policy - rev 138" + echo "-23 Context" + echo "-24 Clocks and Timers" + echo "-25 DA logic" + echo "-26 Unseal" + echo "-27 Duplication" + echo "-28 ECC" + echo "-29 Credential" + echo "-30 Attestation - rev 155" + echo "-31 X509 - rev 155" + echo "-32 Get Capability" + echo "-35 Shutdown (only run for simulator)" + echo "-40 Tests under development (not part of all)" + echo "" + echo "-50 Change seed" +} + +checkSuccess() +{ +if [ $1 -ne 0 ]; then + echo " ERROR:" + cat run.out + exit 255 +else + echo " INFO:" +fi + +} + +# FIXME should not increment past 254 + +checkWarning() +{ +if [ $1 -ne 0 ]; then + echo " WARN: $2" + ((WARN++)) +else + echo " INFO:" +fi +} + +checkFailure() +{ +if [ $1 -eq 0 ]; then + echo " ERROR:" + cat run.out + exit 255 +else + echo " INFO:" +fi +} + +cleanup() +{ +# stdout + rm -f run.out +# general purpose keys + rm -f derrsa2048priv.bin + rm -f derrsa2048pub.bin + rm -f derrsa3072priv.bin + rm -f derrsa3072pub.bin + rm -f despriv.bin + rm -f despub.bin + rm -f khprivsha1.bin + rm -f khprivsha256.bin + rm -f khprivsha384.bin + rm -f khprivsha512.bin + rm -f khpubsha1.bin + rm -f khpubsha256.bin + rm -f khpubsha384.bin + rm -f khpubsha512.bin + rm -f khrprivsha1.bin + rm -f khrprivsha256.bin + rm -f khrprivsha384.bin + rm -f khrprivsha512.bin + rm -f khrpubsha1.bin + rm -f khrpubsha256.bin + rm -f khrpubsha384.bin + rm -f khrpubsha512.bin + rm -f prich.bin + rm -f pritk.bin + rm -f signeccnfpriv.bin + rm -f signeccnfpub.bin + rm -f signeccnfpub.pem + rm -f signeccpriv.bin + rm -f signeccpub.bin + rm -f signeccpub.pem + rm -f signeccrpriv.bin + rm -f signeccrpub.bin + rm -f signeccrpub.pem + rm -f signrsa2048nfpriv.bin + rm -f signrsa2048nfpub.bin + rm -f signrsa2048nfpub.pem + rm -f signrsa2048priv.bin + rm -f signrsa2048pub.bin + rm -f signrsa2048pub.pem + rm -f signrsa3072priv.bin + rm -f signrsa3072pub.bin + rm -f signrsa3072pub.pem + rm -f signrsa2048rpriv.bin + rm -f signrsa2048rpub.bin + rm -f signrsa2048rpub.pem + rm -f stoch.bin + rm -f storeeccpriv.bin + rm -f storeeccpub.bin + rm -f storsach.bin + rm -f storsatk.bin + rm -f stotk.bin + rm -r storersa2048priv.bin + rm -r storersa2048pub.bin + +# misc + rm -f dec.bin + rm -f enc.bin + rm -f msg.bin + rm -f noncetpm.bin + rm -f policyapproved.bin + rm -f pssig.bin + rm -f sig.bin + rm -f tkt.bin + rm -f tmp.bin + rm -f tmp1.bin + rm -f tmp2.bin + rm -f tmpsha1.bin + rm -f tmpsha256.bin + rm -f tmpsha384.bin + rm -f tmpsha512.bin + rm -f tmppriv.bin + rm -f tmppub.bin + rm -f tmpspriv.bin + rm -f tmpspub.bin + rm -f to.bin + rm -f zero.bin +} + +initprimary() +{ + echo "Create a platform primary RSA storage key" + ${PREFIX}createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out + checkSuccess $? +} + + +export -f checkSuccess +export -f checkWarning +export -f checkFailure +export WARN +export PREFIX +export -f initprimary +# hack because the mbedtls port is incomplete +export CRYPTOLIBRARY=`${PREFIX}getcryptolibrary` + +# example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below +export TPM_SESSION_ENCKEY + +main () +{ + RC=0 + I=0 + ((WARN=0)) + + if [ "$1" == "-h" ]; then + printUsage + echo "" + echo "crypto library is ${CRYPTOLIBRARY}" + echo "" + exit 0 + else + # the MS simulator needs power up and startup + if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then + if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then + ./regtests/inittpm.sh + fi + fi + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + # example for running scripts with encrypted sessions, see TPM_ENCRYPT_SESSIONS above + # getrandom must wait until after inittpm.sh (powerup and startup) + TPM_SESSION_ENCKEY=`${PREFIX}getrandom -by 16 -ns` + ./regtests/initkeys.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((WARN=$RC)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-1" ]; then + ./regtests/testrng.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-2" ]; then + ./regtests/testpcr.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-3" ]; then + ./regtests/testprimary.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-4" ]; then + ./regtests/testcreateloaded.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-5" ]; then + ./regtests/testhmacsession.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-6" ]; then + ./regtests/testbind.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-7" ]; then + ./regtests/testsalt.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-8" ]; then + ./regtests/testhierarchy.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-9" ]; then + ./regtests/teststorage.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-10" ]; then + ./regtests/testchangeauth.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-11" ]; then + ./regtests/testencsession.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-12" ]; then + ./regtests/testsign.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-13" ]; then + ./regtests/testnv.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-14" ]; then + ./regtests/testnvpin.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-15" ]; then + ./regtests/testevict.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-16" ]; then + ./regtests/testrsa.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-17" ]; then + ./regtests/testaes.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-18" ]; then + ./regtests/testaes138.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-19" ]; then + ./regtests/testhmac.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-20" ]; then + ./regtests/testattest.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + ((WARN=$RC)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-21" ]; then + ./regtests/testpolicy.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-22" ]; then + ./regtests/testpolicy138.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-23" ]; then + ./regtests/testcontext.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-24" ]; then + ./regtests/testclocks.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-25" ]; then + ./regtests/testda.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-26" ]; then + ./regtests/testunseal.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-27" ]; then + ./regtests/testdup.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-28" ]; then + ./regtests/testecc.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-29" ]; then + ./regtests/testcredential.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-30" ]; then + ./regtests/testattest155.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-31" ]; then + ./regtests/testx509.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-32" ]; then + ./regtests/testgetcap.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-a" ] || [ "$1" == "-35" ]; then + # the MS simulator supports power cycling + if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then + if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then + ./regtests/testshutdown.sh + fi + fi + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ "$1" == "-40" ]; then + ./regtests/testdevel.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + ((WARN=$RC)) + fi +# this must be the last test + if [ "$1" == "-a" ] || [ "$1" == "-50" ]; then + ./regtests/testchangeseed.sh + RC=$? + if [ $RC -ne 0 ]; then + exit 255 + fi + ((I++)) + fi + if [ $RC -ne 0 ]; then + echo "" + echo "Failed" + echo "" + exit 255 + else + # -0 is a debug mode that initializes and does not clean up + if [ "$1" != "-0" ]; then + ${PREFIX}flushcontext -ha 80000000 + cleanup + fi + + echo "" + echo "Success - ${I} Tests ${WARN} Warnings" + echo "" + fi +} + + +main "$@" diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/.cvsignore b/libstb/tss2/ibmtpm20tss/utils/regtests/.cvsignore new file mode 100644 index 000000000000..8ea2fe2e2b8d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/.cvsignore @@ -0,0 +1 @@ +testdevel.sh diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.bat new file mode 100644 index 000000000000..0f04aad8236c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.bat @@ -0,0 +1,147 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM # +REM (c) Copyright IBM Corporation 2015 - 2020 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo | set /p="1234567890123456" > msg.bin +touch zero.bin + +REM try to undefine any NV index left over from a previous test. Do not check for errors. +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000003 > run.out + +REM same for persistent objects +%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out + +echo "" +echo "Initialize Regression Test Keys" +echo "" + +echo "Create a platform primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create an RSA storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersa2048priv.bin -opu storersa2048pub.bin -tk storsatk.bin -ch storsach.bin -pwdp sto -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create an ECC storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp sto -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%B in (2048 3072) do ( + + echo "Create an unrestricted RSA %%B signing key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr signrsa%%Bpriv.bin -opu signrsa%%Bpub.bin -opem signrsa%%Bpub.pem -pwdp sto -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create an RSA decryption key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -den -kt f -kt p -opr derrsa%%Bpriv.bin -opu derrsa%%Bpub.bin -pwdp sto -pwdk dec > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Create an unrestricted ECC signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a restricted RSA signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr signrsa2048rpriv.bin -opu signrsa2048rpub.bin -opem signrsa2048rpub.pem -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a restricted ECC signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -sir -kt f -kt p -opr signeccrpriv.bin -opu signeccrpub.bin -opem signeccrpub.pem -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a not fixedTPM RSA signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -sir -opr signrsa2048nfpriv.bin -opu signrsa2048nfpub.bin -opem signrsa2048nfpub.pem -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a not fixedTPM ECC signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -sir -opr signeccnfpriv.bin -opu signeccnfpub.bin -opem signeccnfpub.pem -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a symmetric cipher key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a %%H unrestricted keyed hash key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -kh -kt f -kt p -opr khpriv%%H.bin -opu khpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a %%H restricted keyed hash key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -khr -kt f -kt p -opr khrpriv%%H.bin -opu khrpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +exit /B 0 + + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.sh new file mode 100755 index 000000000000..fba6153425de --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/initkeys.sh @@ -0,0 +1,130 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo -n "1234567890123456" > msg.bin +touch zero.bin + +# try to undefine any NV index left over from a previous test. Do not check for errors. +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out +${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out +${PREFIX}nvundefinespace -hi o -ha 01000002 > run.out +${PREFIX}nvundefinespace -hi o -ha 01000003 > run.out +# same for persistent objects +${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out + +echo "" +echo "Initialize Regression Test Keys" +echo "" + +# Create a platform primary RSA storage key +initprimary + +echo "Create an RSA storage key under the primary key" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersa2048priv.bin -opu storersa2048pub.bin -tk storsatk.bin -ch storsach.bin -pwdp sto -pwdk sto > run.out +checkSuccess $? + +echo "Create an ECC storage key under the primary key" +${PREFIX}create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp sto -pwdk sto > run.out +checkSuccess $? + +for BITS in 2048 3072 +do + + echo "Create an unrestricted RSA $BITS signing key under the primary key" + ${PREFIX}create -hp 80000000 -rsa ${BITS} -si -kt f -kt p -opr signrsa${BITS}priv.bin -opu signrsa${BITS}pub.bin -opem signrsa${BITS}pub.pem -pwdp sto -pwdk sig > run.out + checkSuccess $? + + echo "Create an RSA $BITS decryption key under the primary key" + ${PREFIX}create -hp 80000000 -den -kt f -kt p -opr derrsa${BITS}priv.bin -opu derrsa${BITS}pub.bin -pwdp sto -pwdk dec > run.out + checkSuccess $? + +done + +echo "Create an unrestricted ECC signing key under the primary key" +${PREFIX}create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Create a restricted RSA signing key under the primary key" +${PREFIX}create -hp 80000000 -rsa 2048 -sir -kt f -kt p -opr signrsa2048rpriv.bin -opu signrsa2048rpub.bin -opem signrsa2048rpub.pem -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Create an restricted ECC signing key under the primary key" +${PREFIX}create -hp 80000000 -ecc nistp256 -sir -kt f -kt p -opr signeccrpriv.bin -opu signeccrpub.bin -opem signeccrpub.pem -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Create a not fixedTPM RSA signing key under the primary key" +${PREFIX}create -hp 80000000 -sir -opr signrsa2048nfpriv.bin -opu signrsa2048nfpub.bin -opem signrsa2048nfpub.pem -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Create a not fixedTPM ECC signing key under the primary key" +${PREFIX}create -hp 80000000 -ecc nistp256 -sir -opr signeccnfpriv.bin -opu signeccnfpub.bin -opem signeccnfpub.pem -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Create a symmetric cipher key under the primary key" +${PREFIX}create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out +RC=$? +checkWarning $RC "Symmetric cipher key may not support sign attribute" + +if [ $RC -ne 0 ]; then + echo "Create a rev 116 symmetric cipher key under the primary key" + ${PREFIX}create -hp 80000000 -des -116 -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out + checkSuccess $? +fi + +for HALG in ${ITERATE_ALGS} + +do + + echo "Create a ${HALG} unrestricted keyed hash key under the primary key" + ${PREFIX}create -hp 80000000 -kh -kt f -kt p -opr khpriv${HALG}.bin -opu khpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out + checkSuccess $? + + echo "Create a ${HALG} restricted keyed hash key under the primary key" + ${PREFIX}create -hp 80000000 -khr -kt f -kt p -opr khrpriv${HALG}.bin -opu khrpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out + checkSuccess $? + + + +done + +exit ${WARN} diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.bat new file mode 100644 index 000000000000..bfd094213e39 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.bat @@ -0,0 +1,79 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM $Id: inittpm.bat 1276 2018-07-23 19:25:13Z kgoldman $ # +REM # +REM (c) Copyright IBM Corporation 2015, 2018 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "Power cycle" +%TPM_EXE_PATH%powerup -v > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup -c -v > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Test Result" +%TPM_EXE_PATH%gettestresult > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Allocate PCRs for SHA-1, SHA-256, SHA-384 SHA-512 PCRs" +%TPM_EXE_PATH%pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Power cycle" +%TPM_EXE_PATH%powerup -v > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup -c -v > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.sh new file mode 100755 index 000000000000..eaefab4cc101 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/inittpm.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: inittpm.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Initialize TPM" +echo "" + +echo "Power cycle" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup" +${PREFIX}startup -c > run.out +checkSuccess $? + +echo "Get Test Result" +${PREFIX}gettestresult > run.out +checkSuccess $? + +echo "Allocate initial SHA-1, SHA-256, SHA-384 SHA-512 PCRs" +${PREFIX}pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out +checkSuccess $? + +echo "Power cycle" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup" +${PREFIX}startup -c > run.out +checkSuccess $? + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.bat new file mode 100644 index 000000000000..9220824f1f31 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.bat @@ -0,0 +1,143 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testaes.bat 1301 2018-08-15 21:46:19Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "AES symmetric key" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + + echo "Load the symmetric cipher key under the primary key %%~S" + %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher key 0 length message %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff zero.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the symmetric cipher key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary symmetric cipher key %%~S" + %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher primary key %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher primary key %%~S" + %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the symmetric cipher key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.sh new file mode 100755 index 000000000000..dd0d5580b079 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testaes.sh 1301 2018-08-15 21:46:19Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "AES symmetric key" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "Load the symmetric cipher key under the primary key ${SESS}" + ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto ${SESS} > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher key 0 length message ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff zero.bin dec.bin > run.out + checkSuccess $? + + echo "Flush the symmetric cipher key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Create a primary symmetric cipher key ${SESS}" + ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher primary key ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher primary key ${SESS}" + ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + checkSuccess $? + + echo "Flush the symmetric cipher key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.bat new file mode 100644 index 000000000000..a2d17b120ec4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.bat @@ -0,0 +1,142 @@ +REM ################################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015, 2016 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "AES symmetric key" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Load the symmetric cipher key under the primary key %%~S" + %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher key 0 length message %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher key %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff zero.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the symmetric cipher key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary symmetric cipher key %%~S" + %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt using the symmetric cipher primary key %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S> run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Decrypt using the symmetric cipher primary key %%~S" + %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S> run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the symmetric cipher key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.sh new file mode 100755 index 000000000000..49eb6fed8774 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testaes138.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "AES symmetric key" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "Load the symmetric cipher key under the primary key ${SESS}" + ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto ${SESS} > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher key 0 length message ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher key ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff zero.bin dec.bin > run.out + checkSuccess $? + + echo "Flush the symmetric cipher key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Create a primary symmetric cipher key ${SESS}" + ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out + checkSuccess $? + + echo "Encrypt using the symmetric cipher primary key ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out + checkSuccess $? + + echo "Decrypt using the symmetric cipher primary key ${SESS}" + ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out + checkSuccess $? + + echo "Verify the decrypt result" + diff msg.bin dec.bin > run.out + checkSuccess $? + + echo "Flush the symmetric cipher key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.bat new file mode 100644 index 000000000000..d019bb1f78e0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.bat @@ -0,0 +1,580 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2018 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Attestation" +echo "" + +echo "Load the RSA signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the ECC signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read Public, unwritten Name" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + for %%A in (rsa ecc) do ( + + IF "%%A" == "rsa" ( + set K=80000001 + ) + IF "%%A" == "ecc" ( + set K=80000002 + ) + + echo "Signing Key Self Certify %%H %%A %%~S" + %TPM_EXE_PATH%certify -hk !K! -ho 80000001 -halg %%H -pwdk sig -pwdo sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature %%H" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Quote %%H %%A %%~S" + %TPM_EXE_PATH%quote -hp 0 -hk !K! -halg %%H -palg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature %%H" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get Time %%H %%A %%~S" + %TPM_EXE_PATH%gettime -hk !K! -halg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature %%H" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Certify %%H %%A %%~S" + %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk !K! -pwdk sig -halg %%H -sz 16 %%~S -os sig.bin -oa tmp.bin -salg %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature %%H" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Set command audit digest ${HALG}" + %TPM_EXE_PATH%setcommandcodeauditstatus -hi p -halg null -clr 00000144 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get command audit digest %%H %%A %%~S" + %TPM_EXE_PATH%getcommandauditdigest -hk !K! -halg %%H %%~S -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + ) +) + +echo "Flush the RSA attestation key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the ECC attestation key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Attestation with an HMAC key" +echo "" + +echo "Generate an HMAC key" +%TPM_EXE_PATH%getrandom -by 32 -of tmphkey.bin -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a %%H HMAC key" + %TPM_EXE_PATH%create -hp 80000000 -pwdp sto -kh -halg %%H -if tmphkey.bin -opu tmppub.bin -opr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the %%H HMAC key" + %TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Self Certify with an HMAC key %%H" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using TPM" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using OpenSSL" + %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Quote with an HMAC key %%H" + %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using TPM" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using OpenSSL" + %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Gettime signed with an HMAC key %%H" + %TPM_EXE_PATH%gettime -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using TPM" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using OpenSSL" + %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Certify with an HMAC key %%H" + %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk 80000001 -halg %%H -salg hmac -sz 16 -os sig.bin -oa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using TPM" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using OpenSSL" + %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get command audit digest with an HMAC key %%H" + %TPM_EXE_PATH%getcommandauditdigest -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using TPM" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H using OpenSSL" + %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%H HMAC key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Audit" +echo "" + +REM 80000001 signing key +REM 02000000 hmac and audit session + +echo "" +echo "Audit with one session" +echo "" + +echo "Load the audit signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%B in ("" "-bi 80000001 -pwdb sig") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + + echo "Start an HMAC auth session %%H %%~B" + %TPM_EXE_PATH%startauthsession -se h -halg %%H %%~B > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa2048pub.bin -se0 02000000 81 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa2048pub.bin -se0 02000000 81 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get Session Audit Digest %%H" + %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg %%H -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the session" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM 80000001 signing key +REM 02000000 hmac session +REM 02000001 audit session + +echo "" +echo "Audit with HMAC and audit sessions" +echo "" + +echo "Load the audit signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + echo "Start an audit session %%H" + %TPM_EXE_PATH%startauthsession -se h -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa2048pub.bin -se0 02000001 81 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get Session Audit Digest %%~S" + %TPM_EXE_PATH%getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin %%~S -qd policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature" + %TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the session" + %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Certify Creation" +echo "" + +echo "Load the RSA signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Certify the creation data for the primary key 80000000" +%TPM_EXE_PATH%certifycreation -ho 80000000 -hk 80000001 -pwdk sig -tk pritk.bin -ch prich.bin -os sig.bin -oa tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the RSA storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Certify the creation data for the storage key 80000002" +%TPM_EXE_PATH%certifycreation -ho 80000002 -hk 80000001 -pwdk sig -tk storsatk.bin -ch storsach.bin -os sig.bin -oa tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Audit a PCR Read" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Start an audit session %%H" + %TPM_EXE_PATH%startauthsession -se h -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR 16 reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + cp policies/zero%%H.bin tmpdigestr.bin + + echo "PCR 16 read %%H" + %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -se0 02000000 81 -ahalg %%H -iosad tmpdigestr.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get session audit digest" + %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Check session audit digest" + diff tmpdigestr.bin tmpdigestg.bin + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Extend PCR 16" + %TPM_EXE_PATH%pcrextend -ha 16 -halg %%H -ic aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR 16 read %%H" + %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -se0 02000000 81 -ahalg %%H -iosad tmpdigestr.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get session audit digest" + %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Check session audit digest" + diff tmpdigestr.bin tmpdigestg.bin + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the audit session" + %TPM_EXE_PATH%flushcontext -ha 02000000 + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +REM cleanup + +rm -f tmppriv.bin +rm -f tmppub.bin +rm -f tmpdigestr.bin +rm -f tmpdigestg.bin +rm -f sig.bin +rm -f tmp.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.sh new file mode 100755 index 000000000000..7cc6747f8e22 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest.sh @@ -0,0 +1,442 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Attestation" +echo "" + + +# 80000001 RSA signing key +# 80000002 ECC signing key + +echo "Load the RSA signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Load the ECC signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "NV Define Space" +${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out +checkSuccess $? + +echo "NV Read Public, unwritten Name" +${PREFIX}nvreadpublic -ha 01000000 > run.out +checkSuccess $? + +echo "NV write" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out +checkSuccess $? + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + for HALG in ${ITERATE_ALGS} + do + + for SALG in rsa ecc + do + + if [ ${SALG} == rsa ]; then + HANDLE=80000001 + else + HANDLE=80000002 + fi + + echo "Signing Key Self Certify ${HALG} ${SALG} ${SESS}" + ${PREFIX}certify -hk ${HANDLE} -ho 80000001 -halg ${HALG} -pwdk sig -pwdo sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Quote ${HALG} ${SALG} ${SALG} ${SESS}" + ${PREFIX}quote -hp 0 -hk ${HANDLE} -halg ${HALG} -palg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Get Time ${HALG} ${SALG} ${SESS}" + ${PREFIX}gettime -hk ${HANDLE} -halg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "NV Certify ${HALG} ${SALG} ${SESS}" + ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk ${HANDLE} -pwdk sig -halg ${HALG} -sz 16 ${SESS} -os sig.bin -oa tmp.bin -salg ${SALG} > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Set command audit digest ${HALG}" + ${PREFIX}setcommandcodeauditstatus -hi p -halg null -clr 00000144 > run.out + checkSuccess $? + + echo "Get command audit digest ${HALG} ${SALG} ${SESS}" + ${PREFIX}getcommandauditdigest -hk ${HANDLE} -halg ${HALG} ${SESS} -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + done + done +done + +echo "Flush the RSA attestation key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the ECC attestation key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Attestation with an HMAC key" +echo "" + +echo "Generate an HMAC key" +${PREFIX}getrandom -by 32 -of tmphkey.bin -ns > run.out +checkSuccess $? + +for HALG in ${ITERATE_ALGS} +do + + echo "Create a ${HALG} HMAC key ${HMACKEY}" + ${PREFIX}create -hp 80000000 -pwdp sto -kh -halg ${HALG} -if tmphkey.bin -opu tmppub.bin -opr tmppriv.bin > run.out + checkSuccess $? + + echo "Load the ${HALG} HMAC key" + ${PREFIX}load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + checkSuccess $? + + echo "Signing Key Self Certify with an HMAC key ${HALG}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using TPM" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using OpenSSL" + ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + checkSuccess $? + + echo "Quote with an HMAC key ${HALG}" + ${PREFIX}quote -hp 0 -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using TPM" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using OpenSSL" + ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + checkSuccess $? + + echo "Gettime signed with an HMAC key ${HALG}" + ${PREFIX}gettime -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using TPM" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using OpenSSL" + ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + checkSuccess $? + + echo "NV Certify with an HMAC key ${HALG}" + ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk 80000001 -halg ${HALG} -salg hmac -sz 16 -os sig.bin -oa tmp.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using TPM" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using OpenSSL" + ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + checkSuccess $? + + echo "Get command audit digest with an HMAC key ${HALG}" + ${PREFIX}getcommandauditdigest -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using TPM" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature ${HALG} using OpenSSL" + ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out + checkSuccess $? + + echo "Flush the ${HALG} HMAC key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkSuccess $? + +echo "" +echo "Audit" +echo "" + +# 80000001 signing key +# 02000000 hmac and audit session + +echo "" +echo "Audit with one session" +echo "" + +echo "Load the audit signing key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +for BIND in "" "-bi 80000001 -pwdb sig" +do + for HALG in ${ITERATE_ALGS} + do + + echo "Start an HMAC auth session ${HALG} ${BIND}" + ${PREFIX}startauthsession -se h -halg ${HALG} ${BIND} > run.out + checkSuccess $? + + echo "Sign a digest ${HALG}" + ${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa2048pub.bin -se0 02000000 81 > run.out + checkSuccess $? + + echo "Sign a digest ${HALG}" + ${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -se0 02000000 81 -ipu signrsa2048pub.bin > run.out + checkWarning $? "Interaction between bind and audit session response HMAC may not be fixed" + + echo "Get Session Audit Digest ${HALG}" + ${PREFIX}getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg ${HALG} -os sig.bin -oa tmp.bin -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature ${HALG}" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Flush the session" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + + done +done + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# 80000001 signing key +# 02000000 hmac session +# 02000001 audit session + +echo "" +echo "Audit with HMAC and audit sessions" +echo "" + +echo "Load the audit signing key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + for HALG in ${ITERATE_ALGS} + do + + echo "Start an audit session ${HALG}" + ${PREFIX}startauthsession -se h -halg ${HALG} > run.out + checkSuccess $? + + echo "Sign a digest ${HALG}" + ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa2048pub.bin -se0 02000001 81 > run.out + checkSuccess $? + + echo "Get Session Audit Digest ${SESS}" + ${PREFIX}getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin ${SESS} -qd policies/aaa > run.out + checkSuccess $? + + echo "Verify the signature" + ${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "Flush the session" + ${PREFIX}flushcontext -ha 02000001 > run.out + checkSuccess $? + + done +done + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Certify Creation" +echo "" + +echo "Load the RSA signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Certify the creation data for the primary key 80000000" +${PREFIX}certifycreation -ho 80000000 -hk 80000001 -pwdk sig -tk pritk.bin -ch prich.bin -os sig.bin -oa tmp.bin > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out +checkSuccess $? + +echo "Load the RSA storage key under the primary key" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Certify the creation data for the storage key 80000002" +${PREFIX}certifycreation -ho 80000002 -hk 80000001 -pwdk sig -tk storsatk.bin -ch storsach.bin -os sig.bin -oa tmp.bin > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out +checkSuccess $? + +echo "Flush the storage key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the signing key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Audit a PCR Read" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Start an audit session ${HALG}" + ${PREFIX}startauthsession -se h -halg ${HALG} > run.out + checkSuccess $? + + echo "PCR 16 reset" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + cp policies/zero${HALG}.bin tmpdigestr.bin + + echo "PCR 16 read ${HALG}" + ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out + checkSuccess $? + + echo "Get session audit digest" + ${PREFIX}getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out + checkSuccess $? + + echo "Check session audit digest" + diff tmpdigestr.bin tmpdigestg.bin + checkSuccess $? + + echo "Extend PCR 16" + ${PREFIX}pcrextend -ha 16 -halg ${HALG} -ic aaa > run.out + checkSuccess $? + + echo "PCR 16 read ${HALG}" + ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out + checkSuccess $? + + echo "Get session audit digest" + ${PREFIX}getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out + checkSuccess $? + + echo "Check session audit digest" + diff tmpdigestr.bin tmpdigestg.bin + checkSuccess $? + + echo "Flush the audit session" + ${PREFIX}flushcontext -ha 02000000 + checkSuccess $? + +done + +# cleanup + +rm -f tmppriv.bin +rm -f tmppub.bin +rm -f tmpdigestr.bin +rm -f tmpdigestg.bin +rm -f sig.bin +rm -f tmp.bin +rm -f tmphkey.bin + +exit ${WARN} + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.bat new file mode 100644 index 000000000000..cc5874d2cba4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.bat @@ -0,0 +1,162 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2019 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Attestation - rev 155" +echo "" + +rem # 80000001 RSA signing key +rem # 80000002 ECC signing key + +echo "Load the RSA signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the ECC signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read Public, unwritten Name" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if msg.bin -v > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + for %%A in (rsa ecc) do ( + + IF "%%A" == "rsa" ( + set K=80000001 + ) + IF "%%A" == "ecc" ( + set K=80000002 + ) + + echo "NV Certify a digest %%H %%A %%~S" + %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk !K! -pwdk sig -halg %%H -sz 0 %%~S -os sig.bin -oa tmp.bin -salg %%A -od tmpdigest1.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%A signature %%H" + %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -of tmpdata.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Digest the hashed and certified NV data %%H" + %TPM_EXE_PATH%hash -halg %%H -if tmpdata.bin -oh tmpdigest2.bin + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Check the digest %%H results" + diff tmpdigest1.bin tmpdigest2.bin + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + ) +) + +echo "Flush the RSA attestation key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the ECC attestation key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # cleanup + +rm tmpdigest1.bin +rm tmpdata.bin +rm tmpdigest2.bin + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.sh new file mode 100755 index 000000000000..1f974740ef7d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testattest155.sh @@ -0,0 +1,132 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2019 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Attestation - rev 155" +echo "" + +# 80000001 RSA signing key +# 80000002 ECC signing key + +echo "Load the RSA signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Load the ECC signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "NV Define Space" +${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out +checkSuccess $? + +echo "NV Read Public, unwritten Name" +${PREFIX}nvreadpublic -ha 01000000 > run.out +checkSuccess $? + +echo "NV write" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out +checkSuccess $? + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + for HALG in ${ITERATE_ALGS} + do + + for SALG in rsa ecc + do + + if [ ${SALG} == rsa ]; then + HANDLE=80000001 + else + HANDLE=80000002 + fi + + echo "NV Certify a digest ${HALG} ${SALG} ${SESS}" + ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk ${HANDLE} -pwdk sig -halg ${HALG} -sz 0 ${SESS} -os sig.bin -oa tmp.bin -salg ${SALG} -od tmpdigest1.bin > run.out + checkSuccess $? + + echo "Verify the ${SALG} signature ${HALG}" + ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out + checkSuccess $? + + echo "NV read" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -of tmpdata.bin > run.out + checkSuccess $? + + echo "Digest the hashed and certified NV data ${HALG}" + ${PREFIX}hash -halg ${HALG} -if tmpdata.bin -oh tmpdigest2.bin + checkSuccess $? + + echo "Check the digest ${HALG} results" + diff tmpdigest1.bin tmpdigest2.bin + checkSuccess $? + + done + done +done + +echo "Flush the RSA attestation key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the ECC attestation key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# cleanup + +rm -f tmpdigest1.bin +rm -f tmpdata.bin +rm -f tmpdigest2.bin diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.bat new file mode 100644 index 000000000000..8bbad83747af --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.bat @@ -0,0 +1,658 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testbind.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# +REM + +setlocal enableDelayedExpansion + +echo "" +echo "Bind session" +echo "" + +echo "" +echo "Bind session to Primary Key" +echo "" + +echo "Bind session bound to primary key at 80000000" +%TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create storage key using that bind session, same object 80000000" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create storage key using that bind session, same object 80000000, wrong password does not matter" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create second primary key with different password 000 and Name" +%TPM_EXE_PATH%createprimary -hi o -pwdk 000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to second primary key at 80000001, correct password" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb 000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session, different object 80000000" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session, different object 80000000, wrong password - should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to primary key at 80000000, wrong password" +%TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb xxx > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session, same object 80000000 - should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Flush the failing session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the second primary key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Bind session to Hierarchy" +echo "" + +echo "Change platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to platform hierarchy" +%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session, wrong password - should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to platform hierarchy, wrong password" +%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb xxx > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session - should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Change platform hierarchy auth back to null" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Bind session to NV" +echo "" + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + +echo "NV Define Space" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV Read Public, unwritten Name" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to unwritten NV index at 01000000" +%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV write HMAC using bind session to set written" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Bind session bound to written NV index at 01000000" +%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV Write HMAC using bind session" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV Read HMAC using bind session" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV Read HMAC using bind session, wrong password does not matter" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using that bind session" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Encrypt with bind to same object" +echo "" + +for %%M in (xor aes) do ( + + echo "Start an HMAC auth session with %%M encryption and bind to primary key at 80000000" + %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 80000000 -pwdb sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create storage key using bind session, same object, wrong password" + %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create storage key using bind session, same object 80000000" + %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the key, with %%M encryption" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed object" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%M session" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Encrypt with bind to different object" +echo "" + +for %%M in (xor aes) do ( + + echo "Start an HMAC auth session with %%M encryption and bind to platform auth" + %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 4000000c > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create storage key using bind session, different object, wrong password, should fail" + %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Create storage key using bind session, different object" + %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the key, with %%M encryption" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed object" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%M session" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Encrypt with bind to different object, xor" +echo "" + +echo "Start an HMAC auth session with xor encryption and bind to platform auth" +%TPM_EXE_PATH%startauthsession -se h -sym xor -bi 4000000c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using bind session, different object, wrong password, should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Create storage key using bind session, different object" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the key, with xor encryption" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the xor session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Encrypt with bind to different object, aes" +echo "" + +echo "Start an HMAC auth session with aes encryption and bind to platform auth" +%TPM_EXE_PATH%startauthsession -se h -sym aes -bi 4000000c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create storage key using bind session, different object, wrong password, should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Create storage key using bind session, different object" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the key, with aes encryption" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the aes session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "PolicyAuthValue and bind to different object, command encryption" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Start a policy session, bind to primary key" +%TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Sign a digest - policy, command encrypt" +%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "PolicyAuthValue and bind to same object, command encryption" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Sign a digest - policy, command encrypt" +%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "PolicyAuthValue and bind to different object, response encryption" +echo "" + +echo "Create a storage key under the primary key - policy command code - create, auth" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Start a policy session, bind to primary key" +%TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy command code - create" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create a signing key with response encryption" +%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the signing key to verify response encryption" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "PolicyAuthValue and bind to same object, response encryption" +echo "" + +echo "Create a storage key under the primary key - policy command code - create, auth" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Start a policy session, bind to storage key" +%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy command code - create" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create a signing key with response encryption" +%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the signing key to verify response encryption" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +exit /B 0 + +REM # getcapability -cap 1 -pr 80000000 +REM # getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.sh new file mode 100755 index 000000000000..6af2408d72a1 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testbind.sh @@ -0,0 +1,427 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testbind.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Bind session" +echo "" + +echo "" +echo "Bind session to Primary Key" +echo "" + +echo "Bind session bound to primary key at 80000000" +${PREFIX}startauthsession -se h -bi 80000000 -pwdb sto > run.out +checkSuccess $? + +echo "Create storage key using that bind session, same object 80000000" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out +checkSuccess $? + +echo "Create storage key using that bind session, same object 80000000, wrong password does not matter" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out +checkSuccess $? + +echo "Create second primary key with different password 000 and Name" +${PREFIX}createprimary -hi o -pwdk 000 > run.out +checkSuccess $? + +echo "Bind session bound to second primary key at 80000001, correct password" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb 000 > run.out +checkSuccess $? + +echo "Create storage key using that bind session, different object 80000000" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out +checkSuccess $? + +echo "Create storage key using that bind session, different object 80000000, wrong password - should fail" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out +checkFailure $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Bind session bound to primary key at 80000000, wrong password" +${PREFIX}startauthsession -se h -bi 80000000 -pwdb xxx > run.out +checkSuccess $? + +echo "Create storage key using that bind session, same object 80000000 - should fail" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out +checkFailure $? + +echo "Flush the failing session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the second primary key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Bind session to Hierarchy" +echo "" + +echo "Change platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Bind session bound to platform hierarchy" +${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out +checkSuccess $? + +echo "Create storage key using that bind session, wrong password - should fail" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out +checkFailure $? + +echo "Create storage key using that bind session" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out +checkSuccess $? + +echo "Bind session bound to platform hierarchy, wrong password" +${PREFIX}startauthsession -se h -bi 4000000c -pwdb xxx > run.out +checkSuccess $? + +echo "Create storage key using that bind session - should fail" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out +checkFailure $? + +echo "Change platform hierarchy auth back to null" +${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Bind session to NV" +echo "" + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + +echo "NV Define Space" +${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out +checkSuccess $? + +echo "NV Read Public, unwritten Name" +${PREFIX}nvreadpublic -ha 01000000 > run.out +checkSuccess $? + +echo "Bind session bound to unwritten NV index at 01000000" +${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out +checkSuccess $? + +echo "NV write HMAC using bind session to set written" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out +checkSuccess $? + +echo "Bind session bound to written NV index at 01000000" +${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out +checkSuccess $? + +echo "NV Write HMAC using bind session" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1 > run.out +checkSuccess $? + +echo "NV Read HMAC using bind session" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1 > run.out +checkSuccess $? + +echo "NV Read HMAC using bind session, wrong password does not matter" +${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1 > run.out +checkSuccess $? + +echo "Create storage key using that bind session" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out +checkSuccess $? + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkSuccess $? + +echo "" +echo "Encrypt with bind to same object" +echo "" + +for MODE0 in xor aes + +do + + echo "Start an HMAC auth session with $MODE0 encryption and bind to primary key at 80000000" + ${PREFIX}startauthsession -se h -sym $MODE0 -bi 80000000 -pwdb sto > run.out + checkSuccess $? + + echo "Create storage key using bind session, same object, wrong password" + ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + checkSuccess $? + + echo "Create storage key using bind session, same object 80000000" + ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + checkSuccess $? + + echo "Load the key, with $MODE0 encryption" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out + checkSuccess $? + + echo "Flush the sealed object" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the $MODE0 session" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + +done + +echo "" +echo "Encrypt with bind to different object" +echo "" + +for MODE0 in xor aes + +do + + echo "Start an HMAC auth session with $MODE0 encryption and bind to platform auth" + ${PREFIX}startauthsession -se h -sym $MODE0 -bi 4000000c > run.out + checkSuccess $? + + echo "Create storage key using bind session, different object, wrong password, should fail" + ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + checkFailure $? + + echo "Create storage key using bind session, different object" + ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out + checkSuccess $? + + echo "Load the key, with $MODE0 encryption" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out + checkSuccess $? + + echo "Flush the sealed object" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the $MODE0 session" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + +done + +echo "" +echo "PolicyAuthValue and bind to different object, command encryption" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session, bind to primary key" +${PREFIX}startauthsession -se p -bi 80000000 -pwdb sto > run.out +checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy, command encrypt" +${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "PolicyAuthValue and bind to same object, command encryption" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy, command encrypt" +${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "PolicyAuthValue and bind to different object, response encryption" +echo "" + +#intermediate policy digest length 32 +# 54 a0 de 17 1d 03 c6 9b 17 b3 61 22 33 a5 e8 b2 +# d8 ee e0 87 f9 c6 ea 85 8c 9c 2e 51 05 52 8b 14 +# policy +# 4b 50 04 f7 3f 2e f8 c0 96 c9 18 d0 bc 18 0e 6b +# 49 0c 8a ed 14 bb 8f 86 fc 5a 54 ef 0c d3 90 44 + +echo "Create a storage key under the primary key - policy command code - create, auth" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session, bind to primary key" +${PREFIX}startauthsession -se p -bi 80000000 -pwdb sto > run.out +checkSuccess $? + +echo "Policy command code - create" +${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Create a signing key with response encryption" +${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out +checkSuccess $? + +echo "Load the signing key to verify response encryption" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "PolicyAuthValue and bind to same object, response encryption" +echo "" + +echo "Create a storage key under the primary key - policy command code - create, auth" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session, bind to storage key" +${PREFIX}startauthsession -se p -bi 80000001 -pwdb sto > run.out +checkSuccess $? + +echo "Policy command code - create" +${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Create a signing key with response encryption" +${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out +checkSuccess $? + +echo "Load the signing key to verify response encryption" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.bat new file mode 100644 index 000000000000..9bff8418c873 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.bat @@ -0,0 +1,179 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Object Change Auth" +echo "" + +for %%B in ("" "-bi 80000001 -pwdb sig") do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Load the signing key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start an HMAC session %%~B" + %TPM_EXE_PATH%startauthsession -se h %%~B > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Object change auth, change password to xxx %%~S" + %TPM_EXE_PATH%objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key with the changed auth %%~S" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu signrsa2048pub.bin -pwdp sto %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest with the original key %%~S" + %TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest with the changed key" + %TPM_EXE_PATH%sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the auth session" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "" +echo "Object Change Auth with password from file" +echo "" + +echo "Load the decryption key under the primary key 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr derrsa2048priv.bin -ipu derrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Generate a random password" +%TPM_EXE_PATH%getrandom -by 16 -ns -nz -of tmppwd.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Object change auth, change password" +%TPM_EXE_PATH%objectchangeauth -hp 80000000 -ho 80000001 -pwdo dec -ipwdn tmppwd.bin -opr tmppriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the decryption key with the changed auth 800000002" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr tmppriv.bin -ipu derrsa2048pub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Encrypt the message" +%TPM_EXE_PATH%rsaencrypt -hk 80000002 -id policies/aaa -oe tmpenc.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Decrypt the message" +%TPM_EXE_PATH%rsadecrypt -hk 80000002 -ipwdk tmppwd.bin -ie tmpenc.bin -od tmpdec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Compare the result" +tail --bytes=3 tmpdec.bin > tmp.bin +diff policies/aaa tmp.bin +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the keypair 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the keypair 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM cleanup + +rm tmppwd.bin +rm tmpenc.bin +rm tmpdec.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 + +REM flushcontext -ha 80000001 +REM flushcontext -ha 80000002 +REM flushcontext -ha 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.sh new file mode 100755 index 000000000000..303b3189333b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeauth.sh @@ -0,0 +1,144 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Object Change Auth" +echo "" + +for BIND in "" "-bi 80000001 -pwdb sig" +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Load the signing key under the primary key" + ${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start an HMAC session ${BIND}" + ${PREFIX}startauthsession -se h ${BIND} > run.out + checkSuccess $? + + echo "Object change auth, change password to xxx ${SESS}" + ${PREFIX}objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin ${SESS} > run.out + checkSuccess $? + + echo "Load the signing key with the changed auth ${SESS}" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu signrsa2048pub.bin -pwdp sto ${SESS} > run.out + checkSuccess $? + + echo "Sign a digest with the original key ${SESS}" + ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig ${SESS} > run.out + checkSuccess $? + + echo "Sign a digest with the changed key" + ${PREFIX}sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out + checkSuccess $? + + echo "Flush the key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the auth session" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + + done +done + +echo "" +echo "Object Change Auth with password from file" +echo "" + +echo "Load the decryption key under the primary key 80000001" +${PREFIX}load -hp 80000000 -ipr derrsa2048priv.bin -ipu derrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Generate a random password" +RANDOM_PASSWORD=`${PREFIX}getrandom -by 16 -ns -nz -of tmppwd.bin` +echo " INFO: Random password ${RANDOM_PASSWORD}" + +echo "Object change auth, change password to ${RANDOM_PASSWORD}" +${PREFIX}objectchangeauth -hp 80000000 -ho 80000001 -pwdo dec -ipwdn tmppwd.bin -opr tmppriv.bin > run.out +checkSuccess $? + +echo "Load the decryption key with the changed auth 800000002" +${PREFIX}load -hp 80000000 -pwdp sto -ipr tmppriv.bin -ipu derrsa2048pub.bin > run.out +checkSuccess $? + +echo "Encrypt the message" +${PREFIX}rsaencrypt -hk 80000002 -id policies/aaa -oe tmpenc.bin > run.out +checkSuccess $? + +echo "Decrypt the message" +${PREFIX}rsadecrypt -hk 80000002 -ipwdk tmppwd.bin -ie tmpenc.bin -od tmpdec.bin > run.out +checkSuccess $? + +echo "Compare the result" +tail -c 3 tmpdec.bin > tmp.bin +diff policies/aaa tmp.bin +checkSuccess $? + +echo "Flush the keypair 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the keypair 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +# cleanup + +rm -f tmppwd.bin +rm -f tmpenc.bin +rm -f tmpdec.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 + +# ${PREFIX}flushcontext -ha 80000001 +# ${PREFIX}flushcontext -ha 80000002 +# ${PREFIX}flushcontext -ha 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.bat new file mode 100644 index 000000000000..22d5e79bf95c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.bat @@ -0,0 +1,208 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testchangeseed.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015-2018 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Change PPS" +echo "" + +echo "Flush the primary key" +%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change STO, no password" +%TPM_EXE_PATH%changepps > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change PPS, bad password" +%TPM_EXE_PATH%changepps > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Change PPS, good password" +%TPM_EXE_PATH%changepps -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key - platform hierarchy" +%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change PPS - flushes primary key" +%TPM_EXE_PATH%changepps > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the flushed primary key, should fail" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a different primary key - new PPS" +%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the new primary key, should fail" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 + +echo "" +echo "Change EPS" +echo "" + +echo "Flush the primary key" +%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change EPS, no password" +%TPM_EXE_PATH%changeeps > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key - endorsement hierarchy" +%TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change EPS, no password" +%TPM_EXE_PATH%changeeps > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the flushed primary key, should fail" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a different primary key - new EPS" +%TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the new primary key, should fail" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a storage key under the new primary key" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the new primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.sh new file mode 100755 index 000000000000..22ec2dcce5fe --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testchangeseed.sh @@ -0,0 +1,157 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testchangeseed.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Change PPS" +echo "" + +echo "Flush the primary key" +${PREFIX}flushcontext -ha 80000000 > run.out +checkSuccess $? + +echo "Change PPS, no password" +${PREFIX}changepps > run.out +checkSuccess $? + +echo "Set platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Change PPS, bad password" +${PREFIX}changepps > run.out +checkFailure $? + +echo "Change PPS, good password" +${PREFIX}changepps -pwda ppp > run.out +checkSuccess $? + +echo "Clear platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Create a primary key - platform hierarchy" +${PREFIX}createprimary -hi p -pwdk 111 > run.out +checkSuccess $? + +echo "Create a storage key under the primary key" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkSuccess $? + +echo "Change PPS - flushes primary key" +${PREFIX}changepps > run.out +checkSuccess $? + +echo "Load the storage key under the flushed primary key, should fail" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkFailure $? + +echo "Create a different primary key - new PPS" +${PREFIX}createprimary -hi p -pwdk 111 > run.out +checkSuccess $? + +echo "Load the storage key under the new primary key, should fail" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkFailure $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 + +echo "" +echo "Change EPS" +echo "" + +echo "Flush the primary key" +${PREFIX}flushcontext -ha 80000000 > run.out +checkSuccess $? + +echo "Change EPS, no password" +${PREFIX}changeeps > run.out +checkSuccess $? + +echo "Create a primary key - endorsement hierarchy" +${PREFIX}createprimary -hi e -pwdk 111 > run.out +checkSuccess $? + +echo "Create a storage key under the primary key" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkSuccess $? + +echo "Change EPS, no password" +${PREFIX}changeeps > run.out +checkSuccess $? + +echo "Load the storage key under the flushed primary key, should fail" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkFailure $? + +echo "Create a different primary key - new EPS" +${PREFIX}createprimary -hi e -pwdk 111 > run.out +checkSuccess $? + +echo "Load the storage key under the new primary key, should fail" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkFailure $? + +echo "Create a storage key under the new primary key" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out +checkSuccess $? + +echo "Load the storage key under the new primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.bat new file mode 100644 index 000000000000..b9aa750fbe0b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.bat @@ -0,0 +1,104 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testclocks.bat 1292 2018-08-01 17:27:24Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2018 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Clocks" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Read Clock" + %TPM_EXE_PATH%readclock -oclock tmpclk.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Clock set, time 0 %%~S - should fail" + %TPM_EXE_PATH%clockset -iclock tmpclk.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Clock set, time plus 20 sec %%~S" + %TPM_EXE_PATH%clockset -iclock tmpclk.bin -addsec 20 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%A in (-3 0 3) do ( + + echo "Clock rate adjust %%A %%~S" + %TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + + for %%A in (-4 4) do ( + + echo "Clock rate adjust %%A %%~S - should fail" + %TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -f tmpclk.bin + +exit /B 0 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.sh new file mode 100755 index 000000000000..4f58a7ec81fa --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testclocks.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testclocks.sh 1115 2017-12-13 23:35:20Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015, 2016 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Clocks" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "Read Clock" + ${PREFIX}readclock -oclock tmpclk.bin > run.out + checkSuccess $? + + echo "Clock set, current time ${SESS} - should fail" + ${PREFIX}clockset -iclock tmpclk.bin ${SESS} > run.out + checkFailure $? + + echo "Clock set, time plus 20 sec ${SESS}" + ${PREFIX}clockset -iclock tmpclk.bin -addsec 20 ${SESS} > run.out + checkSuccess $? + + for ADJ in -3 0 3 + do + + echo "Clock rate adjust ${ADJ} ${SESS}" + ${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out + checkSuccess $? + + done + + for ADJ in -4 4 + do + + echo "Clock rate adjust ${ADJ} ${SESS} - should fail" + ${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out + checkFailure $? + + done + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +rm -f tmpclk.bin diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.bat new file mode 100644 index 000000000000..8b672b6d9722 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.bat @@ -0,0 +1,237 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Basic Context" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save context for the key" +%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign to verify that the original key is not flushed" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the original key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign with original key - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Load context" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign with the loaded context" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save context for the session" +%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign with the saved session context - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Load context for the session" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign with the saved session context" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the loaded context" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Context Public Key for Salt" +echo "" + +echo "Load the storage key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save context for the storage key at 80000001" +%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load context at 80000002" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the original key at 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session at 02000000 using the storage key 80000002 salt" +%TPM_EXE_PATH%startauthsession -se h -hs 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key at 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the salt key at 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Context Primary Key" +echo "" + +echo "Save context for the primary key at 80000000" +%TPM_EXE_PATH%contextsave -ha 80000000 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load context primary key at 80000001" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key at 80000002 under the primary key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key at 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key at 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.sh new file mode 100755 index 000000000000..f640d77d0207 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcontext.sh @@ -0,0 +1,182 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Context" +echo "" + +echo "" +echo "Basic Context" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto -se0 02000000 1 > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out +checkSuccess $? + +echo "Save context for the key" +${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out +checkSuccess $? + +echo "Sign to verify that the original key is not flushed" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkSuccess $? + +echo "Flush the original key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Sign with original key - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkFailure $? + +echo "Load context" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Sign with the loaded context" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkSuccess $? + +echo "Save context for the session" +${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out +checkSuccess $? + +echo "Sign with the saved session context - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkFailure $? + +echo "Load context for the session" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Sign with the saved session context" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out +checkSuccess $? + +echo "Flush the loaded context" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Context Public Key for Salt" +echo "" + +echo "Load the storage key at 80000001" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Save context for the storage key at 80000001" +${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out +checkSuccess $? + +echo "Load context at 80000002" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Flush the original key at 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Start an HMAC auth session at 02000000 using the storage key 80000002 salt" +${PREFIX}startauthsession -se h -hs 80000002 > run.out +checkSuccess $? + +echo "Load the signing key under the primary key at 80000001" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 0 > run.out +checkSuccess $? + +echo "Flush the signing key at 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the salt key at 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "" +echo "Context Primary Key" +echo "" + +echo "Save context for the primary key at 80000000" +${PREFIX}contextsave -ha 80000000 -of tmp.bin > run.out +checkSuccess $? + +echo "Load context primary key at 80000001" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Load the signing key at 80000002 under the primary key at 80000001" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the signing key at 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary key at 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + + + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.bat new file mode 100644 index 000000000000..b03400a9fbbf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.bat @@ -0,0 +1,299 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2019 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "CreateLoaded" +echo "" + +echo "" +echo "CreateLoaded Primary Key, Hierarchy Parent" +echo "" + +for %%H in ("40000001" "4000000c" "4000000b") do ( + + echo "CreateLoaded primary key, parent %%~H" + %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a storage key under the primary key" + %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the storage key under the primary key" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the storage key under the primary key - should fail" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "CreateLoaded recreate owner primary key" + %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the storage key under the primary key" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "CreateLoaded Child Key, Primary Parent" +echo "" + +echo "CreateLoaded child storage key at 80000001, parent 80000000" +%TPM_EXE_PATH%createloaded -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk ppp -opu tmpppub.bin -opr tmpppriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key under the child storage key 80000001" +%TPM_EXE_PATH%create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key at 80000002 under the child storage key 80000001" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the child storage key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the child signing key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reload the createloaded child storage key at 80000001, parent 80000000" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reload the child signing key at 80000002 under the child storage key 80000001" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the child storage key 80000002 " +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the child signing key 80000001 " +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "CreateLoaded Primary Derived Key, Hierarchy Parent" +echo "" + +for %%H in ("e" "o" "p") do ( + + echo "Create a primary %%~H derivation parent 80000001" + %TPM_EXE_PATH%createprimary -hi %%~H -dp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a derived key 80000002" + %TPM_EXE_PATH%createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the derived key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a derived key 80000002" + %TPM_EXE_PATH%createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub1.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the derived key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify that the two derived keys are the same" + diff tmppub.bin tmppub1.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the derivation parent" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "CreateLoaded Child Derived Key, Primary Parent" +echo "" + +echo "Create a derivation parent under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp sto -pwdk dp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the derivation parent to 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create an EC signing key under the derivation parent key" +%TPM_EXE_PATH%createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -opem tmppub.pem -pwdp dp -ecc nistp256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -salg ecc -if policies/aaa -os sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the ECC signature using the TPM" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -ecc -if policies/aaa -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature using PEM" +%TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg sha256 -if policies/aaa -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create another EC signing key 80000002 under the derivation parent key" +%TPM_EXE_PATH%createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv1.bin -opu tmppub1.bin -opem tmppub1.pem -pwdp dp -ecc nistp256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify that the two derived keys are the same" +diff tmppub.bin tmppub1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the derivation parent" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -f tmpdppriv.bin +rm -f tmpdppub.bin +rm -f tmpppriv.bin +rm -f tmpppub.bin +rm -f tmppub.pem +rm -f tmppriv1.bin +rm -f tmppub1.bin +rm -f tmppub1.pem diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.sh new file mode 100755 index 000000000000..99d3753d358a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcreateloaded.sh @@ -0,0 +1,231 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "CreateLoaded" +echo "" + +echo "" +echo "CreateLoaded Primary Key, Hierarchy Parent" +echo "" + +for HIER in "40000001" "4000000c" "4000000b" +do + + echo "CreateLoaded primary key, parent ${HIER}" + ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out + checkSuccess $? + + echo "Create a storage key under the primary key" + ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out + checkSuccess $? + + echo "Load the storage key under the primary key" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the primary storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Load the storage key under the primary key - should fail" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + checkFailure $? + + echo "CreateLoaded recreate owner primary key" + ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out + checkSuccess $? + + echo "Load the storage key under the primary key" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the primary storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "CreateLoaded Child Key, Primary Parent" +echo "" + +echo "CreateLoaded child storage key at 80000001, parent 80000000" +${PREFIX}createloaded -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk ppp -opu tmpppub.bin -opr tmpppriv.bin > run.out +checkSuccess $? + +echo "Create a signing key under the child storage key 80000001" +${PREFIX}create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out +checkSuccess $? + +echo "Load the signing key at 80000002 under the child storage key 80000001" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out +checkSuccess $? + +echo "Flush the child storage key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the child signing key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Reload the createloaded child storage key at 80000001, parent 80000000" +${PREFIX}load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Reload the child signing key at 80000002 under the child storage key 80000001" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out +checkSuccess $? + +echo "Flush the child storage key 80000002 " +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the child signing key 80000001 " +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "CreateLoaded Primary Derived Key, Hierarchy Parent" +echo "" + +for HIER in "e" "o" "p" +do + + echo "Create a primary ${HIER} derivation parent 80000001" + ${PREFIX}createprimary -hi ${HIER} -dp > run.out + checkSuccess $? + + echo "Create a derived key 80000002" + ${PREFIX}createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub.bin > run.out + checkSuccess $? + + echo "Flush the derived key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Create a derived key 80000002" + ${PREFIX}createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub1.bin > run.out + checkSuccess $? + + echo "Flush the derived key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Verify that the two derived keys are the same" + diff tmppub.bin tmppub1.bin > run.out + checkSuccess $? + + echo "Flush the derivation parent" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "CreateLoaded Child Derived Key, Primary Parent" +echo "" + +echo "Create a derivation parent under the primary key" +${PREFIX}create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp sto -pwdk dp > run.out +checkSuccess $? + +echo "Load the derivation parent to 80000001" +${PREFIX}load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Create an EC signing key 80000002 under the derivation parent key" +${PREFIX}createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -opem tmppub.pem -pwdp dp -ecc nistp256 > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -halg sha256 -salg ecc -if policies/aaa -os sig.bin > run.out +checkSuccess $? + +echo "Verify the ECC signature using the TPM" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -ecc -if policies/aaa -is sig.bin > run.out +checkSuccess $? + +echo "Verify the signature using PEM" +${PREFIX}verifysignature -ipem tmppub.pem -halg sha256 -if policies/aaa -is sig.bin > run.out +checkSuccess $? + +echo "Flush the signing key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Create another EC signing key 80000002 under the derivation parent key" +${PREFIX}createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv1.bin -opu tmppub1.bin -opem tmppub1.pem -pwdp dp -ecc nistp256 > run.out +checkSuccess $? + +echo "Verify that the two derived keys are the same" +diff tmppub.bin tmppub1.bin > run.out +checkSuccess $? + +echo "Flush the signing key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the derivation parent" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +rm -f tmpppriv.bin +rm -f tmpppub.bin +rm -f tmpppub1.bin +rm -f tmpppub.pem +rm -f tmppub.pem +rm -f tmppub1.pem +rm -f tmppriv.bin +rm -f tmppriv1.bin +rm -f tmppub1.bin +rm -f tmpdppriv.bin +rm -f tmpdppub.bin diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.bat new file mode 100644 index 000000000000..c65e9659aa14 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.bat @@ -0,0 +1,504 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# +REM +REM # primary key 80000000 +REM # storage key 80000001 +REM # signing key 80000002test +REM # policy session 03000000 +REM # e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 +REM # c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a + +setlocal enableDelayedExpansion + +echo "" +echo "Credential" +echo "" + +echo "Use a random number as the credential input" +%TPM_EXE_PATH%getrandom -by 32 -of tmpcredin.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key under the primary key, 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a restricted signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk sig -pol policies/policyccactivate.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key, 80000002" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Encrypt the credential using makecredential" +%TPM_EXE_PATH%makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - activatecredential" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000147 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Activate credential" +%TPM_EXE_PATH%activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Check the decrypted result" +diff tmpcredin.bin tmpcreddec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "EK Certificate" +echo "" + +echo "Set platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%A in (rsa ecc) do ( + + echo "Create an %%A EK certificate" + %TPM_EXE_PATH%createekcert -alg %%A -cakey cakey.pem -capwd rrrr -pwdp ppp -of tmp.der > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the %%A EK certificate" + %TPM_EXE_PATH%createek -alg %%A -ce > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the %%A template - should fail" + %TPM_EXE_PATH%createek -alg %%A -te > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Read the %%A nonce - should fail" + %TPM_EXE_PATH%createek -alg %%A -no > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "CreatePrimary and validate the %%A EK against the EK certificate" + %TPM_EXE_PATH%createek -alg %%A -cp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Validate the %%A EK certificate against the root" + %TPM_EXE_PATH%createek -alg %%A -root certificates/rootcerts.windows.txt > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Clear platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "EK Policies using optional policy in NV" +echo "" + +REM # Section B.8.2 Computing PolicyA - the standard IWG PolicySecret with endorsement auth +REM # policyiwgek.txt +REM # 000001514000000B +REM # (blank line for policyRef) +REM # +REM # policymaker -if policies/policyiwgek.txt -ns -halg sha256 -of policies/policyiwgeksha256.bin +REM # policymaker -if policies/policyiwgek.txt -ns -halg sha384 -of policies/policyiwgeksha384.bin +REM # policymaker -if policies/policyiwgek.txt -ns -halg sha512 -of policies/policyiwgeksha512.bin +REM +REM # 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa +REM # 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53 +REM # 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee +REM +REM # Section B.8.3 Computing Policy Index Names - attributes 220F1008 +REM +REM # For test, put PolicySecret + platform auth in NV Index. This is NOT the IWG standard, just for test. +REM +REM # for prepending the hash algorithm identifier to make the TPMT_HA structure +REM # printf "%b" '\x00\x0b' > policies/sha256.bin +REM # printf "%b" '\x00\x0c' > policies/sha384.bin +REM # printf "%b" '\x00\x0d' > policies/sha512.bin +REM +REM # policymaker -if policies/policysecretp.txt -halg sha256 -pr -of policies/policysecretpsha256.bin -pr +REM # policymaker -if policies/policysecretp.txt -halg sha384 -pr -of policies/policysecretpsha384.bin -pr +REM # policymaker -if policies/policysecretp.txt -halg sha512 -pr -of policies/policysecretpsha512.bin -pr +REM +REM # prepend the algorithm identifiers +REM # cat policies/sha256.bin policies/policysecretpsha256.bin >! policies/policysecretpsha256ha.bin +REM # cat policies/sha384.bin policies/policysecretpsha384.bin >! policies/policysecretpsha384ha.bin +REM # cat policies/sha512.bin policies/policysecretpsha512.bin >! policies/policysecretpsha512ha.bin +REM +REM # NV Index Name calculation +REM + +set HALG=sha256 sha384 sha512 +set IDX=01c07f01 01c07f02 01c07f03 +set SIZ=34 50 66 +REM # algorithms from Algorithm Registry +set HBIN=000b 000c 000d +REM # Name from Table 14: Policy Index Names +set NVNAME=000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f 000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c 000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560 +) + +set j=0 +for %%h in (!HALG!) do set /A j+=1 & set HALG[!j!]=%%h +set j=0 +for %%i in (!IDX!) do set /A j+=1 & set IDX[!j!]=%%i +set j=0 +for %%z in (!SIZ!) do set /A j+=1 & set SIZ[!j!]=%%z +set j=0 +for %%b in (!HBIN!) do set /A j+=1 & set HBIN[!j!]=%%b +set j=0 +for %%n in (!NVNAME!) do set /A j+=1 & set NVNAME[!j!]=%%n +set L=!j! + +for /L %%j in (1,1,!L!) do ( + + echo "Undefine optional !HALG[%%j]! NV index !IDX[%%j]!" + %TPM_EXE_PATH%nvundefinespace -ha !IDX[%%j]! -hi o > run.out + + echo "Define optional !HALG[%%j]! NV index !IDX[%%j]! size !SIZ[%%j]! with PolicySecret for TPM_RH_ENDORSEMENT" + %TPM_EXE_PATH%nvdefinespace -ha !IDX[%%j]! -nalg !HALG[%%j]! -hi o -pol policies/policyiwgek!HALG[%%j]!.bin -sz !SIZ[%%j]! +at wa +at or +at ppr +at ar -at aw > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a !HALG[%%j]! policy session" + %TPM_EXE_PATH%startauthsession -se p -halg !HALG[%%j]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Satisfy the policy" + %TPM_EXE_PATH%policysecret -hs 03000000 -ha 4000000B > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Write the !HALG[%%j]! index !IDX[%%j]! to set the written bit before reading the Name" + %TPM_EXE_PATH%nvwrite -ha !IDX[%%j]! -if policies/policysecretp!HALG[%%j]!ha.bin -se0 03000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the !HALG[%%j]! Name" + %TPM_EXE_PATH%nvreadpublic -ha !IDX[%%j]! -ns > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the !HALG[%%j]! !HBIN[%%j]! Name" + grep !HBIN[%%j]! run.out > tmp.txt + grep -v nvreadpublic tmp.txt > tmpactual.txt + echo !NVNAME[%%j]! > tmpexpect.txt + diff -w tmpactual.txt tmpexpect.txt > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +REM # B.8.4 Computing PolicyC - TPM_CC_PolicyAuthorizeNV || nvIndex->Name) +REM +REM # policyiwgekcsha256.txt +REM # 00000192000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f +REM +REM # policyiwgekcsha384.txt +REM # 00000192000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c +REM +REM # policyiwgekcsha512.txt +REM # 00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560 +REM +REM # policymaker -if policies/policyiwgekcsha256.txt -ns -halg sha256 -pr -of policies/policyiwgekcsha256.bin +REM # 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde +REM +REM # policymaker -if policies/policyiwgekcsha384.txt -ns -halg sha384 -pr -of policies/policyiwgekcsha384.bin +REM # d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165 +REM +REM # policymaker -if policies/policyiwgekcsha512.txt -ns -halg sha512 -pr -of policies/policyiwgekcsha512.bin +REM # 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8 +REM +REM # B.8.5 Computing PolicyB - TPM_CC_PolicyOR || digests +REM +REM # policyiwgekbsha256.txt +REM # 00000171 +REM # 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa +REM # 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde +REM # policymaker -if policies/policyiwgekbsha256.txt -halg sha256 -pr -of policies/policyiwgekbsha256.bin +REM # ca 3d 0a 99 a2 b9 39 06 f7 a3 34 24 14 ef cf b3 +REM # a3 85 d4 4c d1 fd 45 90 89 d1 9b 50 71 c0 b7 a0 +REM +REM # policyiwgekbsha384.txt +REM # 00000171 +REM # 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53 +REM # d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165 +REM # policymaker -if policies/policyiwgekbsha384.txt -halg sha384 -pr -of policies/policyiwgekbsha384.bin +REM # b2 6e 7d 28 d1 1a 50 bc 53 d8 82 bc f5 fd 3a 1a +REM # 07 41 48 bb 35 d3 b4 e4 cb 1c 0a d9 bd e4 19 ca +REM # cb 47 ba 09 69 96 46 15 0f 9f c0 00 f3 f8 0e 12 +REM +REM # policyiwgekbsha512.txt +REM # 00000171 +REM # 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee +REM # 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8 +REM # policymaker -if policies/policyiwgekbsha512.txt -halg sha512 -pr -of policies/policyiwgekbsha512.bin +REM # b8 22 1c a6 9e 85 50 a4 91 4d e3 fa a6 a1 8c 07 +REM # 2c c0 12 08 07 3a 92 8d 5d 66 d5 9e f7 9e 49 a4 +REM # 29 c4 1a 6b 26 95 71 d5 7e db 25 fb db 18 38 42 +REM # 56 08 b4 13 cd 61 6a 5f 6d b5 b6 07 1a f9 9b ea + +echo "" +echo "Test the EK policies" +echo "" + +REM # Change endorsement and platform hierarchy passwords for testing + +echo "Change endorsement hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi e -pwdn eee +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change platform hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for /L %%j in (1,1,!L!) do ( + + echo "Create an RSA primary key !HALG[%%j]! 80000001" + %TPM_EXE_PATH%createprimary -si -nalg !HALG[%%j]! -pwdk kkk -pol policies/policyiwgekb!HALG[%%j]!.bin -rsa 2048 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session !HALG[%%j]! 03000000" + %TPM_EXE_PATH%startauthsession -se p -halg !HALG[%%j]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Satisfy Policy A - Policy Secret with PWAP session and endorsement hierarchy auth" + %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde eee > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy OR !HALG[%%j]!" + %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyiwgek!HALG[%%j]!.bin -if policies/policyiwgekc!HALG[%%j]!.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the !HALG[%%j]! session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy A" + %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy restart !HALG[%%j]! 03000000" + %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Satisfy NV Index Policy - Policy Secret with PWAP session and platform hierarchy auth" + %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the !HALG[%%j]! session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Satisfy Policy C - Policy Authorize NV" + %TPM_EXE_PATH%policyauthorizenv -ha !IDX[%%j]! -hs 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the !HALG[%%j]! session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy OR !HALG[%%j]!" + %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyiwgek!HALG[%%j]!.bin -if policies/policyiwgekc!HALG[%%j]!.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get the !HALG[%%j]! session digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy A" + %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the policy session !HALG[%%j]! 03000000" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary key !HALG[%%j]! 80000001" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Cleanup" +echo "" + +echo "Reset endorsement hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi e -pwda eee +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reset platform hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set L=!j! + +for /L %%j in (1,1,!L!) do ( + + echo "Undefine optional !HALG[%%j]! NV index !IDX[%%j]!" + %TPM_EXE_PATH%nvundefinespace -ha !IDX[%%j]! -hi o > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rm run.out +rm sig.bin +rm tmp.der +rm tmpcreddec.bin +rm tmpcredenc.bin +rm tmpcredin.bin +rm tmprpriv.bin +rm tmprpub.bin +rm tmpsecret.bin +rm tmp.txt +rm tmpactual.txt +rm tmpexpect.txt + + +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.sh new file mode 100755 index 000000000000..447e0530a9e0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testcredential.sh @@ -0,0 +1,404 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# primary key 80000000 +# storage key 80000001 +# signing key 80000002 +# policy session 03000000 +# e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 +# c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a + +echo "" +echo "Make and Activate Credential" +echo "" + +echo "Use a random number as the credential input" +${PREFIX}getrandom -by 32 -of tmpcredin.bin > run.out +checkSuccess $? + +echo "Load the storage key under the primary key, 80000001" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Create a restricted signing key under the primary key" +${PREFIX}create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk sig -pol policies/policyccactivate.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key, 80000002" +${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Encrypt the credential using makecredential" +${PREFIX}makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy command code - activatecredential" +${PREFIX}policycommandcode -ha 03000000 -cc 00000147 > run.out +checkSuccess $? + +echo "Activate credential" +${PREFIX}activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Check the decrypted result" +diff tmpcredin.bin tmpcreddec.bin > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "" +echo "EK Certificate" +echo "" + +# The mbedtls port does not support EC certificate creation yet */ + +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + + echo "Set platform hierarchy auth" + ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out + checkSuccess $? + + for ALG in "rsa" "ecc" + do + + echo "Create an ${ALG} EK certificate" + ${PREFIX}createekcert -alg ${ALG} -cakey cakey.pem -capwd rrrr -pwdp ppp -of tmp.der > run.out + checkSuccess $? + + echo "Read the ${ALG} EK certificate" + ${PREFIX}createek -alg ${ALG} -ce > run.out + checkSuccess $? + + echo "Read the ${ALG} template - should fail" + ${PREFIX}createek -alg ${ALG} -te > run.out + checkFailure $? + + echo "Read the ${ALG} nonce - should fail" + ${PREFIX}createek -alg ${ALG} -no > run.out + checkFailure $? + + echo "CreatePrimary and validate the ${ALG} EK against the EK certificate" + ${PREFIX}createek -alg ${ALG} -cp > run.out + checkSuccess $? + + echo "Validate the ${ALG} EK certificate against the root" + ${PREFIX}createek -alg ${ALG} -root certificates/rootcerts.txt > run.out + checkSuccess $? + + done + + echo "Clear platform hierarchy auth" + ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out + checkSuccess $? + +# openssl vs mbedtls +fi + +echo "" +echo "EK Policies using optional policy in NV" +echo "" + +# Section B.8.2 Computing PolicyA - the standard IWG PolicySecret with endorsement auth +# policyiwgek.txt +# 000001514000000B +# (blank line for policyRef) +# +# policymaker -if policies/policyiwgek.txt -ns -halg sha256 -of policies/policyiwgeksha256.bin +# policymaker -if policies/policyiwgek.txt -ns -halg sha384 -of policies/policyiwgeksha384.bin +# policymaker -if policies/policyiwgek.txt -ns -halg sha512 -of policies/policyiwgeksha512.bin + +# 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa +# 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53 +# 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee + +# Section B.8.3 Computing Policy Index Names - attributes 220F1008 + +# For test, put PolicySecret + platform auth in NV Index. This is NOT the IWG standard, just for test. + +# for prepending the hash algorithm identifier to make the TPMT_HA structure +# printf "%b" '\x00\x0b' > policies/sha256.bin +# printf "%b" '\x00\x0c' > policies/sha384.bin +# printf "%b" '\x00\x0d' > policies/sha512.bin + +# policymaker -if policies/policysecretp.txt -halg sha256 -pr -of policies/policysecretpsha256.bin -pr +# policymaker -if policies/policysecretp.txt -halg sha384 -pr -of policies/policysecretpsha384.bin -pr +# policymaker -if policies/policysecretp.txt -halg sha512 -pr -of policies/policysecretpsha512.bin -pr + +# prepend the algorithm identifiers +# cat policies/sha256.bin policies/policysecretpsha256.bin >! policies/policysecretpsha256ha.bin +# cat policies/sha384.bin policies/policysecretpsha384.bin >! policies/policysecretpsha384ha.bin +# cat policies/sha512.bin policies/policysecretpsha512.bin >! policies/policysecretpsha512ha.bin + +# NV Index Name calculation + +HALG=(sha256 sha384 sha512) +IDX=(01c07f01 01c07f02 01c07f03) +SIZ=(34 50 66) +# algorithms from Algorithm Registry +HBIN=(000b 000c 000d) +# Name from Table 14: Policy Index Names +NVNAME=( + 000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f + 000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c + 000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560 +) + +for ((i = 0 ; i < 3; i++)) +do + + echo "Undefine optional ${HALG[i]} NV index ${IDX[i]}" + ${PREFIX}nvundefinespace -ha ${IDX[i]} -hi o > run.out + echo " INFO:" + + echo "Define optional ${HALG[i]} NV index ${IDX[i]} with PolicySecret for TPM_RH_ENDORSEMENT" + ${PREFIX}nvdefinespace -ha ${IDX[i]} -nalg ${HALG[i]} -hi o -pol policies/policyiwgek${HALG[i]}.bin -sz ${SIZ[i]} +at wa +at or +at ppr +at ar -at aw > run.out + checkSuccess $? + + echo "Start a ${HALG[i]} policy session" + ${PREFIX}startauthsession -se p -halg ${HALG[i]} > run.out + checkSuccess $? + + echo "Satisfy the policy" + ${PREFIX}policysecret -hs 03000000 -ha 4000000B > run.out + checkSuccess $? + + echo "Get the session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Write the ${HALG[i]} ${IDX[i]} index to set the written bit before reading the Name" + ${PREFIX}nvwrite -ha ${IDX[i]} -if policies/policysecretp${HALG[i]}ha.bin -se0 03000000 0 > run.out + checkSuccess $? + + echo "Read the ${HALG[i]} Name" + ${PREFIX}nvreadpublic -ha ${IDX[i]} -ns > run.out + checkSuccess $? + + echo "Verify the ${HALG[i]} Name" + ACTUAL=`grep ${HBIN[i]} run.out |grep -v nvreadpublic` + diff <(echo "${ACTUAL}" ) <(echo "${NVNAME[i]}" ) + checkSuccess $? + +done + +# B.8.4 Computing PolicyC - TPM_CC_PolicyAuthorizeNV || nvIndex->Name) + +# policyiwgekcsha256.txt +# 00000192000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f + +# policyiwgekcsha384.txt +# 00000192000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c + +# policyiwgekcsha512.txt +# 00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560 + +# policymaker -if policies/policyiwgekcsha256.txt -ns -halg sha256 -pr -of policies/policyiwgekcsha256.bin +# 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde + +# policymaker -if policies/policyiwgekcsha384.txt -ns -halg sha384 -pr -of policies/policyiwgekcsha384.bin +# d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165 + +# policymaker -if policies/policyiwgekcsha512.txt -ns -halg sha512 -pr -of policies/policyiwgekcsha512.bin +# 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8 + +# B.8.5 Computing PolicyB - TPM_CC_PolicyOR || digests + +# policyiwgekbsha256.txt +# 00000171 +# 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa +# 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde +# policymaker -if policies/policyiwgekbsha256.txt -halg sha256 -pr -of policies/policyiwgekbsha256.bin + # ca 3d 0a 99 a2 b9 39 06 f7 a3 34 24 14 ef cf b3 + # a3 85 d4 4c d1 fd 45 90 89 d1 9b 50 71 c0 b7 a0 + +# policyiwgekbsha384.txt +# 00000171 +# 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53 +# d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165 +# policymaker -if policies/policyiwgekbsha384.txt -halg sha384 -pr -of policies/policyiwgekbsha384.bin + # b2 6e 7d 28 d1 1a 50 bc 53 d8 82 bc f5 fd 3a 1a + # 07 41 48 bb 35 d3 b4 e4 cb 1c 0a d9 bd e4 19 ca + # cb 47 ba 09 69 96 46 15 0f 9f c0 00 f3 f8 0e 12 + +# policyiwgekbsha512.txt +# 00000171 +# 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee +# 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8 +# policymaker -if policies/policyiwgekbsha512.txt -halg sha512 -pr -of policies/policyiwgekbsha512.bin + # b8 22 1c a6 9e 85 50 a4 91 4d e3 fa a6 a1 8c 07 + # 2c c0 12 08 07 3a 92 8d 5d 66 d5 9e f7 9e 49 a4 + # 29 c4 1a 6b 26 95 71 d5 7e db 25 fb db 18 38 42 + # 56 08 b4 13 cd 61 6a 5f 6d b5 b6 07 1a f9 9b ea + +echo "" +echo "Test the EK policies" +echo "" + +# test message to be signed +echo -n "1234567890123456" > msg.bin + +# Change endorsement and platform hierarchy passwords for testing + +echo "Change endorsement hierarchy password" +${PREFIX}hierarchychangeauth -hi e -pwdn eee +checkSuccess $? + +echo "Change platform hierarchy password" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp +checkSuccess $? + +for ((i = 0 ; i < 3; i++)) +do + + echo "Create an RSA primary key ${HALG[i]} 80000001" + ${PREFIX}createprimary -si -nalg ${HALG[i]} -pwdk kkk -pol policies/policyiwgekb${HALG[i]}.bin -rsa 2048 > run.out + checkSuccess $? + + echo "Start a policy session ${HALG[i]} 03000000" + ${PREFIX}startauthsession -se p -halg ${HALG[i]} > run.out + checkSuccess $? + + echo "Satisfy Policy A - Policy Secret with PWAP session and endorsement hierarchy auth" + ${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde eee > run.out + checkSuccess $? + + echo "Get the session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Policy OR ${HALG[i]}" + ${PREFIX}policyor -ha 03000000 -if policies/policyiwgek${HALG[i]}.bin -if policies/policyiwgekc${HALG[i]}.bin > run.out + checkSuccess $? + + echo "Get the ${HALG[i]} session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Sign a digest - policy A" + ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Policy restart ${HALG[i]} 03000000" + ${PREFIX}policyrestart -ha 03000000 > run.out + checkSuccess $? + + echo "Satisfy NV Index Policy - Policy Secret with PWAP session and platform hierarchy auth" + ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out + checkSuccess $? + + echo "Get the ${HALG[i]} session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Satisfy Policy C - Policy Authorize NV" + ${PREFIX}policyauthorizenv -ha ${IDX[i]} -hs 03000000 > run.out + checkSuccess $? + + echo "Get the ${HALG[i]} session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Policy OR ${HALG[i]}" + ${PREFIX}policyor -ha 03000000 -if policies/policyiwgek${HALG[i]}.bin -if policies/policyiwgekc${HALG[i]}.bin > run.out + checkSuccess $? + + echo "Get the ${HALG[i]} session digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Sign a digest - policy A" + ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Flush the policy session ${HALG[i]} 03000000" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + + echo "Flush the primary key ${HALG[i]} 80000001" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "Cleanup" +echo "" + +echo "Reset endorsement hierarchy password" +${PREFIX}hierarchychangeauth -hi e -pwda eee +checkSuccess $? + +echo "Reset platform hierarchy password" +${PREFIX}hierarchychangeauth -hi p -pwda ppp +checkSuccess $? + +for ((i = 0 ; i < 3; i++)) +do + + echo "Undefine optional ${HALG[i]} NV index ${IDX[i]}" + ${PREFIX}nvundefinespace -ha ${IDX[i]} -hi o > run.out + checkSuccess $? + +done + +rm -f run.out +rm -f sig.bin +rm -f tmprpub.bin +rm -f tmprpriv.bin +rm -f tmpcredin.bin +rm -f tmpcredenc.bin +rm -f tmpcreddec.bin +rm -f tmpsecret.bin +rm -f tmp.der + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testda.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testda.bat new file mode 100644 index 000000000000..f991bfe98169 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testda.bat @@ -0,0 +1,203 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testda.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "DA Logic" +echo "" + +echo "Create an signing key with DA protection" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -da > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 0, disables DA" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with bad password - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with good password, no lockout" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 120 sec, enables DA" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 120 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with bad password - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with good password, lockout - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reset DA lock" +%TPM_EXE_PATH%dictionaryattacklockreset > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with good password" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 120 sec, enables DA, max tries 2" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 120 -nmt 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with bad password - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with good password, no lockout yet" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with bad password - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with good password, lockout - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reset DA lock" +%TPM_EXE_PATH%dictionaryattacklockreset > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with good password, no lockout" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 0, disables DA" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Lockout Auth" +echo "" + +echo "Change lockout auth" +%TPM_EXE_PATH%hierarchychangeauth -hi l -pwdn lll > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reset DA lock with good password" +%TPM_EXE_PATH%dictionaryattacklockreset -pwd lll > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 0 with good password" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 -pwd lll > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear lockout auth" +%TPM_EXE_PATH%hierarchychangeauth -hi l -pwda lll > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set DA recovery time to 0" +%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reset DA lock" +%TPM_EXE_PATH%dictionaryattacklockreset > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testda.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testda.sh new file mode 100755 index 000000000000..7cfa9a3b77b9 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testda.sh @@ -0,0 +1,152 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testda.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "DA Logic" +echo "" + +echo "Create an signing key with DA protection" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -da > run.out +checkSuccess $? + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Set DA recovery time to 0, disables DA" +${PREFIX}dictionaryattackparameters -nrt 0 > run.out +checkSuccess $? + +echo "Sign a digest with bad password - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +checkFailure $? + +echo "Sign a digest with good password, no lockout" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Set DA recovery time to 120 sec, enables DA" +${PREFIX}dictionaryattackparameters -nrt 120 > run.out +checkSuccess $? + +echo "Sign a digest with bad password - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +checkFailure $? + +echo "Sign a digest with good password, lockout - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Reset DA lock" +${PREFIX}dictionaryattacklockreset > run.out +checkSuccess $? + +echo "Sign a digest with good password" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Set DA recovery time to 120 sec, enables DA, max tries 2" +${PREFIX}dictionaryattackparameters -nrt 120 -nmt 2 > run.out +checkSuccess $? + +echo "Sign a digest with bad password - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +checkFailure $? + +echo "Sign a digest with good password, no lockout yet" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Sign a digest with bad password - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out +checkFailure $? + +echo "Sign a digest with good password, lockout - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Reset DA lock" +${PREFIX}dictionaryattacklockreset > run.out +checkSuccess $? + +echo "Sign a digest with good password, no lockout" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Set DA recovery time to 0, disables DA" +${PREFIX}dictionaryattackparameters -nrt 0 > run.out +checkSuccess $? + +echo "" +echo "Lockout Auth" +echo "" + +echo "Change lockout auth" +${PREFIX}hierarchychangeauth -hi l -pwdn lll > run.out +checkSuccess $? + +echo "Reset DA lock with good password" +${PREFIX}dictionaryattacklockreset -pwd lll > run.out +checkSuccess $? + +echo "Set DA recovery time to 0 with good password" +${PREFIX}dictionaryattackparameters -nrt 0 -pwd lll > run.out +checkSuccess $? + +echo "Clear lockout auth" +${PREFIX}hierarchychangeauth -hi l -pwda lll > run.out +checkSuccess $? + +echo "Set DA recovery time to 0" +${PREFIX}dictionaryattackparameters -nrt 0 > run.out +checkSuccess $? + +echo "Reset DA lock" +${PREFIX}dictionaryattacklockreset > run.out +checkSuccess $? + +echo "Flush signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.bat new file mode 100644 index 000000000000..a748bc497f44 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.bat @@ -0,0 +1,786 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +REM 80000001 K1 storage key +REM 80000002 K2 signing key to be duplicated +REM 80000002 K2 duplicated +REM 03000000 policy session + +REM policy +REM be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 +REM 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 + +REM used for the name in rewrap + +echo "" +echo "Duplication" +echo "" + +echo "" +echo "Duplicate Child Key" +echo "" + +REM # primary key 80000000 +REM # target storage key K1 80000001 +REM # originally under primary key +REM # duplicate to K1 +REM # import to K1 +REM # signing key K2 80000002 + +set SALG=rsa ecc +set SKEY=rsa2048 ecc + +set i=0 +for %%a in (!SALG!) do set /A i+=1 & set SALG[!i!]=%%a +set i=0 +for %%b in (!SKEY!) do set /A i+=1 & set SKEY[!i!]=%%b +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + for %%E in ("" "-salg aes -ik tmprnd.bin") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a signing key K2 under the primary key, with policy" + %TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the !SALG[%%i]! storage key K1" + %TPM_EXE_PATH%load -hp 80000000 -ipr store!SKEY[%%i]!priv.bin -ipu store!SKEY[%%i]!pub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key K2" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest, %%H" + %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature, %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code, duplicate" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get policy digest" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get random AES encryption key" + %TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Duplicate K2 under !SALG[%%i]! K1, %%~E" + %TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin %%~E -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the original K2 to free object slot for import" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Import K2 under !SALG[%%i]! K1, %%~E" + %TPM_EXE_PATH%import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin %%~E -opr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign under K2, %%H - should fail" + %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Load the duplicated signing key K2" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign using duplicated K2, %%H" + %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature, %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the duplicated K2" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the parent K1" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + ) +) + +echo "" +echo "Duplicate Primary Key" +echo "" + +echo "Create a platform primary signing key K2 80000001" +%TPM_EXE_PATH%createprimary -hi p -si -kt nf -kt np -pol policies/policyccduplicate.bin -opu tmppub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code, duplicate" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Duplicate K2 under storage key" +%TPM_EXE_PATH%duplicate -ho 80000001 -hp 80000000 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Import K2 under storage key" +%TPM_EXE_PATH%import -hp 80000000 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the duplicated signing key K2 80000002" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key 8000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the duplicated key 80000002 " +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session 03000000 " +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Import PEM RSA signing key under RSA and ECC storage key" +echo "" + +echo "generate the signing key with openssl" +openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 + +echo "load the ECC storage key" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr storeeccpriv.bin -ipu storeeccpub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + for %%H in (%ITERATE_ALGS%) do ( + for %%P in (80000000 80000001) do ( + + echo "Import the signing key under the parent key %%P %%H" + %TPM_EXE_PATH%importpem -hp %%P -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the TPM signing key" + %TPM_EXE_PATH%load -hp %%P -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign the message %%H %%~S" + %TPM_EXE_PATH%sign -hk 80000002 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + ) +) + +echo "" +echo "Import PEM EC signing key under RSA and ECC storage key" +echo "" + +echo "generate the signing key with openssl" +openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem + +for %%S in ("" "-se0 02000000 1") do ( + for %%H in (%ITERATE_ALGS%) do ( + for %%P in (80000000 80000001) do ( + + echo "Import the signing key under the parent key %%P %%H" + %TPM_EXE_PATH%importpem -hp %%P -pwdp sto -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the TPM signing key" + %TPM_EXE_PATH%load -hp %%P -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign the message %%H %%~S" + %TPM_EXE_PATH%sign -hk 80000002 -salg ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1test + ) + + echo "Verify the signature %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -ecc -if policies/aaa -is tmpsig.bin -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + ) +) + +echo "Flush the ECC storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Rewrap" +echo "" + +REM duplicate object O1 to K1 (the outer wrapper, knows inner wrapper) +REM rewrap O1 from K1 to K2 (does not know inner wrapper) +REM import O1 to K2 (knows inner wrapper) + +REM 03000000 policy session for duplicate + +REM at TPM 1, duplicate object to K1 outer wrapper, AES wrapper + +echo "Create a storage key K2" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp sto -pwdk k2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the storage key K1 80000001 public key " +%TPM_EXE_PATH%loadexternal -hi p -ipu storersa2048pub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key O1 with policy" +%TPM_EXE_PATH%create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key O1 80000002 under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save the signing key O1 name" +cp h80000002.bin tmpo1name.bin + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code, duplicate" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get random AES encryption key" +%TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper" +%TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush signing key O1 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush storage key K1 80000001 public key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM at TPM 2 + +echo "Load storage key K1 80000001 public and private key" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load storage key K2 80000002 public key" +%TPM_EXE_PATH%loadexternal -hi p -ipu tmpk2pub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Rewrap O1 from K1 80000001 to K2 80000002 " +%TPM_EXE_PATH%rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush old key K1 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush new key K2 80000002 public key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM at TPM 3 + +echo "Load storage key K2 80000001 public key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Import rewraped O1 to K2" +%TPM_EXE_PATH%import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the imported signing key O1 80000002 under K2 80000001" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign using duplicated K2" +%TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000002 -if policies/aaa -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush storage key K2 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush signing key O1 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Duplicate Primary Sealed AES from Source to Target EK" +echo "" + +REM # source creates AES key, sends to target + +REM # Real code would send the target EK X509 certificate. The target could +REM # defer recreating the EK until later. + +REM # Target + +for /L %%i in (1,1,!L!) do ( + + echo "Target: Provision a target !SALG[%%i]! EK certificate" + %TPM_EXE_PATH%createekcert -alg !SALG[%%i]! -cakey cakey.pem -capwd rrrr > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Recreate the !SALG[%%i]! EK at 80000001" + %TPM_EXE_PATH%createek -alg !SALG[%%i]! -cp -noflush > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Convert the EK public key to PEM format for transmission to source" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmpekpub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Flush the EK" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM # Here, target would send the EK PEM public key to the source + +REM # The real source would +REM # +REM # 1 - walk the EK X509 certificate chain. I have to add that sample code to createEK or make a new utility. +REM # 2 - use openssl to convert the X509 EK certificate the the PEM public key file +REM # +REM # for now, the source trusts the target EK PEM public key + +REM # Source + + echo "Source: Create an AES 256 bit key" + %TPM_EXE_PATH%getrandom -by 32 -ns -of tmpaeskeysrc.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Create primary duplicable sealed AES key 80000001" + %TPM_EXE_PATH%createprimary -bl -kt nf -kt np -if tmpaeskeysrc.bin -pol policies/policyccduplicate.bin -opu tmpsdbpub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Load the target !SALG[%%i]! EK public key as a storage key 80000002" + %TPM_EXE_PATH%loadexternal -!SALG[%%i]! -st -ipem tmpekpub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Start a policy session, duplicate needs a policy 03000000" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Policy command code, duplicate" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Read policy digest, for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Wrap the sealed AES key with the target EK public key" + %TPM_EXE_PATH%duplicate -ho 80000001 -hp 80000002 -od tmpsdbdup.bin -oss tmpss.bin -se0 03000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Flush the sealed AES key 80000001" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Source: Flush the EK public key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM # Transmit the sealed AEK key wrapped with the target EK back to the target +REM # tmpsdbdup.bin private part wrapped in EK public key, via symmetric seed +REM # tmpsdbpub.bin public part +REM # tmpss.bin symmetric seed, encrypted with EK public key + +REM # Target + +REM # NOTE This assumes that the endorsement hierarchy password is Empty. +REM # This may be a bad assumption if an attacker can get access and +REM # change it. + + echo "Target: Recreate the -!SALG[%%i]! EK at 80000001" + %TPM_EXE_PATH%createek -alg !SALG[%%i]! -cp -noflush > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Start a policy session, EK use needs a policy" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth" + %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Read policy digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Import the sealed AES key under the EK storage key" + %TPM_EXE_PATH%import -hp 80000001 -ipu tmpsdbpub.bin -id tmpsdbdup.bin -iss tmpss.bin -opr tmpsdbpriv.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Restart the policy session" + %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth" + %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Read policy digest for debug" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Load the sealed AES key under the EK storage key" + %TPM_EXE_PATH%load -hp 80000001 -ipu tmpsdbpub.bin -ipr tmpsdbpriv.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Target: Unseal the AES key" + %TPM_EXE_PATH%unseal -ha 80000002 -of tmpaeskeytgt.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM # A real target would not have access to tmpaeskeysrc.bin for the compare + + echo "Target: Verify the unsealed result, same at source, for debug" + diff tmpaeskeytgt.bin tmpaeskeysrc.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the EK" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed AES key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the policy session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +REM cleanup + +echo "Undefine the RSA EK certificate index" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01c00002 +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Undefine the ECC EK certificate index" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01c0000a +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -f tmpo1name.bin +rm -f tmpsignpriv.bin +rm -f tmpsignpub.bin +rm -f tmprnd.bin +rm -f tmpdup.bin +rm -f tmpss.bin +rm -f tmpsignpriv3.bin +rm -f tmpsig.bin +rm -f tmpk2priv.bin +rm -f tmpk2pub.bin +rm -f tmposs.bin +rm -f tmpprivkey.pem +rm -f tmpecprivkey.pem +rm -f tmppub.bin +rm -f tmppriv.bin +rm -f tmpekpub.pem +rm -f tmpaeskeysrc.bin +rm -f tmpsdbpub.bin +rm -f tmpsdbdup.bin +rm -f tmpss.bin +rm -f tmpsdbpriv.bin +rm -f tmpaeskeytgt.bin + +exit /B 0 + +REM flushcontext -ha 80000001 +REM flushcontext -ha 80000002 +REM flushcontext -ha 03000000 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 03000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.sh new file mode 100755 index 000000000000..d2343803ad81 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testdup.sh @@ -0,0 +1,626 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# 80000001 K1 storage key +# 80000002 K2 signing key to be duplicated +# 80000002 K2 duplicated +# 03000000 policy session + +# policy +# be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 +# 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 + +# used for the name in rewrap + +if [ -z $TPM_DATA_DIR ]; then + TPM_DATA_DIR=. +fi + +echo "" +echo "Duplication" +echo "" + +echo "" +echo "Duplicate Child Key" +echo "" + +# primary key 80000000 +# target storage key K1 80000001 +# originally under primary key +# duplicate to K1 +# import to K1 +# signing key K2 80000002 + +SALG=(rsa ecc) +SKEY=(rsa2048 ecc) + +for ((i = 0 ; i < 2 ; i++)) +do + for ENC in "" "-salg aes -ik tmprnd.bin" + do + for HALG in ${ITERATE_ALGS} + do + + echo "Create a signing key K2 under the primary key, with policy" + ${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out + checkSuccess $? + + echo "Load the ${SALG[i]} storage key K1 80000001" + ${PREFIX}load -hp 80000000 -ipr store${SKEY[i]}priv.bin -ipu store${SKEY[i]}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the signing key K2 80000002" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Sign a digest, $HALG" + ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out + checkSuccess $? + + echo "Verify the signature, $HALG" + ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out + checkSuccess $? + + echo "Start a policy session" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Policy command code, duplicate" + ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out + checkSuccess $? + + echo "Get policy digest" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Get random AES encryption key" + ${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out + checkSuccess $? + + echo "Duplicate K2 under ${SALG[i]} K1, ${ENC}" + ${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin ${ENC} -se0 03000000 1 > run.out + checkSuccess $? + + echo "Flush the original K2 to free object slot for import" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Import K2 under ${SALG[i]} K1, ${ENC}" + ${PREFIX}import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin ${ENC} -opr tmppriv.bin > run.out + checkSuccess $? + + echo "Sign under K2, $HALG - should fail" + ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out + checkFailure $? + + echo "Load the duplicated signing key K2" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Sign using duplicated K2, $HALG" + ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out + checkSuccess $? + + echo "Verify the signature, $HALG" + ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out + checkSuccess $? + + echo "Flush the duplicated K2" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the parent K1" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + + done + done +done + +echo "" +echo "Duplicate Primary Key" +echo "" + +echo "Create a platform primary signing key K2 80000001" +${PREFIX}createprimary -hi p -si -kt nf -kt np -pol policies/policyccduplicate.bin -opu tmppub.bin > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000001 -if policies/aaa > run.out +checkSuccess $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy command code, duplicate" +${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out +checkSuccess $? + +echo "Duplicate K2 under storage key" +${PREFIX}duplicate -ho 80000001 -hp 80000000 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Import K2 under storage key" +${PREFIX}import -hp 80000000 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv.bin > run.out +checkSuccess $? + +echo "Load the duplicated signing key K2 80000002" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -if policies/aaa > run.out +checkSuccess $? + +echo "Flush the primary key 8000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the duplicated key 80000002 " +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the session 03000000 " +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "Import PEM RSA signing key under RSA and ECC storage key" +echo "" + +echo "generate the signing key with openssl" +openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 > run.out 2>&1 + +echo "load the ECC storage key" +${PREFIX}load -hp 80000000 -pwdp sto -ipr storeeccpriv.bin -ipu storeeccpub.bin > run.out +checkSuccess $? + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + for HALG in ${ITERATE_ALGS} + do + + for PARENT in 80000000 80000001 + do + + echo "Import the signing key under the parent key ${PARENT} ${HALG}" + ${PREFIX}importpem -hp ${PARENT} -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out + checkSuccess $? + + echo "Load the TPM signing key" + ${PREFIX}load -hp ${PARENT} -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + checkSuccess $? + + echo "Sign the message ${HALG} ${SESS}" + ${PREFIX}sign -hk 80000002 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out + checkSuccess $? + + echo "Verify the signature ${HALG}" + ${PREFIX}verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out + checkSuccess $? + + echo "Flush the signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + done + done +done + +echo "" +echo "Import PEM EC signing key under RSA and ECC storage key" +echo "" + +# mbedtls appears to only support the legacy PEM format +# -----BEGIN EC PRIVATE KEY----- +# and not the PKCS8 format +# -----BEGIN ENCRYPTED PRIVATE KEY----- +# + +echo "generate the signing key with openssl" +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem 2>&1 + +elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then +# plaintext key pair, legacy plaintext -----BEGIN PRIVATE KEY----- + openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -text -out tmpecprivkeydec.pem > run.out 2>&1 +# encrypt key pair, legacy encrypted -----BEGIN EC PRIVATE KEY----- + openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem -out tmpecprivkey.pem > run.out 2>&1 + +else + echo "Error: crypto library ${CRYPTOLIBRARY} not supported" + exit 255 +fi + +for SESS in "" "-se0 02000000 1" +do + for HALG in ${ITERATE_ALGS} + do + + for PARENT in 80000000 80000001 + do + + echo "Import the signing key under the parent key ${PARENT} ${HALG}" + ${PREFIX}importpem -hp ${PARENT} -pwdp sto -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out + checkSuccess $? + + echo "Load the TPM signing key" + ${PREFIX}load -hp ${PARENT} -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + checkSuccess $? + + echo "Sign the message ${HALG} ${SESS}" + ${PREFIX}sign -hk 80000002 -salg ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out + checkSuccess $? + + echo "Verify the signature ${HALG}" + ${PREFIX}verifysignature -hk 80000002 -ecc -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out + checkSuccess $? + + echo "Flush the signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + done + done +done + +echo "Flush the ECC storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Rewrap" +echo "" + +# duplicate object O1 to K1 (the outer wrapper, knows inner wrapper) +# rewrap O1 from K1 to K2 (does not know inner wrapper) +# import O1 to K2 (knows inner wrapper) + +# 03000000 policy session for duplicate + +# at TPM 1, duplicate object to K1 outer wrapper, AES wrapper + +echo "Create a storage key K2" +${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp sto -pwdk k2 > run.out +checkSuccess $? + +echo "Load the storage key K1 80000001 public key " +${PREFIX}loadexternal -hi p -ipu storersa2048pub.bin > run.out +checkSuccess $? + +echo "Create a signing key O1 with policy" +${PREFIX}create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out +checkSuccess $? + +echo "Load the signing key O1 80000002 under the primary key" +${PREFIX}load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Save the signing key O1 name" +cp ${TPM_DATA_DIR}/h80000002.bin tmpo1name.bin + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy command code, duplicate" +${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out +checkSuccess $? + +echo "Get random AES encryption key" +${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out +checkSuccess $? + +echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper" +${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out +checkSuccess $? + +echo "Flush signing key O1 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush storage key K1 80000001 public key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +# at TPM 2 + +echo "Load storage key K1 80000001 public and private key" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Load storage key K2 80000002 public key" +${PREFIX}loadexternal -hi p -ipu tmpk2pub.bin > run.out +checkSuccess $? + +echo "Rewrap O1 from K1 80000001 to K2 80000002 " +${PREFIX}rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out +checkSuccess $? + +echo "Flush old key K1 80000001" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush new key K2 80000002 public key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# at TPM 3 + +echo "Load storage key K2 80000001 public key" +${PREFIX}load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Import rewraped O1 to K2" +${PREFIX}import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out +checkSuccess $? + +echo "Load the imported signing key O1 80000002 under K2 80000001" +${PREFIX}load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out +checkSuccess $? + +echo "Sign using duplicated K2" +${PREFIX}sign -hk 80000002 -if policies/aaa -os tmpsig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Flush storage key K2 80000001" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush signing key O1 80000002" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Duplicate Primary Sealed AES from Source to Target EK" +echo "" + +# source creates AES key, sends to target + +# Real code would send the target EK X509 certificate. The target could +# defer recreating the EK until later. + +# Target + +# The mbedtls port does not support EC certificate creation yet */ + +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + for ((i = 0 ; i < 2 ; i++)) + do + + echo "Target: Provision a target ${SALG[i]} EK certificate" + ${PREFIX}createekcert -alg ${SALG[i]} -cakey cakey.pem -capwd rrrr > run.out + checkSuccess $? + + echo "Target: Recreate the ${SALG[i]} EK at 80000001" + ${PREFIX}createek -alg ${SALG[i]} -cp -noflush > run.out + checkSuccess $? + + echo "Target: Convert the EK public key to PEM format for transmission to source" + ${PREFIX}readpublic -ho 80000001 -opem tmpekpub.pem > run.out + checkSuccess $? + + echo "Target: Flush the EK" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +# Here, target would send the EK PEM public key to the source + +# The real source would +# +# 1 - walk the EK X509 certificate chain. I have to add that sample code to createEK or make a new utility. +# 2 - use openssl to convert the X509 EK certificate the the PEM public key file +# +# for now, the source trusts the target EK PEM public key + +# Source + + echo "Source: Create an AES 256 bit key" + ${PREFIX}getrandom -by 32 -ns -of tmpaeskeysrc.bin > run.out + checkSuccess $? + + echo "Source: Create primary duplicable sealed AES key 80000001" + ${PREFIX}createprimary -bl -kt nf -kt np -if tmpaeskeysrc.bin -pol policies/policyccduplicate.bin -opu tmpsdbpub.bin > run.out + checkSuccess $? + + echo "Source: Load the target ${SALG[i]} EK public key as a storage key 80000002" + ${PREFIX}loadexternal -${SALG[i]} -st -ipem tmpekpub.pem > run.out + checkSuccess $? + + echo "Source: Start a policy session, duplicate needs a policy 03000000" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Source: Policy command code, duplicate" + ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out + checkSuccess $? + + echo "Source: Read policy digest, for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Source: Wrap the sealed AES key with the target EK public key" + ${PREFIX}duplicate -ho 80000001 -hp 80000002 -od tmpsdbdup.bin -oss tmpss.bin -se0 03000000 0 > run.out + checkSuccess $? + + echo "Source: Flush the sealed AES key 80000001" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Source: Flush the EK public key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +# Transmit the sealed AEK key wrapped with the target EK back to the target +# tmpsdbdup.bin private part wrapped in EK public key, via symmetric seed +# tmpsdbpub.bin public part +# tmpss.bin symmetric seed, encrypted with EK public key + +# Target + +# NOTE This assumes that the endorsement hierarchy password is Empty. +# This may be a bad assumption if an attacker can get access and +# change it. + + echo "Target: Recreate the -${SALG[i]} EK at 80000001" + ${PREFIX}createek -alg ${SALG[i]} -cp -noflush > run.out + checkSuccess $? + + echo "Target: Start a policy session, EK use needs a policy" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth" + ${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out + checkSuccess $? + + echo "Target: Read policy digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Target: Import the sealed AES key under the EK storage key" + ${PREFIX}import -hp 80000001 -ipu tmpsdbpub.bin -id tmpsdbdup.bin -iss tmpss.bin -opr tmpsdbpriv.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Target: Restart the policy session" + ${PREFIX}policyrestart -ha 03000000 > run.out + checkSuccess $? + + echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth" + ${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out + checkSuccess $? + + echo "Target: Read policy digest for debug" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Target: Load the sealed AES key under the EK storage key" + ${PREFIX}load -hp 80000001 -ipu tmpsdbpub.bin -ipr tmpsdbpriv.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Target: Unseal the AES key" + ${PREFIX}unseal -ha 80000002 -of tmpaeskeytgt.bin > run.out + checkSuccess $? + +# A real target would not have access to tmpaeskeysrc.bin for the compare + + echo "Target: Verify the unsealed result, same at source, for debug" + diff tmpaeskeytgt.bin tmpaeskeysrc.bin > run.out + checkSuccess $? + + echo "Flush the EK" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the sealed AES key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the policy session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + + done + +# cleanup + +echo "Undefine the RSA EK certificate index" +${PREFIX}nvundefinespace -hi p -ha 01c00002 +checkSuccess $? + +echo "Undefine the ECC EK certificate index" +${PREFIX}nvundefinespace -hi p -ha 01c0000a +checkSuccess $? + +fi + +rm -f tmpo1name.bin +rm -f tmpsignpriv.bin +rm -f tmpsignpub.bin +rm -f tmprnd.bin +rm -f tmpdup.bin +rm -f tmpss.bin +rm -f tmpsignpriv3.bin +rm -f tmpsig.bin +rm -f tmpk2priv.bin +rm -f tmpk2pub.bin +rm -f tmposs.bin +rm -f tmpprivkey.pem +rm -f tmpecprivkey.pem +rm -f tmpecprivkeydec.pem +rm -f tmppub.bin +rm -f tmppriv.bin +rm -f tmpekpub.pem +rm -f tmpaeskeysrc.bin +rm -f tmpsdbpub.bin +rm -f tmpsdbdup.bin +rm -f tmpss.bin +rm -f tmpsdbpriv.bin +rm -f tmpaeskeytgt.bin + +# ${PREFIX}flushcontext -ha 80000001 +# ${PREFIX}flushcontext -ha 80000002 +# ${PREFIX}flushcontext -ha 03000000 + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 03000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.bat new file mode 100644 index 000000000000..5de54d60df07 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.bat @@ -0,0 +1,324 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2019. # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "ECC Ephemeral" +echo "" + +echo "" +echo "ECC Parameters and Ephemeral" +echo "" + +for %%C in (bnp256 nistp256 nistp384) do ( + + echo "ECC Parameters for curve %%C" + %TPM_EXE_PATH%eccparameters -cv %%C > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%A in (-si -sir) do ( + + echo "Create %%A for curve %%C" + %TPM_EXE_PATH%create -hp 80000000 -pwdp sto %%A -ecc %%C > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + + echo "EC Ephemeral for curve %%C" + %TPM_EXE_PATH%ecephemeral -ecc %%C > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "" +echo "ECC Commit" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%K in ("-dau" "-dar") do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Create a %%~K ECDAA signing key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key 80000001 under the primary key 80000000" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 + + REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters + REM which means no P1, no s2 and no y2. + REM and output the result and get the efile.bin + REM feed back the point in efile.bin as the new p1 because it is on the curve. + + REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. + REM example of normal command + REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" + %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -pwdk siga %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM copy efile as new p1 - for hash operation + cp efile.bin p1.bin + + REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in + + REM All this does is simulate the commit that the FIDO alliance wants to + REM use in its TPM Join operation. + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" + %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + cat efile.bin p1.bin tmprpub.bin > hashinput.bin + + echo "Hash the E, P1, and Q to create the ticket to use in signing" + %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign the hash of the points made from commit" + %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +REM save old counterfile for off nominal error check +cp counterfile.bin counterfileold.bin + + +for %%K in ("-dau" "-dar") do ( + for %%S in ("" "-se0 02000000 1") do ( + + echo "Create a %%~K ECDAA signing primary key" + %TPM_EXE_PATH%createprimary -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 + + REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters + REM which means no P1, no s2 and no y2. + REM and output the result and get the efile.bin + REM feed back the point in efile.bin as the new p1 because it is on the curve. + + REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. + REM example of normal command + REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" + %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM copy efile as new p1 - for hash operation + cp efile.bin p1.bin + + REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in + + REM All this does is simulate the commit that the FIDO alliance wants to + REM use in its TPM Join operation. + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" + %TPM_EXE_PATH%commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + cat efile.bin p1.bin tmprpub.bin > hashinput.bin + + echo "Hash the E, P1, and Q to create the ticket to use in signing" + %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Check error case bad counter" + %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Sign the hash of the points made from commit" + %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "ECC zgen2phase" +echo "" + +echo "ECC Parameters for curve nistp256" +%TPM_EXE_PATH%eccparameters -cv nistp256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM This is just a script for a B "remote" side to create a static key +REM pair and ephemeral for use in demonstrating (on the local side) a +REM two-phase operation involving ecephemeral and zgen2phase + +echo "Create decryption key for curve nistp256" +%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "EC Ephemeral for curve nistp256" +%TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM local side +REM +REM scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the +REM A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command +REM on B side. QeBpt is already in TPM2B_ECC_POINT form since it was +REM created by ecephemeral on B side QsBpub.bin is presumed in a form +REM produced by a create commamnd using another TPM + +echo "Create decryption key for curve nistp256" +%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the decryption key under the primary key, 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "EC Ephemeral for curve nistp256" +%TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Convert public raw to TPM2B_ECC_POINT" +%TPM_EXE_PATH%tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Execute zgen2phase for curve nistp256" +%TPM_EXE_PATH%zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -rf efile.bin +rm -rf tmprpub.bin +rm -rf tmprpriv.bin +rm -rf counterfile.bin +rm -rf counterfileold.bin +rm -rf p1.bin +rm -rf hashinput.bin +rm -rf outhash.bin +rm -rf sig.bin +rm -rf tfile.bin + +rm -rf QsBpub.bin +rm -rf QeBpt.bin +rm -rf QsApriv.bin +rm -rf QsApub.bin +rm -rf QeApt.bin +rm -rf counter.bin +rm -rf QsBpt.bin + +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 +REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.sh new file mode 100755 index 000000000000..9ece33e29be7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testecc.sh @@ -0,0 +1,279 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testecc.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "ECC Ephemeral" +echo "" + +echo "" +echo "ECC Parameters and Ephemeral" +echo "" + +for CURVE in "bnp256" "nistp256" "nistp384" +do + + echo "ECC Parameters for curve ${CURVE}" + ${PREFIX}eccparameters -cv ${CURVE} > run.out + checkSuccess $? + + for ATTR in "-si" "-sir" + do + + echo "Create ${ATTR} for curve ${CURVE}" + ${PREFIX}create -hp 80000000 -pwdp sto ${ATTR} -ecc ${CURVE} > run.out + checkSuccess $? + + done + + echo "EC Ephemeral for curve ${CURVE}" + ${PREFIX}ecephemeral -ecc ${CURVE} > run.out + checkSuccess $? + +done + +echo "" +echo "ECC Commit" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for KEYTYPE in "-dau" "-dar" +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Create a $KEYTYPE ECDAA signing key under the primary key" + ${PREFIX}create -hp 80000000 -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out + checkSuccess $? + + echo "Load the signing key 80000001 under the primary key 80000000" + ${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out + checkSuccess $? + + #${PREFIX}getcapability -cap 1 -pr 80000001 + + # The trick with commit is first use - empty ECC point and no s2 and y2 parameters + # which means no P1, no s2 and no y2. + # and output the result and get the efile.bin + # feed back the point in efile.bin as the new p1 because it is on the curve. + + # There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. + # example of normal command + # ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out + # checkSuccess $? + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}" + ${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out + checkSuccess $? + + # copy efile as new p1 - for hash operation + cp efile.bin p1.bin + + # We have a point on the curve - in efile.bin. Use E as P1 and feed it back in + + # All this does is simulate the commit that the FIDO alliance wants to + # use in its TPM Join operation. + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}" + ${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out + checkSuccess $? + + cat efile.bin p1.bin tmprpub.bin > hashinput.bin + + echo "Hash the E, P1, and Q to create the ticket to use in signing" + ${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out + checkSuccess $? + + echo "Sign the hash of the points made from commit" + ${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + checkSuccess $? + + echo "Flush the signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +done + +# save old counterfile for off nominal error check +cp counterfile.bin counterfileold.bin + +for KEYTYPE in "-dau" "-dar" +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Create a $KEYTYPE ECDAA signing primary key" + ${PREFIX}createprimary -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out + checkSuccess $? + + #${PREFIX}getcapability -cap 1 -pr 80000001 + + # The trick with commit is first use - empty ECC point and no s2 and y2 parameters + # which means no P1, no s2 and no y2. + # and output the result and get the efile.bin + # feed back the point in efile.bin as the new p1 because it is on the curve. + + # There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. + # example of normal command + # ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out + # checkSuccess $? + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}" + ${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out + checkSuccess $? + + # copy efile as new p1 - for hash operation + cp efile.bin p1.bin + + # We have a point on the curve - in efile.bin. Use E as P1 and feed it back in + + # All this does is simulate the commit that the FIDO alliance wants to + # use in its TPM Join operation. + + echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}" + ${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out + checkSuccess $? + + cat efile.bin p1.bin tmprpub.bin > hashinput.bin + + echo "Hash the E, P1, and Q to create the ticket to use in signing" + ${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out + checkSuccess $? + + echo "Check error case bad counter" + ${PREFIX}sign -hk 80000001 -pwdk siga -ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + checkFailure $? + + echo "Sign the hash of the points made from commit" + ${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out + checkSuccess $? + + echo "Flush the signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +done + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "ECC zgen2phase" +echo "" + +echo "ECC Parameters for curve nistp256" +${PREFIX}eccparameters -cv nistp256 > run.out +checkSuccess $? + +# This is just a script for a B "remote" side to create a static key +# pair and ephemeral for use in demonstrating (on the local side) a +# two-phase operation involving ecephemeral and zgen2phase + +echo "Create decryption key for curve nistp256" +${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out +checkSuccess $? + +echo "EC Ephemeral for curve nistp256" +${PREFIX}ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out +checkSuccess $? + +# local side + +# scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the +# A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command +# on B side. QeBpt is already in TPM2B_ECC_POINT form since it was +# created by ecephemeral on B side QsBpub.bin is presumed in a form +# produced by a create commamnd using another TPM + +echo "Create decryption key for curve nistp256" +${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out +checkSuccess $? + +echo "Load the decryption key under the primary key, 80000001" +${PREFIX}load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out +checkSuccess $? + +echo "EC Ephemeral for curve nistp256" +${PREFIX}ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin > run.out +checkSuccess $? + +echo "Convert public raw to TPM2B_ECC_POINT" +${PREFIX}tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out +checkSuccess $? + +echo "Execute zgen2phase for curve ${CURVE}" +${PREFIX}zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out +checkSuccess $? + +echo "Flush the key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +rm -rf efile.bin +rm -rf tmprpub.bin +rm -rf tmprpriv.bin +rm -rf counterfile.bin +rm -rf counterfileold.bin +rm -rf p1.bin +rm -rf hashinput.bin +rm -rf outhash.bin +rm -rf sig.bin +rm -rf tfile.bin + +rm -rf QsBpub.bin +rm -rf QeBpt.bin +rm -rf QsApriv.bin +rm -rf QsApub.bin +rm -rf QeApt.bin +rm -rf counter.bin +rm -rf QsBpt.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.bat new file mode 100644 index 000000000000..1e6b15021205 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.bat @@ -0,0 +1,483 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +set TWOAUTH0=01 01 01 01 21 21 41 41 61 +set TWOAUTH1=01 21 41 61 01 41 01 21 01 + +set THREEAUTH0=01 01 01 01 01 21 41 +set THREEAUTH1=01 01 01 21 41 01 01 +set THREEAUTH2=21 41 61 41 21 41 21 + +echo "" +echo "Parameter Encryption" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%M in (xor aes) do ( + + for %%N in (xor aes) do ( + + for %%P in (xor aes) do ( + + + echo "Start an HMAC auth session with %%M encryption" + %TPM_EXE_PATH%startauthsession -se h -sym %%M > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start an HMAC auth session with %%N encryption" + %TPM_EXE_PATH%startauthsession -se h -sym %%N > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start an HMAC auth session with %%P encryption" + %TPM_EXE_PATH%startauthsession -se h -sym %%P > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM one auth + + for %%A in (21 41 61) do ( + + echo "Signing Key Self Certify, one auth %%A" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 %%A > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + + REM two auth + + set i=0 + for %%a in (!TWOAUTH0!) do set /A i+=1 & set TWOAUTH0[!i!]=%%a + set i=0 + for %%b in (!TWOAUTH1!) do set /A i+=1 & set TWOAUTH1[!i!]=%%b + set L=!i! + + for /L %%i in (1,1,!L!) do ( + + echo "Signing Key Self Certify, two auth !TWOAUTH0[%%i]! !TWOAUTH1[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !TWOAUTH0[%%i]! -se1 02000001 !TWOAUTH1[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + + REM three auth, first 01 + + set i=0 + for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a + set i=0 + for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b + set i=0 + for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c + set L=!i! + + for /L %%i in (1,1,!L!) do ( + + echo "Signing Key Self Certify, three auth !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + + echo "Flush the sessions" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sessions" + %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sessions" + %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + ) +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key, policy command code certify" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policycccertify.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Salt encrypt and decrypt HMAC sessions" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an encrypt session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set i=0 +for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a +set i=0 +for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b +set i=0 +for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Bind encrypt and decrypt HMAC sessions" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an encrypt session" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set i=0 +for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a +set i=0 +for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b +set i=0 +for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "Signing Key Self Certify, three auth, bind parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + + +REM # policycccertify.txt 0000016c00000148 +REM # policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr +REM # 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 +REM # f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 + +echo "" +echo "Salt encrypt and decrypt policy sessions" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an encrypt session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set i=0 +for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a +set i=0 +for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b +set i=0 +for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "Policy restart" + %TPM_EXE_PATH%policyrestart -ha 03000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code - certify" + %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions " +%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions " +%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Bind encrypt and decrypt policy sessions" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an auth session" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an encrypt session" +%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set i=0 +for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a +set i=0 +for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b +set i=0 +for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "Policy restart" + %TPM_EXE_PATH%policyrestart -ha 03000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code - certify" + %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Self Certify, three auth, bind parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" + %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin ^ + -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "Flush the sessions" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions " +%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sessions " +%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.sh new file mode 100755 index 000000000000..160d9f2235d5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testencsession.sh @@ -0,0 +1,340 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +TWOAUTH0=(01 01 01 01 21 21 41 41 61) +TWOAUTH1=(01 21 41 61 01 41 01 21 01) + +THREEAUTH0=(01 01 01 01 01 21 41) +THREEAUTH1=(01 01 01 21 41 01 01) +THREEAUTH2=(21 41 61 41 21 41 21) + +echo "" +echo "Parameter Encryption - Basic" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +for MODE0 in xor aes +do + + for MODE1 in xor aes + do + + for MODE2 in xor aes + do + + echo "Start an HMAC auth session with $MODE0 encryption" + ${PREFIX}startauthsession -se h -sym $MODE0 > run.out + checkSuccess $? + + echo "Start an HMAC auth session with $MODE1 encryption" + ${PREFIX}startauthsession -se h -sym $MODE1 > run.out + checkSuccess $? + + echo "Start an HMAC auth session with $MODE2 encryption" + ${PREFIX}startauthsession -se h -sym $MODE2 > run.out + checkSuccess $? + + # one auth + + for AUTH0 in 21 41 61 + do + + echo "Signing Key Self Certify, one auth $AUTH0" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 $AUTH0 > run.out + checkSuccess $? + + done + + # two auth + + for ((i = 0 ; i < 9; i++)) + do + + echo "Signing Key Self Certify, two auth ${TWOAUTH0[i]} ${TWOAUTH1[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${TWOAUTH0[i]} -se1 02000001 ${TWOAUTH1[i]} > run.out + checkSuccess $? + + done + + # three auth + + for ((i = 0 ; i < 7; i++)) + do + + echo "Signing Key Self Certify, three auth ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out + checkSuccess $? + + done + + echo "Flush the sessions" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + + echo "Flush the sessions" + ${PREFIX}flushcontext -ha 02000001 > run.out + checkSuccess $? + + echo "Flush the sessions" + ${PREFIX}flushcontext -ha 02000002 > run.out + checkSuccess $? + done + done +done + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Create a signing key, policy command code certify" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policycccertify.bin > run.out +checkSuccess $? + +echo "" +echo "Salt encrypt and decrypt HMAC sessions" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -hs 80000000 > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -hs 80000000 > run.out +checkSuccess $? + +echo "Start an encrypt session" +${PREFIX}startauthsession -se h -hs 80000000 > run.out +checkSuccess $? + +for ((i = 0 ; i < 7 ; i++)) +do + + echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out + checkSuccess $? + +done + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000001 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000002 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Bind encrypt and decrypt HMAC sessions" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +echo "Start an encrypt session" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +for ((i = 0 ; i < 7 ; i++)) +do + + echo "Signing Key Self Certify, three auth, bind parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out + checkSuccess $? + +done + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000001 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000002 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + + +# policycccertify.txt 0000016c00000148 +# policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr +# 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 +# f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 + +echo "" +echo "Salt encrypt and decrypt policy sessions" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -hs 80000000 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -hs 80000000 > run.out +checkSuccess $? + +echo "Start an encrypt session" +${PREFIX}startauthsession -se h -hs 80000000 > run.out +checkSuccess $? + +for ((i = 0 ; i < 7 ; i++)) +do + + echo "Policy restart" + ${PREFIX}policyrestart -ha 03000001 > run.out + checkSuccess $? + + echo "Policy command code - certify" + ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out + checkSuccess $? + + echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out + checkSuccess $? + +done + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 03000001 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000002 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Bind encrypt and decrypt policy sessions" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an auth session" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +echo "Start an encrypt session" +${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out +checkSuccess $? + +for ((i = 0 ; i < 7 ; i++)) +do + + echo "Policy restart" + ${PREFIX}policyrestart -ha 03000001 > run.out + checkSuccess $? + + echo "Policy command code - certify" + ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out + checkSuccess $? + + echo "Signing Key Self Certify, three auth, bind parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" + ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out + checkSuccess $? + +done + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 03000001 > run.out +checkSuccess $? + +echo "Flush the sessions" +${PREFIX}flushcontext -ha 02000002 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + + + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.bat new file mode 100644 index 000000000000..d81a61598611 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.bat @@ -0,0 +1,125 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testevict.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Evict Control" +echo "" + +echo "Create an unrestricted signing key" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Make the signing key persistent" +%TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with the transient key" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with the persistent key" +%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the transient key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the persistent key - should fail" +%TPM_EXE_PATH%flushcontext -ha 81800000 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with the transient key- should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with the persistent key" +%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the persistent key" +%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with the persistent key - should fail" +%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with the transient key - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + echo TP1 failed + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 81000000 +REM getcapability -cap 1 -pr 02000000 +REM getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.sh new file mode 100755 index 000000000000..761eaa8c904b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testevict.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testevict.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Evict Control" +echo "" + +echo "Create an unrestricted signing key" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig > run.out +checkSuccess $? + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Make the signing key persistent" +${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out +checkSuccess $? + +echo "Sign a digest with the transient key" +${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Sign a digest with the persistent key" +${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Flush the transient key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the persistent key - should fail" +${PREFIX}flushcontext -ha 81800000 > run.out +checkFailure $? + +echo "Sign a digest with the transient key- should fail" +${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Sign a digest with the persistent key" +${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Flush the persistent key" +${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out +checkSuccess $? + +echo "Sign a digest with the persistent key - should fail" +${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Sign a digest with the transient key - should fail" +${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out +checkFailure $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 81000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 +# ${PREFIX}getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.bat new file mode 100644 index 000000000000..d454cdab369a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.bat @@ -0,0 +1,158 @@ +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +setlocal enableDelayedExpansion + +# used for the name in policy authorize + +echo "" +echo "Get Capability" +echo "" + +echo "Get Capability TPM_CAP_ALGS" +%TPM_EXE_PATH%getcapability -cap 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Get Capability TPM_CAP_HANDLES" +echo "" + +echo "TPM_HT_PCR" +%TPM_EXE_PATH%getcapability -cap 1 -pr 00000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_NV_INDEX" +%TPM_EXE_PATH%getcapability -cap 1 -pr 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_LOADED_SESSION" +%TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_SAVED_SESSION" +%TPM_EXE_PATH%getcapability -cap 1 -pr 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_PERMANENT" +%TPM_EXE_PATH%getcapability -cap 1 -pr 40000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_TRANSIENT" +%TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "TPM_HT_PERSISTENT" +%TPM_EXE_PATH%getcapability -cap 1 -pr 81000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_COMMANDS" +%TPM_EXE_PATH%getcapability -cap 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_PP_COMMANDS" +%TPM_EXE_PATH%getcapability -cap 3 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_AUDIT_COMMANDS" +%TPM_EXE_PATH%getcapability -cap 4 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_PCRS" +%TPM_EXE_PATH%getcapability -cap 5 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Get Capability TPM_CAP_TPM_PROPERTIES" +echo "" + +echo "Get Capability TPM_CAP_TPM_PROPERTIES 100" +%TPM_EXE_PATH%getcapability -cap 6 -pr 100 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_TPM_PROPERTIES 200" +%TPM_EXE_PATH%getcapability -cap 6 -pr 200 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_PCR_PROPERTIES " +%TPM_EXE_PATH%getcapability -cap 7 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_ECC_CURVES" +%TPM_EXE_PATH%getcapability -cap 8 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Capability TPM_CAP_AUTH_POLICIES" +%TPM_EXE_PATH%getcapability -cap 9 -pr 40000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.sh new file mode 100755 index 000000000000..f8994d51fc3b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testgetcap.sh @@ -0,0 +1,125 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Get Capability" +echo "" + +echo "Get Capability TPM_CAP_ALGS" +${PREFIX}getcapability -cap 0 > run.out +checkSuccess $? + +echo "" +echo "Get Capability TPM_CAP_HANDLES" +echo "" + +echo "TPM_HT_PCR" +${PREFIX}getcapability -cap 1 -pr 00000000 > run.out +checkSuccess $? + +echo "TPM_HT_NV_INDEX" +${PREFIX}getcapability -cap 1 -pr 01000000 > run.out +checkSuccess $? + +echo "TPM_HT_LOADED_SESSION" +${PREFIX}getcapability -cap 1 -pr 02000000 > run.out +checkSuccess $? + +echo "TPM_HT_SAVED_SESSION" +${PREFIX}getcapability -cap 1 -pr 03000000 > run.out +checkSuccess $? + +echo "TPM_HT_PERMANENT" +${PREFIX}getcapability -cap 1 -pr 40000000 > run.out +checkSuccess $? + +echo "TPM_HT_TRANSIENT" +${PREFIX}getcapability -cap 1 -pr 80000000 > run.out +checkSuccess $? + +echo "TPM_HT_PERSISTENT" +${PREFIX}getcapability -cap 1 -pr 81000000 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_COMMANDS" +${PREFIX}getcapability -cap 2 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_PP_COMMANDS" +${PREFIX}getcapability -cap 3 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_AUDIT_COMMANDS" +${PREFIX}getcapability -cap 4 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_PCRS" +${PREFIX}getcapability -cap 5 > run.out +checkSuccess $? + +echo "" +echo "Get Capability TPM_CAP_TPM_PROPERTIES" +echo "" + +echo "Get Capability TPM_CAP_TPM_PROPERTIES 100" +${PREFIX}getcapability -cap 6 -pr 100 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_TPM_PROPERTIES 200" +${PREFIX}getcapability -cap 6 -pr 200 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_PCR_PROPERTIES " +${PREFIX}getcapability -cap 7 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_ECC_CURVES" +${PREFIX}getcapability -cap 8 > run.out +checkSuccess $? + +echo "Get Capability TPM_CAP_AUTH_POLICIES" +${PREFIX}getcapability -cap 9 -pr 40000000 > run.out +checkSuccess $? + + + + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.bat new file mode 100644 index 000000000000..fa3e65566de8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.bat @@ -0,0 +1,369 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testhierarchy.bat 507 2016-03-08 22:35:47Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Hierarchy Change Auth" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Generate a random authorization value" +%TPM_EXE_PATH%getrandom -by 32 -nz -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Change platform hierarchy auth %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary storage key - should fail" + %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Create a primary storage key" + %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Change platform hierarchy auth back to null %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary storage key" + %TPM_EXE_PATH%createprimary -pwdk 111 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Change platform hierarchy auth, new auth from file %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdni tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary storage key - should fail" + %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Create a primary storage key, auth from file" + %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdpi tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Change platform hierarchy auth back to null, auth from file %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdai tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary storage key" + %TPM_EXE_PATH%createprimary -pwdk 111 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the primary key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Hierarchy Change Auth with bind" +echo "" + +echo "Change platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary storage key - should fail" +%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session, bind to platform hierarchy" +%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change platform hierarchy auth back to null" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary storage key" +%TPM_EXE_PATH%createprimary -pwdk 111 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Hierarchy Control" +echo "" + +echo "Enable the owner hierarchy" +%TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change the platform hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Enable the owner hierarchy - no platform hierarchy password, should fail" +%TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Enable the owner hierarchy using platform hierarchy password" +%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key in the owner hierarchy - bad password, should fail" +%TPM_EXE_PATH%createprimary -hi o -pwdp xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a primary key in the owner hierarchy" +%TPM_EXE_PATH%createprimary -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Disable the owner hierarchy using platform hierarchy password" +%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key in the owner hierarchy, disabled, should fail" +%TPM_EXE_PATH%createprimary -hi o > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Enable the owner hierarchy using platform hierarchy password" +%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key in the owner hierarchy" +%TPM_EXE_PATH%createprimary -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Remove the platform hierarchy password" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key in the owner hierarchy" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Clear" +echo "" + +echo "Set storage hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary key - storage hierarchy" +%TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the public part" +%TPM_EXE_PATH%readpublic -ho 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "ClearControl disable" +%TPM_EXE_PATH%clearcontrol -hi p -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear - should fail" +%TPM_EXE_PATH%clear -hi p > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "ClearControl enable" +%TPM_EXE_PATH%clearcontrol -hi p -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear" +%TPM_EXE_PATH%clear -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the public part - should fail" +%TPM_EXE_PATH%readpublic -ho 80000001 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a primary key - old owner password should fail" +%TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a primary key" +%TPM_EXE_PATH%createprimary -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM cleanup +rm -f tmp.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.sh new file mode 100755 index 000000000000..a3b170662625 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhierarchy.sh @@ -0,0 +1,244 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testhierarchy.sh 990 2017-04-19 13:31:24Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015, 2016 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Hierarchy Change Auth" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Generate a random authorization value" +${PREFIX}getrandom -by 32 -nz -of tmp.bin > run.out +checkSuccess $? + +AUTH=("" "-pwda ppp " "" "-pwdai tmp.bin ") +NEWAUTH=("-pwdn ppp " "" "-pwdni tmp.bin " "") +CPAUTH=("-pwdp ppp " "" "-pwdpi tmp.bin " "") + +for ((i = 0 ; i < 4 ; i+=2)) +do + for SESS in "" "-se0 02000000 1" + do + + echo "Change platform hierarchy auth ${AUTH[i]} ${NEWAUTH[i]} ${SESS}" + ${PREFIX}hierarchychangeauth -hi p ${AUTH[i]} ${NEWAUTH[i]} ${SESS} > run.out + checkSuccess $? + + echo "Create a primary storage key - should fail" + ${PREFIX}createprimary -hi p -pwdk 111 > run.out + checkFailure $? + + echo "Create a primary storage key ${CPAUTH[i]}" + ${PREFIX}createprimary -hi p -pwdk 111 ${CPAUTH[i]} > run.out + checkSuccess $? + + echo "Flush the primary key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Change platform hierarchy auth back to null ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS}" + ${PREFIX}hierarchychangeauth -hi p ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS} > run.out + checkSuccess $? + + echo "Create a primary storage key" + ${PREFIX}createprimary -pwdk 111 > run.out + checkSuccess $? + + echo "Flush the primary key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Hierarchy Change Auth with bind" +echo "" + +echo "Change platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Create a primary storage key - should fail" +${PREFIX}createprimary -hi p -pwdk 111 > run.out +checkFailure $? + +echo "Create a primary storage key" +${PREFIX}createprimary -hi p -pwdk 111 -pwdp ppp > run.out +checkSuccess $? + +echo "Flush the primary key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Start an HMAC auth session, bind to platform hierarchy" +${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out +checkSuccess $? + +echo "Change platform hierarchy auth back to null" +${PREFIX}hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out +checkSuccess $? + +echo "Create a primary storage key" +${PREFIX}createprimary -pwdk 111 > run.out +checkSuccess $? + +echo "Flush the primary key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Hierarchy Control" +echo "" + +echo "Enable the owner hierarchy" +${PREFIX}hierarchycontrol -hi p -he o > run.out +checkSuccess $? + +echo "Change the platform hierarchy password" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Enable the owner hierarchy - no platform hierarchy password, should fail" +${PREFIX}hierarchycontrol -hi p -he o > run.out +checkFailure $? + +echo "Enable the owner hierarchy using platform hierarchy password" +${PREFIX}hierarchycontrol -hi p -he o -pwda ppp > run.out +checkSuccess $? + +echo "Create a primary key in the owner hierarchy - bad password, should fail" +${PREFIX}createprimary -hi o -pwdp xxx > run.out +checkFailure $? + +echo "Create a primary key in the owner hierarchy" +${PREFIX}createprimary -hi o > run.out +checkSuccess $? + +echo "Disable the owner hierarchy using platform hierarchy password" +${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out +checkSuccess $? + +echo "Create a primary key in the owner hierarchy, disabled, should fail" +${PREFIX}createprimary -hi o > run.out +checkFailure $? + +echo "Enable the owner hierarchy using platform hierarchy password" +${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out +checkSuccess $? + +echo "Create a primary key in the owner hierarchy" +${PREFIX}createprimary -hi o > run.out +checkSuccess $? + +echo "Remove the platform hierarchy password" +${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Flush the primary key in the owner hierarchy" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Clear" +echo "" + +echo "Set storage hierarchy auth" +${PREFIX}hierarchychangeauth -hi o -pwdn ooo > run.out +checkSuccess $? + +echo "Create a primary key - storage hierarchy" +${PREFIX}createprimary -hi o -pwdp ooo > run.out +checkSuccess $? + +echo "Read the public part" +${PREFIX}readpublic -ho 80000001 > run.out +checkSuccess $? + +echo "ClearControl disable" +${PREFIX}clearcontrol -hi p -state 1 > run.out +checkSuccess $? + +echo "Clear - should fail" +${PREFIX}clear -hi p > run.out +checkFailure $? + +echo "ClearControl enable" +${PREFIX}clearcontrol -hi p -state 0 > run.out +checkSuccess $? + +echo "Clear" +${PREFIX}clear -hi p > run.out +checkSuccess $? + +echo "Read the public part - should fail" +${PREFIX}readpublic -ho 80000001 > run.out +checkFailure $? + +echo "Create a primary key - old owner password should fail" +${PREFIX}createprimary -hi o -pwdp ooo > run.out +checkFailure $? + +echo "Create a primary key" +${PREFIX}createprimary -hi o > run.out +checkSuccess $? + +echo "Flush the primary key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 + +# cleanup +rm -f tmp.bin diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.bat new file mode 100644 index 000000000000..3bbcc9bf7549 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.bat @@ -0,0 +1,331 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2018 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Keyed hash HMAC key" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM session 02000000 +REM loaded HMAC key 80000001 +REM primary HMAC key 80000001 +REM sequence object 80000002 + +for %%H in (%ITERATE_ALGS%) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Load the %%H keyed hash key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr khpriv%%H.bin -ipu khpub%%H.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H using the keyed hash key, message from file %%~S" + %TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg %%H %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H start using the keyed hash key %%~S" + %TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khk -pwda aaa %%~S -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H sequence update %%~S" + %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H sequence complete %%~S" + %TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the HMAC %%H using the two methods" + diff sig.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H using the keyed hash key, message from command line %%~S" + %TPM_EXE_PATH%hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg %%H %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the HMAC %%H using the two methods" + diff sig.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%H HMAC key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create primary HMAC key - %%H" + %TPM_EXE_PATH%createprimary -kh -halg %%H -pwdk khp > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H using the keyed hash primary key %%~S" + %TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg %%H %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H start using the keyed hash primary key %%~S" + %TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khp -pwda aaa %%~S -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H sequence update %%~S" + %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "HMAC %%H sequence complete %%~S" + %TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the HMAC %%H using the two methods" + diff sig.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%H primary HMAC key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +echo "" +echo "Hash" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Hash %%H in one call, data from file" + %TPM_EXE_PATH%hash -hi p -halg %%H -if policies/aaa -oh tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the hash %%H" + diff tmp.bin policies/%%Haaa.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash %%H in one cal, data on command linel" + %TPM_EXE_PATH%hash -hi p -halg %%H -ic aaa -oh tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the hash %%H" + diff tmp.bin policies/%%Haaa.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash %%H sequence start" + %TPM_EXE_PATH%hashsequencestart -halg %%H -pwda aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash %%H sequence update %%~S" + %TPM_EXE_PATH%sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash %%H sequence complete %%~S" + %TPM_EXE_PATH%sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the %%H hash" + diff tmp.bin policies/%%Haaa.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 + +echo "" +echo "Sign with ticket" +echo "" + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048rpriv.bin -ipu signrsa2048rpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash and create ticket" +%TPM_EXE_PATH%hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and no ticket - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and ticket" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash and create null ticket, msg with TPM_GENERATED" +%TPM_EXE_PATH%hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and ticket - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Hash sequence start" +%TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash sequence update " +%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash sequence complete" +%TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and no ticket - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and ticket" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash sequence start" +%TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash sequence update, msg with TPM_GENERATED" +%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Hash sequence complete" +%TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest with a restricted signing key and ticket - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.sh new file mode 100755 index 000000000000..6d1f1cc0f694 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmac.sh @@ -0,0 +1,254 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Keyed hash HMAC key" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +# session 02000000 +# loaded HMAC key 80000001 +# primary HMAC key 80000001 +# sequence object 80000002 + +for HALG in ${ITERATE_ALGS} +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Load the ${HALG} keyed hash key under the primary key" + ${PREFIX}load -hp 80000000 -ipr khpriv${HALG}.bin -ipu khpub${HALG}.bin -pwdp sto > run.out + checkSuccess $? + + echo "HMAC ${HALG} using the keyed hash key, message from file ${SESS}" + ${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out + checkSuccess $? + + echo "HMAC ${HALG} start using the keyed hash key ${SESS}" + ${PREFIX}hmacstart -hk 80000001 -pwdk khk -pwda aaa ${SESS} -halg ${HALG} > run.out + checkSuccess $? + + echo "HMAC ${HALG} sequence update ${SESS}" + ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out + checkSuccess $? + + echo "HMAC ${HALG} sequence complete ${SESS}" + ${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the HMAC ${HALG} using the two methods" + diff sig.bin tmp.bin > run.out + checkSuccess $? + + echo "HMAC ${HALG} using the keyed hash key, message from command line ${SESS}" + ${PREFIX}hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out + checkSuccess $? + + echo "Verify the HMAC ${HALG} using the two methods" + diff sig.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the ${HALG} HMAC key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Create primary HMAC key - $HALG" + ${PREFIX}createprimary -kh -halg ${HALG} -pwdk khp > run.out + checkSuccess $? + + echo "HMAC ${HALG} using the keyed hash primary key ${SESS}" + ${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg ${HALG} ${SESS} > run.out + checkSuccess $? + + echo "HMAC ${HALG} start using the keyed hash primary key ${SESS}" + ${PREFIX}hmacstart -hk 80000001 -pwdk khp -pwda aaa ${SESS} -halg ${HALG} > run.out + checkSuccess $? + + echo "HMAC ${HALG} sequence update ${SESS}" + ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out + checkSuccess $? + + echo "HMAC ${HALG} sequence complete ${SESS}" + ${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the HMAC ${HALG} using the two methods" + diff sig.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the ${HALG} primary HMAC key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +done + +echo "" +echo "Hash" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Hash ${HALG} in one call, data from file" + ${PREFIX}hash -hi p -halg ${HALG} -if policies/aaa -oh tmp.bin > run.out + checkSuccess $? + + echo "Verify the hash ${HALG}" + diff tmp.bin policies/${HALG}aaa.bin > run.out + checkSuccess $? + + echo "Hash ${HALG} in one call, data on command line" + ${PREFIX}hash -hi p -halg ${HALG} -ic aaa -oh tmp.bin > run.out + checkSuccess $? + + echo "Verify the hash ${HALG}" + diff tmp.bin policies/${HALG}aaa.bin > run.out + checkSuccess $? + + echo "Hash ${HALG} sequence start" + ${PREFIX}hashsequencestart -halg ${HALG} -pwda aaa > run.out + checkSuccess $? + + echo "Hash ${HALG} sequence update ${SESS}" + ${PREFIX}sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "Hash ${HALG} sequence complete ${SESS}" + ${PREFIX}sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the ${HALG} hash" + diff tmp.bin policies/${HALG}aaa.bin > run.out + checkSuccess $? + + done +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 + +echo "" +echo "Sign with ticket" +echo "" + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signrsa2048rpriv.bin -ipu signrsa2048rpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Hash and create ticket" +${PREFIX}hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Sign a digest with a restricted signing key and no ticket - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Sign a digest with a restricted signing key and ticket" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Hash and create null ticket, msg with TPM_GENERATED" +${PREFIX}hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Sign a digest with a restricted signing key and ticket - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Hash sequence start" +${PREFIX}hashsequencestart -halg sha256 -pwda aaa > run.out +checkSuccess $? + +echo "Hash sequence update " +${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out +checkSuccess $? + +echo "Hash sequence complete" +${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Sign a digest with a restricted signing key and no ticket - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Sign a digest with a restricted signing key and ticket" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Hash sequence start" +${PREFIX}hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out +checkSuccess $? + +echo "Hash sequence update, msg with TPM_GENERATED" +${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out +checkSuccess $? + +echo "Hash sequence complete" +${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Sign a digest with a restricted signing key and ticket - should fail" +${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out +checkFailure $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +rm -f tmp.bin +rm -f tmp1.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.bat new file mode 100644 index 000000000000..01bcc9c60671 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.bat @@ -0,0 +1,111 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM $Id: testhmacsession.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # +REM (c) Copyright IBM Corporation 2015, 2017 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "HMAC Session" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a storage key under the primary key - continue true" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a storage key under the primary key - continue false" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a storage key under the primary key - should fail" +%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "User with Auth Clear" +echo "" + +echo "Create a signing key under the primary key" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - should fail with HMAC session" +%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the session, not flushed on failure" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 \ No newline at end of file diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.sh new file mode 100755 index 000000000000..37715890993f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testhmacsession.sh @@ -0,0 +1,90 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testhmacsession.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "HMAC Session" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Create a storage key under the primary key - continue true" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 1 > run.out +checkSuccess $? + +echo "Create a storage key under the primary key - continue false" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out +checkSuccess $? + +echo "Create a storage key under the primary key - should fail" +${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out +checkFailure $? + +echo "" +echo "User with Auth Clear" +echo "" + +echo "Create a signing key under the primary key" +${PREFIX}create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Sign a digest - should fail with HMAC session" +${PREFIX}sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out +checkFailure $? + +echo "Flush the session, not flushed on failure" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.bat new file mode 100644 index 000000000000..f272214db2a7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.bat @@ -0,0 +1,963 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testnv.bat 1301 2018-08-15 21:46:19Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2018 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "NV" +echo "" + +echo "" +echo "NV Ordinary Index" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +set NALG=%ITERATE_ALGS% +set BADNALG=%BAD_ITERATE_ALGS% + +set i=0 +for %%N in (!NALG!) do set /A i+=1 & set NALG[!i!]=%%N +set i=0 +for %%B in (!BADNALG!) do set /A i+=1 & set BADNALG[!i!]=%%B +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space !NALG[%%i]!" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg !NALG[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, unwritten Name bad Name algorithm !BADNALG[%%i]! - should fail" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !BADNALG[%%i]! > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read - should fail before write %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the read data" + diff policies/aaa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read, invalid offset - should fail %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read, invalid size - should fail %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space again should fail" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space out of range - should fail" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 02000000 -pwdn nnn -sz 16 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "NV Set Bits Index" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read - should fail before write %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Set bits 0, 16, 32, 48 %%~S" + %TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the set bits %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the read data" + diff policies/bits48321601.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV Counter Index" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, unwritten Name" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the count - should fail before write %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Increment the count %%~S" + %TPM_EXE_PATH%nvincrement -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the count %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM FIXME need some way to verify the count + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV Extend Index" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + set SZ=20 32 48 64 + set HALG=%ITERATE_ALGS% + + set i=0 + for %%a in (!SZ!) do set /A i+=1 & set SZ[!i!]=%%a + set i=0 + for %%b in (!HALG!) do set /A i+=1 & set HALG[!i!]=%%b + set L=!i! + + for /L %%i in (1,1,!L!) do ( + + echo "NV Define Space !HALG[%%i]!" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg !HALG[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public !HALG[%%i]!" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !HALG[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read, unwritten Name - should fail before write %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV extend %%~S" + %TPM_EXE_PATH%nvextend -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read size !SZ[%%i]!} %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz !SZ[%%i]! -of tmp.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the read data !HALG[%%i]!" + diff policies/!HALG[%%i]!extaaa.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 +REM getcapability -cap 1 -pr 01000000 + +echo "" +echo "NV Owner auth" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Set owner auth %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Define an NV index with owner auth %%~S" + %TPM_EXE_PATH%nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read public, get Name, not written" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write with NV password %%~S - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn %%~S> run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write with owner password %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -hia o -pwdn ooo %%~S> run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read with NV password %%~S - should fail" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read with owner password %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -hia o -pwdn ooo %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine authorizing index %%~S" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 -pwdp ooo %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Clear owner auth %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi o -pwda ooo %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 +REM getcapability -cap 1 -pr 01000000 + +echo "" +echo "NV Platform auth" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "Set platform auth %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp %%~S> run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Define an NV index with platform auth %%~S" + %TPM_EXE_PATH%nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read public, get Name, not written" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write with NV password %%~S - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write with platform password %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -pwdn ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read with NV password %%~S - should fail" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write with platform password %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -hia p -pwdn ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine authorizing index %%~S" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Clear platform auth %%~S" + %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Write Lock" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space with write define" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, unwritten Name" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Write lock %%~S" + %TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Read Lock" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space with read stclear" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, unwritten Name" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read lock %%~S" + %TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S - should fail" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Global Lock" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space 01000000 with global lock" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Define Space 01000001 with global lock" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write 01000000 %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write 01000001 %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV global lock" + %TPM_EXE_PATH%nvglobalwritelock -hia p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, 01000000, locked" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, 01000001, locked" + %TPM_EXE_PATH%nvreadpublic -ha 01000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write 01000000 %%~S - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write 01000001 %%~S - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read 01000000 %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read 01000001 %%~S" + %TPM_EXE_PATH%nvread -ha 01000001 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space 01000000" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space 01000001" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV Change Authorization" +echo "" + +REM policy is policycommandcode + policyauthvalue +REM aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 +REM 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de + +echo "NV Define Space with POLICY_DELETE and no policy - should fail" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 +at pold > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%S in ("" "-se0 02000000 1") do ( + + echo "NV Define Space 0100000" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public, unwritten Name" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code" + %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy authvalue" + %TPM_EXE_PATH%policyauthvalue -ha 03000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Change authorization" + %TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV write %%~S, old auth - should fail" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV read %%~S, old auth - should fail" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "NV write %%~S" + %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn xxx -if policies/aaa %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV read %%~S" + %TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the auth session" + %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV Change Authorization with bind" +echo "" + +echo "NV Define Space 0100000" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session, bind to NV index" +%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code" +%TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Change authorization" +%TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV Undefine space special" +echo "" + +REM policy is policy command code + policy password + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%P in (policyauthvalue policypassword) do ( + + echo "NV Define Space 0100000" + %TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Undefine space special - should fail" + %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Undefine space special - should fail" + %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Policy command code, NV undefine space special" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 11f > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Undefine space special - should fail" + %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Policy %%P" + %TPM_EXE_PATH%%%P -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Undefine space special" + %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 +REM getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.sh new file mode 100755 index 000000000000..b941f2ebaee8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testnv.sh @@ -0,0 +1,707 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testnv.sh 1301 2018-08-15 21:46:19Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "NV" +echo "" + +echo "" +echo "NV Ordinary Index" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +NALG=(${ITERATE_ALGS}) +BADNALG=(${BAD_ITERATE_ALGS}) + +for ((i = 0 ; i < 4; i++)) +do + + for SESS in "" "-se0 02000000 1" + do + + echo "NV Define Space ${NALG[$i]}" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg ${NALG[$i]} > run.out + checkSuccess $? + + echo "NV Read Public, unwritten Name bad Name algorithm ${BADNALG[$i]} - should fail" + ${PREFIX}nvreadpublic -ha 01000000 -nalg ${BADNALG[$i]} > run.out + checkFailure $? + + echo "NV read - should fail before write ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkFailure $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the read data" + diff policies/aaa tmp.bin > run.out + checkSuccess $? + + echo "NV read, invalid offset - should fail ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin ${SESS} > run.out + checkFailure $? + + echo "NV read, invalid size - should fail ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin ${SESS} > run.out + checkFailure $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + checkSuccess $? + + done +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "NV Undefine Space again should fail" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkFailure $? + +echo "NV Define Space out of range - should fail" +${PREFIX}nvdefinespace -hi o -ha 02000000 -pwdn nnn -sz 16 > run.out +checkFailure $? + +echo "" +echo "NV Set Bits Index" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out + checkSuccess $? + + echo "NV read - should fail before write ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkFailure $? + + echo "Set bits 0, 16, 32, 48 ${SESS}" + ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 ${SESS} > run.out + checkSuccess $? + + echo "Read the set bits ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the read data" + diff policies/bits48321601.bin tmp.bin > run.out + checkSuccess $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "NV Counter Index" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out + checkSuccess $? + + echo "NV Read Public, unwritten Name" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "Read the count - should fail before write ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out + checkFailure $? + + echo "Increment the count ${SESS}" + ${PREFIX}nvincrement -ha 01000000 -pwdn nnn ${SESS} > run.out + checkSuccess $? + + echo "Read the count ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out + checkSuccess $? + +# FIXME need some way to verify the count + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# The test data was created using policymaker with a text file 616161 +# (three a's). pcrexted cannot be used because it zero extends the +# input to the hash size + +echo "" +echo "NV Extend Index" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + SZ=(20 32 48 64) + HALG=(${ITERATE_ALGS}) + + for ((i = 0 ; i < 4; i++)) + do + + echo "NV Define Space ${HALG[$i]}" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg ${HALG[$i]} > run.out + checkSuccess $? + + echo "NV Read Public ${HALG[$i]}" + ${PREFIX}nvreadpublic -ha 01000000 -nalg ${HALG[$i]} > run.out + checkSuccess $? + + echo "NV read, unwritten Name - should fail before write ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin ${SESS} > run.out + checkFailure $? + + echo "NV extend ${SESS}" + ${PREFIX}nvextend -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read size ${SZ[$i]} ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz ${SZ[$i]} -of tmp.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the read data ${HALG[$i]}" + diff policies/${HALG[$i]}extaaa.bin tmp.bin > run.out + checkSuccess $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + checkSuccess $? + + done +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 +# getcapability -cap 1 -pr 01000000 + +echo "" +echo "NV Owner auth" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "Set owner auth ${SESS}" + ${PREFIX}hierarchychangeauth -hi o -pwdn ooo ${SESS} > run.out + checkSuccess $? + + echo "Define an NV index with owner auth ${SESS}" + ${PREFIX}nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo ${SESS} > run.out + checkSuccess $? + + echo "NV Read public, get Name, not written" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV write with NV password ${SESS} - should fail" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS}> run.out + checkFailure $? + + echo "NV write with owner password ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -hia o -pwdn ooo ${SESS}> run.out + checkSuccess $? + + echo "NV read with NV password ${SESS} - should fail" + ${PREFIX}nvread -ha 01000000 ${SESS} -pwdn nnn > run.out + checkFailure $? + + echo "NV read with owner password ${SESS}" + ${PREFIX}nvread -ha 01000000 -hia o -pwdn ooo ${SESS} > run.out + checkSuccess $? + + echo "NV Undefine authorizing index ${SESS}" + ${PREFIX}nvundefinespace -hi o -ha 01000000 -pwdp ooo ${SESS} > run.out + checkSuccess $? + + echo "Clear owner auth ${SESS}" + ${PREFIX}hierarchychangeauth -hi o -pwda ooo ${SESS} > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 +# getcapability -cap 1 -pr 01000000 + +echo "" +echo "NV Platform auth" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "Set platform auth ${SESS}" + ${PREFIX}hierarchychangeauth -hi p -pwdn ppp ${SESS}> run.out + checkSuccess $? + + echo "Define an NV index with platform auth ${SESS}" + ${PREFIX}nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp ${SESS} > run.out + checkSuccess $? + + echo "NV Read public, get Name, not written" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV write with NV password ${SESS} - should fail" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS} > run.out + checkFailure $? + + echo "NV write with platform password ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out + checkSuccess $? + + echo "NV read with NV password ${SESS} - should fail" + ${PREFIX}nvread -ha 01000000 -pwdn nnn ${SESS} > run.out + checkFailure $? + + echo "NV write with platform password ${SESS}" + ${PREFIX}nvread -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out + checkSuccess $? + + echo "NV Undefine authorizing index ${SESS}" + ${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp ${SESS} > run.out + checkSuccess $? + + echo "Clear platform auth ${SESS}" + ${PREFIX}hierarchychangeauth -hi p -pwda ppp ${SESS} > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Write Lock" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space with write define" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out + checkSuccess $? + + echo "NV Read Public, unwritten Name" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "Write lock ${SESS}" + ${PREFIX}nvwritelock -ha 01000000 -pwdn nnn ${SESS} > run.out + checkSuccess $? + + echo "NV write ${SESS} - should fail" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkFailure $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Read Lock" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space with read stclear" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out + checkSuccess $? + + echo "NV Read Public, unwritten Name" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "Read lock ${SESS}" + ${PREFIX}nvreadlock -ha 01000000 -pwdn nnn ${SESS} > run.out + checkSuccess $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS} - should fail" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkFailure $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Global Lock" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space 01000000 with global lock" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out + checkSuccess $? + + echo "NV Define Space 01000001 with global lock" + ${PREFIX}nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out + checkSuccess $? + + echo "NV write 01000000 ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV write 01000001 ${SESS}" + ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV global lock" + ${PREFIX}nvglobalwritelock -hia p > run.out + checkSuccess $? + + echo "NV Read Public, 01000000, locked" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV Read Public, 01000001, locked" + ${PREFIX}nvreadpublic -ha 01000001 > run.out + checkSuccess $? + + echo "NV write 01000000 ${SESS} - should fail" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkFailure $? + + echo "NV write 01000001 ${SESS} - should fail" + ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkFailure $? + + echo "NV read 01000000 ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "NV read 01000001 ${SESS}" + ${PREFIX}nvread -ha 01000001 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "NV Undefine Space 01000000" + ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out + checkSuccess $? + + echo "NV Undefine Space 01000001" + ${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +# policy is policycommandcode + policyauthvalue +# aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 +# 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de + +echo "NV Define Space with POLICY_DELETE and no policy - should fail" +${PREFIX}nvdefinespace -hi o -ha 01000000 +at pold > run.out +checkFailure $? + +echo "" +echo "NV Change Authorization" +echo "" + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for SESS in "" "-se0 02000000 1" +do + + echo "NV Define Space 0100000" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out + checkSuccess $? + + echo "NV Read Public, unwritten Name" + ${PREFIX}nvreadpublic -ha 01000000 > run.out + checkSuccess $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out + checkSuccess $? + + echo "Start a policy session" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Policy command code" + ${PREFIX}policycommandcode -ha 03000001 -cc 0000013b > run.out + checkSuccess $? + + echo "Policy authvalue" + ${PREFIX}policyauthvalue -ha 03000001 > run.out + checkSuccess $? + + echo "NV Change authorization" + ${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out + checkSuccess $? + + echo "NV write ${SESS}, old auth - should fail" + ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out + checkFailure $? + + echo "NV read ${SESS}, old auth - should fail" + ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 ${SESS} > run.out + checkFailure $? + + echo "NV write ${SESS}" + ${PREFIX}nvwrite -ha 01000000 -pwdn xxx -if policies/aaa ${SESS} > run.out + checkSuccess $? + + echo "NV read ${SESS}" + ${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 ${SESS} > run.out + checkSuccess $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out + checkSuccess $? + + echo "Flush the auth session" + ${PREFIX}flushcontext -ha 03000001 > run.out + checkSuccess $? + +done + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "NV Change Authorization with bind" +echo "" + +echo "NV Define Space 0100000" +${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out +checkSuccess $? + +echo "Start an HMAC session, bind to NV index" +${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy command code" +${PREFIX}policycommandcode -ha 03000001 -cc 0000013b > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000001 > run.out +checkSuccess $? + +echo "NV Change authorization" +${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out +checkSuccess $? + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 03000001 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "NV Undefine space special" +echo "" + +# policy is policy command code + policy password + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +for POL in "policyauthvalue" "policypassword" +do + + echo "NV Define Space 0100000" + ${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out + checkSuccess $? + + echo "Undefine space special - should fail" + ${PREFIX}nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out + checkFailure $? + + echo "Undefine space special - should fail" + ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + checkFailure $? + + echo "Policy command code, NV undefine space special" + ${PREFIX}policycommandcode -ha 03000000 -cc 11f > run.out + checkSuccess $? + + echo "Undefine space special - should fail" + ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + checkFailure $? + + echo "Policy ${POL}" + ${PREFIX}${POL} -ha 03000000 > run.out + checkSuccess $? + + echo "Undefine space special" + ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out + checkSuccess $? + +done + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 +# ${PREFIX}getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat new file mode 100644 index 000000000000..a113434c47d7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat @@ -0,0 +1,1029 @@ +REM ################################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2016 - 2019 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ################################################################################# + +setlocal enableDelayedExpansion + +REM # PIN Pass index name is +REM +REM # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 +REM # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da +REM # ad 81 +REM +REM # Policy Secret using PIN Pass index is +REM +REM # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 +REM # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d +REM +REM # PIN Fail index name is +REM +REM # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 +REM # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 +REM # c4 be +REM +REM # Policy Secret using PIN Fail index is +REM +REM # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c +REM # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df +REM +REM +REM # 01000000 is PIN pass or PIN fail index +REM # 01000001 is ordinary index with PIN pass policy +REM # 01000002 is ordinary index with PIN fail policy + + +echo "" +echo "NV PIN Index" +echo "" + +echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000" +%TPM_EXE_PATH%nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write to set written bit" +%TPM_EXE_PATH%nvwrite -ha 01000001 -hia p -ic 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000" +%TPM_EXE_PATH%nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write to set written bit" +%TPM_EXE_PATH%nvwrite -ha 01000002 -hia p -ic 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index" +echo "" + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, not written - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read does not affect count" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read does not affect count, should succeed" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy read should not increment pin count" +%TPM_EXE_PATH%nvread -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read should increment pin count" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, no uses - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform read, no uses" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index in Policy Secret" +echo "" + +echo "Policy Secret with PWAP session, bad password - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, should consume pin couunt" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Get Digest, 50 b9 63 d6 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read ordinary index using PIN pass policy secret" +%TPM_EXE_PATH%nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 1 / 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 0 uses, 0 / 0" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 use. 1 / 1, already used" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 0 uses. 2 / 1, already used" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 2 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock, 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, locked - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reboot" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read lock, 01000000" +%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read, locked - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, read locked" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Cleanup NV PIN Pass" +echo "" + +echo "NV Undefine Space, 01000000 " +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session, 03000000 " +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index" +echo "" + +echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, not written - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read with bad password - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy write, 01000000, platform auth" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy read, 01000000" +%TPM_EXE_PATH%nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 0/ 1 failure" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000, correct password" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000, bad password - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Index read, 01000000, correct password - should fail because tries used" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 0 / 1 failure" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index in Policy Secret" +echo "" + +echo "Platform write, 2 failures, 0 / 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 failure use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 0 failures, 1 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 fail, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock, 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, locked - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reboot" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read lock 01000000" +%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read, locked - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, read locked" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Cleanup" +echo "" + +echo "NV Undefine Space 01000000" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000001" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000002" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Recreate the primary key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN define space" +echo "" + +echo "NV Define Space, 01000000, no write auth - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, no read auth - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Pass, auth write - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Fail, auth write - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +rem # +rem # Additional test for pinCount update when NV auth is not used. This +rem # tests for a bug fix +rem # + +rem # +rem # policy calculation +rem # + +echo "Create the policy digest that will be used for the NvIndex write term" +%TPM_EXE_PATH%startauthsession -se t > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policycommandcode write term" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppw.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the trial policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policycommandcode read term" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the trial policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Trial Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policyor result" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmpor.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the trial policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # +rem # Test PIN fail +rem # + +rem # Write the PIN fail index + +echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy sesion" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Writing count 0, limit 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # test the PIN fail index + +echo "Using with PolicySecret, first failure case, increments count" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Using with PolicySecret, second failure case" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 2 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 2 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # cleanup + +echo "Undefine the PIN fail index" +%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # +rem # Test PIN pass +rem # + +rem # Write the PIN pass index + +echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Writing count 0, limit 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # test the PIN pass index + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 0 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 0 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 0 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Using with PolicySecret, success, increments count" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 1 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # cleanup + +echo "Undefine the PIN fail index" +%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -r tmppw.bin +rm -r tmppr.bin +rm -r tmpor.bin + +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 03000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 01000000 + +exit /B 0 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.sh new file mode 100755 index 000000000000..89d14a7dee3a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.sh @@ -0,0 +1,739 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2016 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# PIN Pass index name is + +# 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 +# 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da +# ad 81 + +# Policy Secret using PIN Pass index is + +# 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 +# 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d + +# PIN Fail index name is + +# 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 +# b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 +# c4 be + +# Policy Secret using PIN Fail index is + +# 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c +# 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df + +# 01000000 is PIN pass or PIN fail index +# 01000001 is ordinary index with PIN pass policy +# 01000002 is ordinary index with PIN fail policy + + +echo "" +echo "NV PIN Index" +echo "" + +echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000" +${PREFIX}nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out +checkSuccess $? + +echo "Platform write to set written bit" +${PREFIX}nvwrite -ha 01000001 -hia p -ic 0 > run.out +checkSuccess $? + +echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000" +${PREFIX}nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out +checkSuccess $? + +echo "Platform write to set written bit" +${PREFIX}nvwrite -ha 01000002 -hia p -ic 0 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "" +echo "NV PIN Pass Index" +echo "" + +echo "Set phEnableNV" +${PREFIX}hierarchycontrol -hi p -he n > run.out +checkSuccess $? + +echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, not written - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Platform read does not affect count" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +checkSuccess $? + +echo "Platform read does not affect count, should succeed" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, platform auth" +${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out +checkSuccess $? + +echo "Policy write, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, platform auth" +${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out +checkSuccess $? + +echo "Policy read should not increment pin count" +${PREFIX}nvread -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Platform write, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Index read should increment pin count" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out +checkSuccess $? + +echo "Index read, no uses - should fail" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +checkFailure $? + +echo "Platform read, no uses" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out +checkSuccess $? + +echo "" +echo "NV PIN Pass Index in Policy Secret" +echo "" + +echo "Policy Secret with PWAP session, bad password - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +checkFailure $? + +echo "Platform write, 01000000, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, should consume pin couunt" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, pinCount used - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Policy Get Digest, 50 b9 63 d6 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Read ordinary index using PIN pass policy secret" +${PREFIX}nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Platform write, 01000000, 1 use, 1 / 2" +${PREFIX}nvwrite -ha 01000000 -hia p -id 1 2 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Platform write, 0 uses, 0 / 0" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 0 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, pinCount used - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 1 use. 1 / 1, already used" +${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, pinCount used - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 0 uses. 2 / 1, already used" +${PREFIX}nvwrite -ha 01000000 -hia p -id 2 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, pinCount used - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "" +echo "NV PIN Pass Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Write lock, 01000000" +${PREFIX}nvwritelock -ha 01000000 -hia p > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, pinCount used - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 01000000, locked - should fail" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkFailure $? + +echo "Reboot" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup" +${PREFIX}startup > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Platform write, 01000000, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "" +echo "NV PIN Pass Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Read lock, 01000000" +${PREFIX}nvreadlock -ha 01000000 -hia p > run.out +checkSuccess $? + +echo "Platform read, locked - should fail" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, read locked" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "" +echo "NV PIN Pass Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Clear phEnableNV" +${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Set phEnableNV" +${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out +checkSuccess $? + +echo "" +echo "Cleanup NV PIN Pass" +echo "" + +echo "NV Undefine Space, 01000000 " +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "Flush the policy session, 03000000 " +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "NV PIN Fail Index" +echo "" + +echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, not written - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 1 failure, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Platform read" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +checkSuccess $? + +echo "Platform read with bad password - should fail" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out +checkFailure $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, platform auth" +${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out +checkSuccess $? + +echo "Policy write, 01000000, platform auth" +${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, platform auth" +${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out +checkSuccess $? + +echo "Policy read, 01000000" +${PREFIX}nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Platform write, 01000000, 0 / 1 failure" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Index read, 01000000, correct password" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +checkSuccess $? + +echo "Index read, 01000000, bad password - should fail" +${PREFIX}nvread -ha 01000000 -pwdn nn -sz 8 > run.out +checkFailure $? + +echo "Index read, 01000000, correct password - fail because tries used" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +checkFailure $? + +echo "Platform write, 01000000, 0 / 1 failure" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Index read, 01000000" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +checkSuccess $? + +echo "" +echo "NV PIN Fail Index in Policy Secret" +echo "" + +echo "Platform write, 2 failures, 0 / 2" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 2 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, good password" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, good password, resets pinCount" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, good password - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Platform write, 1 failure use, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, good password, resets pinCount" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Platform write, 0 failures, 1 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, good password, resets pinCount" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "" +echo "NV PIN Fail Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 fail, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Write lock, 01000000" +${PREFIX}nvwritelock -ha 01000000 -hia p > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "Platform write, 01000000, locked - should fail" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkFailure $? + +echo "Reboot" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup" +${PREFIX}startup > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "" +echo "NV PIN Fail Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Read lock 01000000" +${PREFIX}nvreadlock -ha 01000000 -hia p > run.out +checkSuccess $? + +echo "Platform read, locked - should fail" +${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, read locked" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkSuccess $? + +echo "" +echo "NV PIN Fail Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out +checkSuccess $? + +echo "Clear phEnableNV" +${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +checkFailure $? + +echo "Set phEnableNV" +${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out +checkSuccess $? + +echo "" +echo "Cleanup" +echo "" + +echo "NV Undefine Space 01000000" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "NV Undefine Space 01000001" +${PREFIX}nvundefinespace -hi o -ha 01000001 > run.out +checkSuccess $? + +echo "NV Undefine Space 01000002" +${PREFIX}nvundefinespace -hi o -ha 01000002 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out > run.out +checkSuccess $? + +# Recreate the primary key +initprimary +checkSuccess $? + +echo "" +echo "NV PIN define space" +echo "" + +echo "NV Define Space, 01000000, no write auth - should fail" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out +checkFailure $? + +echo "NV Define Space, 01000000, no read auth - should fail" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out +checkFailure $? + +echo "NV Define Space, 01000000, PIN Pass, auth write - should fail" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out +checkFailure $? + +echo "NV Define Space, 01000000, PIN Fail, auth write - should fail" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out +checkFailure $? + +echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail" +${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out +checkFailure $? + +# +# Additional test for pinCount update when NV auth is not used. This +# tests for a bug fix +# + +# +# policy calculation +# + +echo "Create the policy digest that will be used for the NvIndex write term" +${PREFIX}startauthsession -se t > run.out +checkSuccess $? + +echo "policycommandcode TPM_CC_NV_Write" +${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out +checkSuccess $? + +echo "Get the policycommandcode write term" +${PREFIX}policygetdigest -ha 03000000 -of tmppw.bin > run.out +checkSuccess $? + +echo "Restart the trial policy session" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "policycommandcode TPM_CC_NV_Read" +${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out +checkSuccess $? + +echo "Get the policycommandcode read term" +${PREFIX}policygetdigest -ha 03000000 -of tmppr.bin > run.out +checkSuccess $? + +echo "Restart the trial policy session" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Trial Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Get the policyor result" +${PREFIX}policygetdigest -ha 03000000 -of tmpor.bin > run.out +checkSuccess $? + +echo "Flush the trial policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +# +# Test PIN fail +# + +# Write the PIN fail index + +echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread" +${PREFIX}nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +checkSuccess $? + +echo "Start policy sesion" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "policycommandcode TPM_CC_NV_Write" +${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Writing count 0, limit 2" +${PREFIX}nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +checkSuccess $? + +# test the PIN fail index + +echo "Using with PolicySecret, first failure case, increments count" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +checkFailure $? + +echo "policycommandcode TPM_CC_NV_Read" +${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Read the index, should be 1 2" +${PREFIX}nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out +checkSuccess $? + +echo "Using with PolicySecret, second failure case" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +checkFailure $? + +echo "Read the index, owner auth, should be 2 2" +${PREFIX}nvread -ha 01000000 -hia o -id 2 2 > run.out +checkSuccess $? + +# cleanup + +echo "Undefine the PIN fail index" +${PREFIX}nvundefinespace -ha 01000000 -hi o > run.out +checkSuccess $? + +# +# Test PIN pass +# + +# Write the PIN pass index + +echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread" +${PREFIX}nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +checkSuccess $? + +echo "policycommandcode TPM_CC_NV_Write" +${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Writing count 0, limit 2" +${PREFIX}nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +checkSuccess $? + +# test the PIN pass index + +echo "policycommandcode TPM_CC_NV_Read" +${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Read the index, should be 0 2" +${PREFIX}nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +checkSuccess $? + +echo "Read the index, owner auth, should be 0 2" +${PREFIX}nvread -ha 01000000 -hia o -id 0 2 > run.out +checkSuccess $? + +echo "Using with PolicySecret, success, increments count" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out +checkSuccess $? + +echo "Restart the policy session" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "policycommandcode TPM_CC_NV_Read" +${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +checkSuccess $? + +echo "Read the index, should be 1 2" +${PREFIX}nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out +checkSuccess $? + +echo "Read the index, owner auth, should be 1 2" +${PREFIX}nvread -ha 01000000 -hia o -id 1 2 > run.out +checkSuccess $? + +# cleanup + +echo "Undefine the PIN fail index" +${PREFIX}nvundefinespace -ha 01000000 -hi o > run.out +checkSuccess $? + +rm -r tmppw.bin +rm -r tmppr.bin +rm -r tmpor.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 +# ${PREFIX}getcapability -cap 1 -pr 03000000 +# ${PREFIX}getcapability -cap 1 -pr 01000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.bat new file mode 100644 index 000000000000..e840fc2db1c3 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.bat @@ -0,0 +1,348 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM # +REM (c) Copyright IBM Corporation 2015 - 2019 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +REM # +REM # for pcrextend +REM # +REM +REM # extend of aaa + 0 pad to digest length using pcrextend, use resettable PCR 16 +REM +REM # sha1extaaa0.bin +REM # 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 +REM # 98 1a a0 a0 +REM +REM # sha256extaaa0.bin +REM # c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 +REM # 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb +REM +REM # sha384extaaa0.bin +REM # 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 +REM # 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df +REM # 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 +REM +REM # sha512extaaa0.bin +REM # 7f e1 e4 cf 01 52 93 13 6b f1 30 18 30 39 b6 a6 +REM # 46 ea 00 8b 75 af d0 f8 46 6a 9b fe 53 1a f8 ad +REM # a8 67 a6 58 28 cf ce 48 60 77 52 9e 54 f1 83 0a +REM # a4 9a b7 80 56 2b ae a4 9c 67 a8 73 34 ff e7 78 +REM +REM # +REM # for pcrevent +REM # +REM +REM # first hash using hash -ic aaa -ns +REM # then extend using policymaker +REM +REM # sha1 of aaa +REM # 7e240de74fb1ed08fa08d38063f6a6a91462a815 +REM # extend +REM # ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 +REM # 3e 23 8e a6 +REM +REM # sha256 of aaa +REM # 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0 +REM # extend +REM # df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c +REM # d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab +REM +REM # sha384 of aaa +REM # 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8 +REM # extend of that +REM # 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 +REM # ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 +REM # 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d +REM +REM # sha512 of aaa +REM # d6f644b19812e97b5d871658d6d3400ecd4787faeb9b8990c1e7608288664be77257104a58d033bcf1a0e0945ff06468ebe53e2dff36e248424c7273117dac09 +REM # extend of that (using policymaker) +REM # cb 7f be b3 1c 29 61 24 4c 9c 47 80 84 0d b4 3a +REM # 76 3f ba 96 ef c1 d9 52 f4 e3 e0 2c 06 8a 31 8a +REM # e5 3f a0 a7 a1 74 e8 23 e3 07 1a cd c6 52 6f b6 +REM # 77 6d 07 0f 36 47 27 4d a6 29 db c9 10 a7 6c 2a +REM +REM # all these variables are related +REM +REM # bank algorithm test pattern is + +set BANKS=^ + "sha1" ^ + "sha256" ^ + "sha384" ^ + "sha512" ^ + "sha1 sha256" ^ + "sha1 sha384" ^ + "sha1 sha512" ^ + "sha256 sha384" ^ + "sha256 sha512" ^ + "sha384 sha512" ^ + "sha1 sha256 sha384" ^ + "sha1 sha256 sha512" ^ + "sha1 sha384 sha512" ^ + "sha256 sha384 sha512" ^ + "sha1 sha256 sha384 sha512" + +REM # bank extend algorithm test pattern is + +set EXTEND=^ + "-halg sha1" ^ + "-halg sha256" ^ + "-halg sha384" ^ + "-halg sha512" ^ + "-halg sha1 -halg sha256" ^ + "-halg sha1 -halg sha384" ^ + "-halg sha1 -halg sha512" ^ + "-halg sha256 -halg sha384" ^ + "-halg sha256 -halg sha512" ^ + "-halg sha384 -halg sha512" ^ + "-halg sha1 -halg sha256 -halg sha384" ^ + "-halg sha1 -halg sha256 -halg sha512" ^ + "-halg sha1 -halg sha384 -halg sha512" ^ + "-halg sha256 -halg sha384 -halg sha512" ^ + "-halg sha1 -halg sha256 -halg sha384 -halg sha512" + +REM # bank event file test pattern is + +set EVENT=^ + "-of1 tmpsha1.bin" ^ + "-of2 tmpsha256.bin" ^ + "-of3 tmpsha384.bin" ^ + "-of5 tmpsha512.bin" ^ + "-of1 tmpsha1.bin -of2 tmpsha256.bin" ^ + "-of1 tmpsha1.bin -of3 tmpsha384.bin" ^ + "-of1 tmpsha1.bin -of5 tmpsha512.bin" ^ + "-of2 tmpsha256.bin -of3 tmpsha384.bin" ^ + "-of2 tmpsha256.bin -of5 tmpsha512.bin" ^ + "-of3 tmpsha384.bin -of5 tmpsha512.bin" ^ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin" ^ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of5 tmpsha512.bin" ^ + "-of1 tmpsha1.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" ^ + "-of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" ^ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" +) + +REM # assuming starts with starts with sha1 sha256 sha384 sha512 + +set ALLOC=^ + "-sha256 -sha384 -sha512" ^ + "-sha1 +sha256" ^ + "-sha256 +sha384" ^ + "-sha384 +sha512" ^ + "+sha1 +sha256 -sha512" ^ + "-sha256 +sha384" ^ + "-sha384 +sha512" ^ + "-sha1 +sha256 +sha384 -sha512" ^ + "-sha384 +sha512" ^ + "-sha256 +sha384" ^ + "+sha1 +sha256 -sha512" ^ + "-sha384 +sha512" ^ + "-sha256 +sha384" ^ + "-sha1 +sha256" ^ + "+sha1" +) + +REM i is iterator over PCR bank allocation patterns +set i=0 +for %%a in (!BANKS!) do set /A i+=1 & set BANKS[!i!]=%%~a +set i=0 +for %%a in (!EXTEND!) do set /A i+=1 & set EXTEND[!i!]=%%~a +set i=0 +for %%a in (!EVENT!) do set /A i+=1 & set EVENT[!i!]=%%~a +set i=0 +for %%a in (!ALLOC!) do set /A i+=1 & set ALLOC[!i!]=%%~a +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "" + echo "pcrallocate !BANKS[%%i]!" + echo "" + %TPM_EXE_PATH%pcrallocate !ALLOC[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "powerup" + %TPM_EXE_PATH%powerup > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "startup" + %TPM_EXE_PATH%startup > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "display PCR banks" + %TPM_EXE_PATH%getcapability -cap 5 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "" + echo "PCR Extend" + echo "" + + echo "PCR Reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR Extend !EXTEND[%%i]!" + %TPM_EXE_PATH%pcrextend -ha 16 !EXTEND[%%i]! -if policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%H in (!BANKS[%%i]!) do ( + + echo "PCR Read %%H" + %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the read data %%H" + diff policies/%%Hextaaa0.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + + echo "" + echo "PCR Event" + echo "" + + echo "PCR Reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR Event !EVENT[%%i]!" + %TPM_EXE_PATH%pcrevent -ha 16 -if policies/aaa !EVENT[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%H in (!BANKS[%%i]!) do ( + + echo "Verify Digest %%H" + diff policies/%%Haaa.bin tmp%%H.bin > run.out > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR Read %%H" + %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify Digest %%H" + diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + + echo "" + echo "Event Sequence Complete" + echo "" + + echo "PCR Reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Event sequence start, alg null" + %TPM_EXE_PATH%hashsequencestart -halg null -pwda aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Event Sequence Complete" + %TPM_EXE_PATH%eventsequencecomplete -hs 80000000 -pwds aaa -ha 16 -if policies/aaa !EVENT[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%H in (!BANKS[%%i]!) do ( + + echo "Verify Digest %%H" + diff policies/%%Haaa.bin tmp%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR Read %%H" + %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify Digest %%H" + diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + +) + +echo "PCR Reset" +%TPM_EXE_PATH%pcrreset -ha 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # recreate the primary key that was flushed on the powerup + +echo "Create a platform primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.sh new file mode 100755 index 000000000000..ef8fa2c2003f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpcr.sh @@ -0,0 +1,300 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2019 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# +# for pcrextend +# + +# extend of aaa + 0 pad to digest length using pcrextend, use resettable PCR 16 + +# sha1extaaa0.bin +# 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 +# 98 1a a0 a0 + +# sha256extaaa0.bin +# c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 +# 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb + +# sha384extaaa0.bin +# 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 +# 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df +# 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 + +# sha512extaaa0.bin +# 7f e1 e4 cf 01 52 93 13 6b f1 30 18 30 39 b6 a6 +# 46 ea 00 8b 75 af d0 f8 46 6a 9b fe 53 1a f8 ad +# a8 67 a6 58 28 cf ce 48 60 77 52 9e 54 f1 83 0a +# a4 9a b7 80 56 2b ae a4 9c 67 a8 73 34 ff e7 78 + +# +# for pcrevent +# + +# first hash using hash -ic aaa -ns +# then extend using policymaker + +# sha1 of aaa +# 7e240de74fb1ed08fa08d38063f6a6a91462a815 +# extend +# ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 +# 3e 23 8e a6 + +# sha256 of aaa +# 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0 +# extend +# df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c +# d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab + +# sha384 of aaa +# 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8 +# extend of that +# 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 +# ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 +# 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d + +# sha512 of aaa +# d6f644b19812e97b5d871658d6d3400ecd4787faeb9b8990c1e7608288664be77257104a58d033bcf1a0e0945ff06468ebe53e2dff36e248424c7273117dac09 +# extend of that (using policymaker) +# cb 7f be b3 1c 29 61 24 4c 9c 47 80 84 0d b4 3a +# 76 3f ba 96 ef c1 d9 52 f4 e3 e0 2c 06 8a 31 8a +# e5 3f a0 a7 a1 74 e8 23 e3 07 1a cd c6 52 6f b6 +# 77 6d 07 0f 36 47 27 4d a6 29 db c9 10 a7 6c 2a + +# all these variables are related + +# bank algorithm test pattern is + +BANKS=( \ + "sha1" \ + "sha256" \ + "sha384" \ + "sha512" \ + "sha1 sha256" \ + "sha1 sha384" \ + "sha1 sha512" \ + "sha256 sha384" \ + "sha256 sha512" \ + "sha384 sha512" \ + "sha1 sha256 sha384" \ + "sha1 sha256 sha512" \ + "sha1 sha384 sha512" \ + "sha256 sha384 sha512" \ + "sha1 sha256 sha384 sha512" +) + +# bank extend algorithm test pattern is + +EXTEND=( \ + "-halg sha1" \ + "-halg sha256" \ + "-halg sha384" \ + "-halg sha512" \ + "-halg sha1 -halg sha256" \ + "-halg sha1 -halg sha384" \ + "-halg sha1 -halg sha512" \ + "-halg sha256 -halg sha384" \ + "-halg sha256 -halg sha512" \ + "-halg sha384 -halg sha512" \ + "-halg sha1 -halg sha256 -halg sha384" + "-halg sha1 -halg sha256 -halg sha512" \ + "-halg sha1 -halg sha384 -halg sha512" \ + "-halg sha256 -halg sha384 -halg sha512" \ + "-halg sha1 -halg sha256 -halg sha384 -halg sha512" \ +) + +# bank event file test pattern is + +EVENT=( \ + "-of1 tmpsha1.bin" \ + "-of2 tmpsha256.bin" \ + "-of3 tmpsha384.bin" \ + "-of5 tmpsha512.bin" \ + "-of1 tmpsha1.bin -of2 tmpsha256.bin" \ + "-of1 tmpsha1.bin -of3 tmpsha384.bin" \ + "-of1 tmpsha1.bin -of5 tmpsha512.bin" \ + "-of2 tmpsha256.bin -of3 tmpsha384.bin" \ + "-of2 tmpsha256.bin -of5 tmpsha512.bin" \ + "-of3 tmpsha384.bin -of5 tmpsha512.bin" \ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin" \ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of5 tmpsha512.bin" \ + "-of1 tmpsha1.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" \ + "-of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" \ + "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" +) + +# assuming starts with starts with sha1 sha256 sha384 sha512 + +ALLOC=( \ + "-sha256 -sha384 -sha512" \ + "-sha1 +sha256" \ + "-sha256 +sha384" \ + "-sha384 +sha512" \ + "+sha1 +sha256 -sha512" \ + "-sha256 +sha384" \ + "-sha384 +sha512" \ + "-sha1 +sha256 +sha384 -sha512" \ + "-sha384 +sha512" \ + "-sha256 +sha384" \ + "+sha1 +sha256 -sha512" \ + "-sha384 +sha512" \ + "-sha256 +sha384" \ + "-sha1 +sha256" \ + "+sha1" +) + +# i is iterator over PCR bank allocation patterns +for ((i = 0 ; i < 15 ; i++)) +do + echo "" + echo "pcrallocate ${BANKS[i]}" + echo "" + ${PREFIX}pcrallocate ${ALLOC[i]} > run.out + checkSuccess $? + + echo "powerup" + ${PREFIX}powerup > run.out + checkSuccess $? + + echo "startup" + ${PREFIX}startup > run.out + checkSuccess $? + + echo "display PCR banks" + ${PREFIX}getcapability -cap 5 > run.out + checkSuccess $? + + echo "" + echo "PCR Extend" + echo "" + + echo "PCR Reset banks ${BANKS[i]}" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "PCR Extend ${EXTEND[i]}" + ${PREFIX}pcrextend -ha 16 ${EXTEND[i]} -if policies/aaa > run.out + checkSuccess $? + + for HALG in ${BANKS[i]} + do + + echo "PCR Read ${HALG}" + ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp.bin > run.out + checkSuccess $? + + echo "Verify the read data ${HALG}" + diff policies/${HALG}extaaa0.bin tmp.bin > run.out + checkSuccess $? + + done + + echo "" + echo "PCR Event" + echo "" + + echo "PCR Reset" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "PCR Event ${EVENT[i]}" + ${PREFIX}pcrevent -ha 16 -if policies/aaa ${EVENT[i]} > run.out + checkSuccess $? + + for HALG in ${BANKS[i]} + do + + echo "Verify Digest ${HALG}" + diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out + checkSuccess $? + + echo "PCR Read ${HALG}" + ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out + checkSuccess $? + + echo "Verify Digest ${HALG}" + diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out + checkSuccess $? + + done + + echo "" + echo "Event Sequence Complete" + echo "" + + echo "PCR Reset" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "Event sequence start, alg null" + ${PREFIX}hashsequencestart -halg null -pwda aaa > run.out + checkSuccess $? + + echo "Event Sequence Complete" + ${PREFIX}eventsequencecomplete -hs 80000000 -pwds aaa -ha 16 -if policies/aaa ${EVENT[i]} > run.out + checkSuccess $? + + for HALG in ${BANKS[i]} + do + + echo "Verify Digest ${HALG}" + diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out + checkSuccess $? + + echo "PCR Read ${HALG}" + ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out + checkSuccess $? + + echo "Verify Digest ${HALG}" + diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out + checkSuccess $? + + done + +done + +echo "PCR Reset" +${PREFIX}pcrreset -ha 16 > run.out +checkSuccess $? + +# recreate the primary key that was flushed on the powerup + +initprimary diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.bat new file mode 100644 index 000000000000..8ec32e26f014 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.bat @@ -0,0 +1,2715 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +REM # used for the name in policy ticket + +REM if [ -z $TPM_DATA_DIR ]; then +REM TPM_DATA_DIR=. +REM fi + +setlocal enableDelayedExpansion + +echo "" +echo "Policy Command Code" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM sign with correct policy command code + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy and wrong password" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail, session used " +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +REM quote with bad policy or bad command + +REM echo "Start a policy session" +REM ./startauthsession -se p > run.out +REM IF !ERRORLEVEL! NEQ 0 ( +REM exit /B 1 +REM ) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Quote - PWAP" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Quote - policy, should fail" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # echo "Flush the session" +REM # ./flushcontext -ha 03000000 > run.out +REM # IF !ERRORLEVEL! NEQ 0 ( +REM exit /B 1 +REM ) + + +REM # echo "Start a policy session" +REM # ./startauthsession -se p > run.out +REM # IF !ERRORLEVEL! NEQ 0 ( +REM exit /B 1 +REM ) + +echo "Policy command code - quote" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Quote - policy, should fail" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + + +REM # echo "Flush the session" +REM # ./flushcontext -ha 03000000 > run.out +REM # IF !ERRORLEVEL! NEQ 0 ( +REM exit /B 1 +REM ) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Command Code and Policy Password / Authvalue" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # policypassword + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy password" +%TPM_EXE_PATH%policypassword -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, no password should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, password" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # policyauthvalue + +REM # echo "Start a policy session" +REM # startauthsession -se p > run.out +REM # IF !ERRORLEVEL! NEQ 0 ( +REM exit /B 1 +REM ) + + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, no password should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, password" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Password and Policy Authvalue flags" +echo "" + +for %%C in (policypassword policyauthvalue) do ( + + + echo "Create a signing key under the primary key - policy command code - sign, auth" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code - sign" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy %%C" + %TPM_EXE_PATH%%%C -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy, password" + %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key under the primary key - policy command code - sign" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code - sign" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy and wrong password" + %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush policy session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Policy Signed" +echo "" + +REM # create rsaprivkey.pem +REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 +REM # extract the public key +REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem +REM # sign a test message msg.bin +REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin +REM # +REM # create the policy: +REM # use loadexternal -ns to get the name +REM +REM # sha1 +REM # 00044234c24fc1b9de6693a62453417d2734d7538f6f +REM # sha256 +REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # sha384 +REM # 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +REM # sha512 +REM # 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 +REM +REM # 00000160 plus the above name as text, add a blank line for empty policyRef +REM # to create policies/policysigned$HALG.txt +REM # +REM # 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f +REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # 00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +REM # 00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 +REM # +REM # use sha256 policies, policymaker default (policy session digest +REM # algorithm is separate from Name and signature hash algorithm) +REM # +REM # > policymaker -if policies/policysigned$HALG.txt -of policies/policysigned$HALG.bin -pr +REM # +REM # sha1 +REM # 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 +REM # b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb +REM # sha256 +REM # de bf 9d fa 3c 98 08 0b f1 7d d1 d0 7b 54 fd e1 +REM # 07 93 7f e5 40 50 9e 70 96 aa 73 27 53 b3 83 31 +REM # sha384 +REM # 45 c5 da 90 76 92 3a 70 03 6f df 56 ea e7 df db +REM # 41 e2 01 75 24 49 54 94 66 93 6b c4 fc 88 ab 5c +REM # sha512 +REM # cd 34 96 08 39 ea 40 88 5e fa 7f 37 8b a7 21 f1 +REM # 78 6d 52 bb 93 47 9c 73 45 88 3c dc 1f 09 06 6f +REM # +REM # 80000000 primary key +REM # 80000001 verification public key +REM # 80000002 signing key with policy +REM # 03000000 policy session + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Load external just the public part of PEM at 80000001 - %%H" + %TPM_EXE_PATH%loadexternal -halg %%H -nalg %%H -ipem policies/rsapubkey.pem -ns > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a test message with openssl - %%H" + openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin + + echo "Verify the signature with 80000001 - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if msg.bin -is pssig.bin -raw > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key under the primary key - policy signed - %%H" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysigned%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key under the primary key at 80000002" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy, should fail" + %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Policy signed - sign with PEM key - %%H" + %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg %%H -pwdk rrrr > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get policy digest" + %TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppol.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy signed" + %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy restart, set back to zero" + %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign just expiration (uint32_t 4 zeros) with openssl - %%H" + openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/zero4.bin + + echo "Policy signed, signature generated externally - %%H" + %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg %%H -is pssig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy signed" + %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session - save nonceTPM" + %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy signed with nonceTPM and expiration, create a ticket - %%H" + %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg %%H -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy signed" + %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy ticket" + %TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -na h80000001.bin -tk tkt.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest - policy ticket" + %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the verification public key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +REM # getcapability -cap 1 -pr 80000000 +REM # getcapability -cap 1 -pr 02000000 +REM # getcapability -cap 1 -pr 03000000 + +REM # exit 0 + +echo "" +echo "Policy Secret" +echo "" + +REM # 4000000c platform +REM # 80000000 primary key +REM # 80000001 signing key with policy +REM # 03000000 policy session +REM # 02000001 hmac session + +echo "Change platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key under the primary key - policy secret using platform auth" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, create a ticket" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy secret" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret using primary key, create a ticket" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy secret" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy ticket" +%TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy ticket" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with HMAC session" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy secret" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change platform hierarchy auth back to null" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Secret with NV Auth" +echo "" + +REM Name is +REM 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de +REM 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 +REM 68 1f +REM +REM Policy is +REM c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 +REM 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 + +echo "NV Define Space 0100000" +%TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key under the primary key - policy secret NV auth" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretnv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy secret" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 0100000" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Secret with Object" +echo "" + +REM # Use a externally generated object so that the Name is known and thus +REM # the policy can be precalculated + +REM # Name +REM # 00 0b 64 ac 92 1a 03 5c 72 b3 aa 55 ba 7d b8 b5 +REM # 99 f1 72 6f 52 ec 2f 68 20 42 fc 0e 0d 29 fa e8 +REM # 17 99 + +REM # 000001151 plus the above name as text, add a blank line for empty policyRef +REM # to create policies/policysecretsha256.txt +REM # 00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + +REM # 4b 7f ca c2 b7 c3 ac a2 7c 5c da 9c 71 e6 75 28 +REM # 63 d2 87 d2 33 ec 49 0e 7a be 88 f1 ef 94 5d 5c + +echo "Load the RSA openssl key pair in the NULL hierarchy 80000001" +%TPM_EXE_PATH%loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key under the primary key - policy secret of object 80000001" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -uwa -pol policies/policysecretsha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key 80000002" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - password auth - should fail" +%TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa -pwdk sig > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy secret" +%TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policysecret key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the RSA openssl key pair in the NULL hierarchy, userWithAuth false 80000001" +%TPM_EXE_PATH%loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr -uwa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session - should fail" +%TPM_EXE_PATH%policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the policysecret key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Authorize" +echo "" + +REM # 80000000 primary +REM # 80000001 verification public key, openssl +REM # 80000002 signing key +REM # 03000000 policy session + +REM # Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f +REM # +REM # policyauthorizesha256.txt +REM # 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # +REM # (need blank line for policyRef) +REM # +REM # > policymaker -if policies/policyauthorizesha256.txt -of policies/policyauthorizesha256.bin -pr +REM # +REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 + +echo "Create a signing key with policy authorize" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizesha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load external just the public part of PEM authorizing key" +%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be zero" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policy to approve, aHash input" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Openssl generate aHash" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policyapproved.bin + +echo "Verify the signature to generate ticket" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policyapproved.bin -is pssig.bin -raw -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authorize using the ticket" +%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policyapproved.bin -skn h80000001.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policy authorize" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the verification public key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # getcapability -cap 1 -pr 80000000 +REM # getcapability -cap 1 -pr 02000000 +REM # getcapability -cap 1 -pr 03000000 + +REM # exit 0 + +echo "" +echo "Set Primary Policy" +echo "" + +echo "Platform policy empty" +%TPM_EXE_PATH%setprimarypolicy -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform policy empty, bad password" +%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Set platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform policy empty, bad password" +%TPM_EXE_PATH%setprimarypolicy -hi p > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform policy empty" +%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform policy to policy secret platform auth" +%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change platform hierarchy auth to null with policy secret" +%TPM_EXE_PATH%hierarchychangeauth -hi p -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy PCR no select" +echo "" + +REM # create AND term for policy PCR +REM # > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt +REM # 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709 +REM +REM # convert to binary policy +REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v +REM +REM # 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 +REM # b6 fa 2c 23 + +echo "Create a signing key with policy PCR no select" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -halg sha1 -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy PCR, update with the correct digest" +%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be 6d 38 49 38 ... " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign, should succeed" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy PCR, update with the correct digest" +%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR extend PCR 0, updates pcr counter" +%TPM_EXE_PATH%pcrextend -ha 0 -halg sha1 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign, should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # policypcr0.txt has 20 * 00 + +REM # create AND term for policy PCR +REM # > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt + +REM # convert to binary policy +REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v + +echo "" +echo "Policy PCR" +echo "" + +echo "Create a signing key with policy PCR PCR 16 zero" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Reset PCR 16 back to zero" +%TPM_EXE_PATH%pcrreset -ha 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read PCR 16, should be 00 00 00 00 ..." +%TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign, policy not satisfied - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy PCR, update with the correct digest" +%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be 85 33 11 83" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign, should succeed" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR extend PCR 16" +%TPM_EXE_PATH%pcrextend -ha 16 -halg sha1 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read PCR 0, should be 1d 47 f6 8a ..." +%TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy PCR, update with the wrong digest" +%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be 66 dd e5 e3" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # 01000000 authorizing ndex +REM # 01000001 authorized index +REM # 03000000 policy session +REM # +REM # 4 byte NV index +REM # policynv.txt +REM # policy CC_PolicyNV || args || Name +REM # +REM # policynvargs.txt (binary) +REM # args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==) +REM # hash -hi n -halg sha1 -if policies/policynvargs.txt -v +REM # openssl dgst -sha1 policies/policynvargs.txt +REM # 2c513f149e737ec4063fc1d37aee9beabc4b4bbf +REM # +REM # NV authorizing index +REM # +REM # after defining index and NV write to set written, use +REM # nvreadpublic -ha 01000000 -nalg sha1 +REM # to get name +REM # 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c +REM # +REM # append Name to policynvnv.txt +REM # +REM # convert to binary policy +REM # > policymaker -halg sha1 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v +REM # bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc +REM # +REM # file zero8.bin has 8 bytes of hex zero + +echo "" +echo "Policy NV, NV index authorizing" +echo "" + +echo "Define a setbits index, authorizing index" +%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read public, get Name, not written" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV setbits to set written" +%TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read public, get Name, written" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read, should be zero" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Define an ordinary index, authorized index, policyNV" +%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read public, get Name, not written" +%TPM_EXE_PATH%nvreadpublic -ha 01000001 -nalg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write to set written" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy not satisfied - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy get digest, should be 0" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV to satisfy the policy" +%TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest, should be bc 9b 4c 4f ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy satisfied" +%TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Set bit in authorizing NV index" +%TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read, should be 1" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV to satisfy the policy - should fail" +%TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy get digest, should be 00 00 00 00 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine authorizing index" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine authorized index" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy NV Written" +echo "" + +echo "Define an ordinary index, authorized index, policyNV" +%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read public, get Name, not written" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy not satisfied - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy NV Written no, does not satisfy policy" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy not satisfied - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV Written yes, satisfy policy" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy satisfied but written clear - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write using password, set written" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV Written yes, satisfy policy" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write, policy satisfied" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV Written no" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy NV Written yes - should fail" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine authorizing index" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Signed externally signed cpHash" +echo "" + +REM # NV Index 01000000 has policy OR +REM +REM # Policy A - provisioning: policy written false + policysigned +REM # demo: authorizer signs NV write all zero +REM +REM # Policy B - application: policy written true + policysigned +REM # demo: authorizer signs NV write abcdefgh + +echo "Load external just the public part of PEM at 80000001" +%TPM_EXE_PATH%loadexternal -ipem policies/rsapubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the Name of the signing key at 80000001" +%TPM_EXE_PATH%readpublic -ho 80000001 -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM +REM # construct policy A +REM +REM # policies/policywrittenclrsigned.txt +REM # 0000018f00 +REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # Add the extra blank line here for policyRef +REM +REM # policymaker -if policies/policywrittenclrsigned.txt -of policies/policywrittenclrsigned.bin -pr -ns -v +REM # intermediate policy digest length 32 +REM # 3c 32 63 23 67 0e 28 ad 37 bd 57 f6 3b 4c c3 4d +REM # 26 ab 20 5e f2 2f 27 5c 58 d4 7f ab 24 85 46 6e +REM # intermediate policy digest length 32 +REM # 6b 0d 2d 2b 55 4d 68 ec bc 6c d5 b8 c0 96 c1 70 +REM # 57 5a 95 25 37 56 38 7e 83 d7 76 d9 5b 1b 8e f3 +REM # intermediate policy digest length 32 +REM # 48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 +REM # 18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 +REM # policy digest length 32 +REM # 48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 +REM # 18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 +REM # policy digest: +REM # 480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f2 +REM +REM # construct policy B +REM +REM # policies/policywrittensetsigned.txt +REM # 0000018f01 +REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # Add the extra blank line here for policyRef +REM +REM # policymaker -if policies/policywrittensetsigned.txt -of policies/policywrittensetsigned.bin -pr -ns -v +REM # intermediate policy digest length 32 +REM # f7 88 7d 15 8a e8 d3 8b e0 ac 53 19 f3 7a 9e 07 +REM # 61 8b f5 48 85 45 3c 7a 54 dd b0 c6 a6 19 3b eb +REM # intermediate policy digest length 32 +REM # 7d c2 8f b0 dd 4f ee 97 78 2b 55 43 b1 dc 6b 1e +REM # e2 bc 79 05 d4 a1 f6 8d e2 97 69 5f a9 aa 78 5f +REM # intermediate policy digest length 32 +REM # 09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 +REM # 49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 +REM # policy digest length 32 +REM # 09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 +REM # 49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 +REM # policy digest: +REM # 0943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246 +REM +REM # construct the Policy OR of A and B +REM +REM # policyorwrittensigned.txt - command code plus two policy digests +REM # 00000171480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f20943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246 +REM # policymaker -if policies/policyorwrittensigned.txt -of policies/policyorwrittensigned.bin -pr +REM # policy digest length 32 +REM # 06 00 ae 34 7a 30 b0 67 36 d3 32 85 a0 cc ad 46 +REM # 54 1e 62 71 f5 d0 85 10 a7 ff 0e 90 30 54 d6 c9 + +echo "Define index 01000000 with the policy OR" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi o -sz 8 -pwdn "" -pol policies/policyorwrittensigned.bin -at aw > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the Name of the NV index not written, should be 00 0b ... bb 0b" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # 000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy A - not written" +echo "" + +REM # construct cpHash for Policy A - not written, writing zeros +REM +REM # (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of 0's at offset 0000 +REM # For index auth, authHandle Name and index Name are the same +REM # policies/nvwritecphasha.txt +REM # 00000137000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000800000000000000000000 +REM # policymaker -nz -if policies/nvwritecphasha.txt -of policies/nvwritecphasha.bin -pr -ns +REM # policy digest length 32 +REM # cf 98 1e ee 68 04 3b dd ee 0c ab bc 75 b3 63 be +REM # 3c f9 ee 22 2a 78 b8 26 3f 06 7b b3 55 2c a6 11 +REM # policy digest: +REM # cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611 +REM +REM # construct aHash for Policy A +REM +REM # expiration + cpHashA +REM # policies/nvwriteahasha.txt +REM # 00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611 +REM # just convert to binary, because openssl does the hash before signing +REM # xxd -r -p policies/nvwriteahasha.txt policies/nvwriteahasha.bin + +echo "Policy NV Written no, satisfy policy" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy A first intermediate value 3c 32 63 23 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign aHash with openssl 8813 6530 ..." +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahasha.bin +echo "" + +echo "Policy signed, signature generated externally" +%TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphasha.bin -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy A final value 48 0b 78 2e ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy OR final value 06 00 ae 34 " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write to set written" +%TPM_EXE_PATH%nvwrite -ha 01000000 -if policies/zero8.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy B - written" +echo "" + +echo "Get the new (written) Name of the NV index not written, should be 00 0b f5 75" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # 000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8 +REM +REM # construct cpHash for Policy B +REM +REM # (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of abcdefgh at offset 00000 +REM # For index auth, authHandle Name and index Name are the same +REM # policies/nvwritecphashb.txt +REM # 00000137000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000861626364656667680000 +REM # policymaker -nz -if policies/nvwritecphashb.txt -of policies/nvwritecphashb.bin -pr -ns +REM # policy digest length 32 +REM # df 58 08 f9 ab cb 23 7f 8c d7 c9 09 1c 86 12 2d +REM # 88 6f 02 d4 6e db 53 c8 da 39 bf a2 d6 cf 07 63 +REM # policy digest: +REM # df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763 +REM +REM # construct aHash for Policy B +REM +REM # expiration + cpHashA +REM # policies/nvwriteahashb.txt +REM # 00000000df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763 +REM # just convert to binary, because openssl does the hash before signing +REM # xxd -r -p policies/nvwriteahashb.txt policies/nvwriteahashb.bin + +echo "Policy NV Written yes, satisfy policy" +%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy A first intermediate value f7 88 7d 15 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign aHash with openssl 3700 0a91 ..." +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahashb.bin > run.out +echo "" + +echo "Policy signed, signature generated externally" +%TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphashb.bin -is sig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy B final value 09 43 ba 3c ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Should be policy OR final value 06 00 ae 34 " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write new data" +%TPM_EXE_PATH%nvwrite -ha 01000000 -ic abcdefgh -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Cleanup" +echo "" + +echo "Flush the policy session 03000000" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signature verification key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Undefine the NV Index 01000000" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # test using clockrateadjust +REM # policycphashhash.txt is (hex) 00000130 4000000c 000 +REM # hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v +REM # openssl dgst -sha1 policycphashhash.txt +REM # cpHash is +REM # b5f919bbc01f0ebad02010169a67a8c158ec12f3 +REM # append to policycphash.txt 00000163 + cpHash +REM # policymaker -halg sha1 -if policies/policycphash.txt -of policies/policycphash.bin -pr +REM # 06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f + +echo "" +echo "Policy cpHash" +echo "" + +echo "Set the platform policy to policy cpHash" +%TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust using wrong password - should fail" +%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust, policy not satisfied - should fail" +%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy cpHash, satisfy policy" +%TPM_EXE_PATH%policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest, should be 06 e4 6c f9" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust, policy satisfied but bad command params - should fail" +%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Clockrate adjust, policy satisfied" +%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear the platform policy" +%TPM_EXE_PATH%setprimarypolicy -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Duplication Select with includeObject FALSE" +echo "" + +REM # These tests uses a new parent and object to be duplicated generated +REM # externally. This makes the Names repeatable and permits the +REM # policy to be pre-calculated and static. +REM +REM # command code 00000188 +REM # newParentName +REM # 000b 1a5d f667 7533 4527 37bc 79a5 5ab6 +REM # d9fa 9174 5c03 3dfe 3f82 cdf0 903b a9d6 +REM # 55f1 +REM # includeObject 00 +REM # policymaker -if policies/policydupsel-no.txt -of policies/policydupsel-no.bin -pr -v +REM # 5f 55 ba 2b 69 0f b0 38 ac 15 ff 2a 86 ef 65 66 +REM # be a8 23 68 43 97 4c 3f a7 36 37 72 56 ec bc 45 +REM +REM # 80000000 SK storage primary key +REM # 80000001 NP new parent, the target of the duplication +REM # 80000002 SI signing key, duplicate from SK to NP +REM # 03000000 policy session + +echo "Import the new parent storage key NP under the primary key" +%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -st -pwdk rrrr -opu tmpstpub.bin -opr tmpstpriv.bin -halg sha256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the new parent TPM storage key NP at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpstpub.bin -ipr tmpstpriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Import a signing key SI under the primary key 80000000, with policy duplication select" +%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policydupsel-no.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key SI at 80000002" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy duplication select, object SI 80000002 to new parent NP 80000001" +%TPM_EXE_PATH%policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be 5f 55 ba 2b ...." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001" +%TPM_EXE_PATH%duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the original SI at 80000002 to free object slot for import" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Import signing key SI under new parent TPM storage key NP 80000001" +%TPM_EXE_PATH%import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key SI at 80000002" +%TPM_EXE_PATH%load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the duplicated SI at 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Duplication Select with includeObject TRUE" +echo "" + +REM # command code 00000188 +REM # SI objectName +REM # 000b 6319 28da 1624 3135 3a59 c03a 2ca7 +REM # dbb7 0989 1440 4236 3c7f a838 39d9 da6c +REM # 437a +REM # HP newParentName +REM # 000b +REM # 1a5d f667 7533 4527 37bc 79a5 5ab6 d9fa +REM # 9174 5c03 3dfe 3f82 cdf0 903b a9d6 55f1 +REM # includeObject 01 +REM +REM # policymaker -if policies/policydupsel-yes.txt -of policies/policydupsel-yes.bin -pr -v +REM # 14 64 06 4c 80 cb e3 4f f5 03 82 15 38 62 43 17 +REM # 93 94 8f f1 e8 8a c6 23 4d d1 b0 c5 4c 05 f7 3b +REM +REM # 80000000 SK storage primary key +REM # 80000001 NP new parent, the target of the duplication +REM # 80000002 SI signing key, duplicate from SK to NP +REM # 03000000 policy session + +echo "Import a signing key SI under the primary key 80000000, with policy authorize" +%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key SI with objectName 000b 6319 28da at 80000002" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy duplication select, object SI 80000002 to new parent NP 80000001 with includeObject" +%TPM_EXE_PATH%policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin -io > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest,should be policy to approve, aHash input 14 64 06 4c same as policies/policydupsel-yes.bin" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the original SI at 80000002 to free object slot for loadexternal " +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policydupsel-yes.bin + +echo "Load external just the public part of PEM authorizing key 80000002" +%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature against 80000002 to generate ticket" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/policydupsel-yes.bin -is pssig.bin -raw -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authorize using the ticket" +%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policydupsel-yes.bin -skn h80000002.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the PEM authorizing verification key at 80000002 to free object slot for import" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the original signing key SI at 80000002" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001 000b 1a5d f667" +%TPM_EXE_PATH%duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the original SI at 80000002 to free object slot for import" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Import signing key SI under new parent TPM storage key NP 80000001" +%TPM_EXE_PATH%import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key SI at 80000002" +%TPM_EXE_PATH%load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest" +%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the duplicated SI at 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the new parent TPM storage key NP 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Name Hash" +echo "" + +REM # signing key SI Name +REM # 000b +REM # 6319 28da 1624 3135 3a59 c03a 2ca7 dbb7 +REM # 0989 1440 4236 3c7f a838 39d9 da6c 437a +REM +REM # compute nameHash +REM +REM # nameHash - just a hash, not an extend +REM # policymaker -if policies/pnhnamehash.txt -of policies/pnhnamehash.bin -nz -pr -v -ns +REM # 18 e0 0c 62 77 18 d9 fc 81 22 3d 8a 56 33 7e eb +REM # 0e 7d 98 28 bd 7b c7 29 1d 3c 27 3f 7a c4 04 f1 +REM # 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1 +REM +REM # compute policy (based on +REM +REM # 00000170 TPM_CC_PolicyNameHash +REM # signing key SI Name +REM # 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1 +REM +REM # policymaker -if policies/policynamehash.txt -of policies/policynamehash.bin -pr -v +REM # 96 30 f9 00 c3 4c 66 09 c1 c5 92 41 78 c1 b2 3d +REM # 9f d4 93 f4 f9 c2 98 c8 30 4a e3 0f 97 a2 fd 49 +REM +REM # 80000000 SK storage primary key +REM # 80000001 SI signing key +REM # 80000002 Authorizing public key +REM # 03000000 policy session + +echo "Import a signing key SI under the primary key 80000000, with policy authorize" +%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key SI at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest using the password" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy name hash, object SI 80000001" +%TPM_EXE_PATH%policynamehash -ha 03000000 -nh policies/pnhnamehash.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policy to approve, 96 30 f9 00" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policynamehash.bin + +echo "Load external just the public part of PEM authorizing key 80000002" +%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature against 80000002 to generate ticket" +%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/policynamehash.bin -is pssig.bin -raw -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authorize using the ticket" +%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policynamehash.bin -skn h80000002.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be eb a3 f9 8c ...." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest using the policy" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key at 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the authorizing key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # test using clockrateadjust and platform policy + +REM # operand A time is 64 bits at offset 0, operation GT (2) +REM # 0000016d 0000 0000 0000 0000 | 0000 | 0002 +REM # +REM # convert to binary policy +REM # > policymaker -halg sha1 -if policies/policycountertimer.txt -of policies/policycountertimer.bin -pr -v +REM # e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd +REM # aa 26 42 9a + +echo "" +echo "Policy Counter Timer" +echo "" + +echo "Set the platform policy to policy " +%TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust using wrong password - should fail" +%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust, policy not satisfied - should fail" +%TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail" +%TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy counter timer, zero operandB, op GT satisfy policy" +%TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest, should be e6 84 81 27" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clockrate adjust, policy satisfied" +%TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear the platform policy" +%TPM_EXE_PATH%setprimarypolicy -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # policyccsign.txt 0000016c 0000015d (policy command code | sign) +REM # policyccquote.txt 0000016c 00000158 (policy command code | quote) +REM # +REM # > policymaker -if policies/policyccsign.txt -of policies/policyccsign.bin -pr -v +REM # cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811 +REM # +REM # > policymaker -if policies/policyccquote.txt -of policies/policyccquote.bin -pr -v +REM # a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27 +REM # +REM # policyor.txt is CC_PolicyOR || digests +REM # 00000171 | cc69 ... | a039 ... +REM # > policymaker -if policies/policyor.txt -of policies/policyor.bin -pr -v +REM # 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 +REM # 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db + +echo "" +echo "PolicyOR" +echo "" + +echo "Create an unrestricted signing key, policy command code sign or quote" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyor.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - should fail" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Quote - should fail" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Get time - should fail, policy not set" +%TPM_EXE_PATH%gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy OR - should fail" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest, should be cc 69 18 b2" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest, should be 6b fe c2 3a" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign with policy OR" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Quote - should fail, wrong command code" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Command code - quote, digest a0 39 ca d5" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000158 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR, digest 6b fe c2 3a" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Quote with policy OR" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Command code - gettime 7a 3e bd aa" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000014c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR, gettime not an AND term - should fail" +%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # There are times that a policy creator has TPM, PEM, or DER format +REM # information, but does not have access to a TPM. The publicname +REM # utility accepts these inputs and outputs the name in the 'no spaces' +REM # format suitable for pasting into a policy. + +echo "" +echo "publicname RSA" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create an rsa %%H key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -rsa 2048 -nalg %%H -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the rsa %%H key 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Compute the TPM2B_PUBLIC Name" + %TPM_EXE_PATH%publicname -ipu tmppub.bin -on tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the TPM2B_PUBLIC result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Convert the rsa public key to PEM format" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the rsa %%H key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "loadexternal the rsa PEM public key" + %TPM_EXE_PATH%loadexternal -ipem tmppub.pem -si -rsa -nalg %%H -halg %%H -scheme rsassa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Compute the PEM Name" + %TPM_EXE_PATH%publicname -ipem tmppub.pem -rsa -si -nalg %%H -halg %%H -on tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the PEM result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Convert the TPM PEM key to DER" + openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin + echo "INFO:" + + echo "Compute the DER Name" + %TPM_EXE_PATH%publicname -ider tmppub.der -rsa -si -nalg %%H -halg %%H -on tmp.bin -v > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the DER result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the rsa %%H key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "publicname ECC" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create an ecc nistp256 %%H key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -nalg %%H -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the ecc %%H key 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Compute the TPM2B_PUBLIC Name" + %TPM_EXE_PATH%publicname -ipu tmppub.bin -on tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the TPM2B_PUBLIC result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Convert the ecc public key to PEM format" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the ecc %%H key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "loadexternal the ecc PEM public key" + %TPM_EXE_PATH%loadexternal -ipem tmppub.pem -si -ecc -nalg %%H -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Compute the PEM Name" + %TPM_EXE_PATH%publicname -ipem tmppub.pem -ecc -si -nalg %%H -halg %%H -on tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the PEM result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Convert the TPM PEM key to DER" + openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin -pubout + echo "INFO:" + + echo "Compute the DER Name" + %TPM_EXE_PATH%publicname -ider tmppub.der -ecc -si -nalg %%H -halg %%H -on tmp.bin -v > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the DER result" + diff tmp.bin h80000001.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the ecc %%H key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "publicname NV" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "NV Define Space %%H" + %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -sz 16 -nalg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Read Public" + %TPM_EXE_PATH%nvreadpublic -ha 01000000 -opu tmppub.bin -on tmpname.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Compute the NV Index Name" + %TPM_EXE_PATH%publicname -invpu tmppub.bin -on tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the NV Index result" + diff tmp.bin tmpname.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "NV Undefine Space" + %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rm pssig.bin +rm run.out +rm sig.bin +rm tkt.bin +rm tmp.bin +rm tmpdup.bin +rm tmphkey.bin +rm tmpname.bin +rm tmppol.bin +rm tmppriv.bin +rm tmppub.bin +rm tmppub.der +rm tmppub.pem +rm tmpsig.bin +rm tmpsipriv.bin +rm tmpsipriv1.bin +rm tmpsipub.bin +rm tmpss.bin +rm tmpstpriv.bin +rm tmpstpub.bin + +exit /B 0 + +REM # getcapability -cap 1 -pr 80000000 +REM # getcapability -cap 1 -pr 01000000 +REM # getcapability -cap 1 -pr 02000000 +REM # getcapability -cap 1 -pr 03000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.sh new file mode 100755 index 000000000000..ba7a7ab6f36c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy.sh @@ -0,0 +1,2031 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# used for the name in policy ticket + +if [ -z $TPM_DATA_DIR ]; then + TPM_DATA_DIR=. +fi + + +echo "" +echo "Policy Command Code" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out +checkSuccess $? + +# sign with correct policy command code +# cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 +# 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy get digest - should be cc69 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy and wrong password" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail, session used " +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +# quote with bad policy or bad command + +# echo "Start a policy session" +# ${PREFIX}startauthsession -se p > run.out +# checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Quote - PWAP" +${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out +checkSuccess $? + +echo "Quote - policy, should fail" +${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +# echo "Flush the session" +# ${PREFIX}flushcontext -ha 03000000 > run.out +# checkSuccess $? + +# echo "Start a policy session" +# ${PREFIX}startauthsession -se p > run.out +# checkSuccess $? + +echo "Policy command code - quote" +${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out +checkSuccess $? + +echo "Quote - policy, should fail" +${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +# echo "Flush the session" +# ${PREFIX}flushcontext -ha 03000000 > run.out +# checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy Command Code and Policy Password / Authvalue" +echo "" + +echo "Create a signing key under the primary key - policy command code - sign, auth" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +# policypassword + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy password" +${PREFIX}policypassword -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy, no password should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Sign a digest - policy, password" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out +checkSuccess $? + +# policyauthvalue + +# echo "Start a policy session" +# ${PREFIX}startauthsession -se p > run.out +# checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy, no password should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Sign a digest - policy, password" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy Password and Policy Authvalue flags" +echo "" + +for COMMAND in policypassword policyauthvalue + +do + + echo "Create a signing key under the primary key - policy command code - sign, auth" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out + checkSuccess $? + + echo "Load the signing key under the primary key" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a policy session" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Policy command code - sign" + ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out + checkSuccess $? + + echo "Policy ${COMMAND}" + ${PREFIX}${COMMAND} -ha 03000000 > run.out + checkSuccess $? + + echo "Sign a digest - policy, password" + ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out + checkSuccess $? + + echo "Flush signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Create a signing key under the primary key - policy command code - sign" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out + checkSuccess $? + + echo "Load the signing key under the primary key" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Policy command code - sign" + ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out + checkSuccess $? + + echo "Sign a digest - policy and wrong password" + ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out + checkSuccess $? + + echo "Flush signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush policy session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + +done + +echo "" +echo "Policy Signed" +echo "" + +# create rsaprivkey.pem +# > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 +# extract the public key +# > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem +# sign a test message msg.bin +# > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin +# +# create the policy: +# use loadexternal -ns to get the name + +# sha1 +# 00044234c24fc1b9de6693a62453417d2734d7538f6f +# sha256 +# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# sha384 +# 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +# sha512 +# 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 + +# 00000160 plus the above name as text, add a blank line for empty policyRef +# to create policies/policysigned$HALG.txt +# +# 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f +# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# 00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +# 00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 +# +# use sha256 policies, policymaker default (policy session digest +# algorithm is separate from Name and signature hash algorithm) +# +# > policymaker -if policies/policysigned$HALG.txt -of policies/policysigned$HALG.bin -pr +# +# sha1 +# 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 +# b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb +# sha256 +# de bf 9d fa 3c 98 08 0b f1 7d d1 d0 7b 54 fd e1 +# 07 93 7f e5 40 50 9e 70 96 aa 73 27 53 b3 83 31 +# sha384 +# 45 c5 da 90 76 92 3a 70 03 6f df 56 ea e7 df db +# 41 e2 01 75 24 49 54 94 66 93 6b c4 fc 88 ab 5c +# sha512 +# cd 34 96 08 39 ea 40 88 5e fa 7f 37 8b a7 21 f1 +# 78 6d 52 bb 93 47 9c 73 45 88 3c dc 1f 09 06 6f +# +# 80000000 primary key +# 80000001 verification public key +# 80000002 signing key with policy +# 03000000 policy session + +for HALG in ${ITERATE_ALGS} +do + + echo "Load external just the public part of PEM at 80000001 - $HALG" + ${PREFIX}loadexternal -halg $HALG -nalg $HALG -ipem policies/rsapubkey.pem -ns > run.out + checkSuccess $? + + echo "Sign a test message with openssl - $HALG" + openssl dgst -$HALG -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin > run.out 2>&1 + + echo "Verify the signature with 80000001 - $HALG" + ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if msg.bin -is pssig.bin -raw > run.out + checkSuccess $? + + echo "Create a signing key under the primary key - policy signed - $HALG" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysigned$HALG.bin > run.out + checkSuccess $? + + echo "Load the signing key under the primary key, at 80000002" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a policy session" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Sign a digest - policy, should fail" + ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + checkFailure $? + + echo "Policy signed, sign with PEM key - $HALG" + ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg $HALG -pwdk rrrr > run.out + checkSuccess $? + + echo "Get policy digest" + ${PREFIX}policygetdigest -ha 03000000 -of tmppol.bin > run.out + checkSuccess $? + + echo "Sign a digest - policy signed" + ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Policy restart, set back to zero" + ${PREFIX}policyrestart -ha 03000000 > run.out + checkSuccess $? + + echo "Sign just expiration (uint32_t 4 zeros) with openssl - $HALG" + openssl dgst -$HALG -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/zero4.bin > run.out 2>&1 + + echo "Policy signed, signature generated externally - $HALG" + ${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg $HALG -is pssig.bin > run.out + checkSuccess $? + + echo "Sign a digest - policy signed" + ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + checkSuccess $? + + echo "Start a policy session - save nonceTPM" + ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out + checkSuccess $? + + echo "Policy signed with nonceTPM and expiration, create a ticket - $HALG" + ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg $HALG -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out + checkSuccess $? + + echo "Sign a digest - policy signed" + ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + checkSuccess $? + + echo "Start a policy session" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Policy ticket" + ${PREFIX}policyticket -ha 03000000 -to to.bin -na ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out + checkSuccess $? + + echo "Sign a digest - policy ticket" + ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out + checkSuccess $? + + echo "Flush the verification public key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 +# getcapability -cap 1 -pr 03000000 + +# exit 0 + +echo "" +echo "Policy Secret with Platform Auth" +echo "" + +# 4000000c platform +# 80000000 primary key +# 80000001 signing key with policy +# 03000000 policy session +# 02000001 hmac session + +echo "Change platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Create a signing key under the primary key - policy secret using platform auth" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretp.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -on noncetpm.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkFailure $? + +echo "Policy Secret with PWAP session, create a ticket" +${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy secret" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -on noncetpm.bin > run.out +checkSuccess $? + +echo "Policy Secret using primary key, create a ticket" +${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy secret" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy ticket" +${PREFIX}policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy ticket" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -on noncetpm.bin > run.out +checkSuccess $? + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Policy Secret with HMAC session" +${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out +checkSuccess $? + +echo "Sign a digest - policy secret" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Change platform hierarchy auth back to null" +${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy Secret with NV Auth" +echo "" + +# Name is +# 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de +# 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 +# 68 1f + +# Policy is +# c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 +# 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 + +echo "NV Define Space 0100000" +${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out +checkSuccess $? + +echo "Create a signing key under the primary key - policy secret NV auth" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretnv.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -on noncetpm.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkFailure $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out +checkSuccess $? + +echo "Sign a digest - policy secret" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "NV Undefine Space 0100000" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + + +echo "" +echo "Policy Secret with Object" +echo "" + +# Use a externally generated object so that the Name is known and thus +# the policy can be precalculated + +# Name +# 00 0b 64 ac 92 1a 03 5c 72 b3 aa 55 ba 7d b8 b5 +# 99 f1 72 6f 52 ec 2f 68 20 42 fc 0e 0d 29 fa e8 +# 17 99 + +# 000001151 plus the above name as text, add a blank line for empty policyRef +# to create policies/policysecretsha256.txt +# 00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + +# 4b 7f ca c2 b7 c3 ac a2 7c 5c da 9c 71 e6 75 28 +# 63 d2 87 d2 33 ec 49 0e 7a be 88 f1 ef 94 5d 5c + +echo "Load the RSA openssl key pair in the NULL hierarchy 80000001" +${PREFIX}loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr > run.out +checkSuccess $? + +echo "Create a signing key under the primary key - policy secret of object 80000001" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -uwa -pol policies/policysecretsha256.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key 80000002" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Sign a digest - password auth - should fail" +${PREFIX}sign -hk 80000002 -if policies/aaa -pwdk sig > run.out +checkFailure $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out +checkSuccess $? + +echo "Sign a digest - policy secret" +${PREFIX}sign -hk 80000002 -if msg.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Flush the policysecret key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Load the RSA openssl key pair in the NULL hierarchy, userWithAuth false 80000001" +${PREFIX}loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr -uwa > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session - should fail" +${PREFIX}policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out +checkFailure $? + +echo "Flush the policysecret key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "Policy Authorize" +echo "" + +# 80000000 primary +# 80000001 verification public key, openssl +# 80000002 signing key +# 03000000 policy session + +# Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f +# +# policyauthorizesha256.txt +# 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# +# (need blank line for policyRef) +# +# > policymaker -if policies/policyauthorizesha256.txt -of policies/policyauthorizesha256.bin -pr +# +# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 + +echo "Create a signing key with policy authorize" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizesha256.bin > run.out +checkSuccess $? + +echo "Load external just the public part of PEM authorizing key 80000001" +${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +checkSuccess $? + +echo "Load the signing key under the primary key 80000002 " +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Get policy digest, should be zero" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Get policy digest, should be policy to approve, aHash input, same as policies/policyccsign.bin" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policyccsign.bin > run.out 2>&1 + +echo "Verify the signature to generate ticket 80000001" +${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/policyccsign.bin -is pssig.bin -raw -tk tkt.bin > run.out +checkSuccess $? + +echo "Policy authorize using the ticket" +${PREFIX}policyauthorize -ha 03000000 -appr policies/policyccsign.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Get policy digest, should be policy authorize" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the verification public key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +# getcapability -cap 1 -pr 80000000 +# getcapability -cap 1 -pr 02000000 +# getcapability -cap 1 -pr 03000000 + +# exit 0 + +echo "" +echo "Set Primary Policy" +echo "" + +echo "Platform policy empty" +${PREFIX}setprimarypolicy -hi p > run.out +checkSuccess $? + +echo "Platform policy empty, bad password" +${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out +checkFailure $? + +echo "Set platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Platform policy empty, bad password" +${PREFIX}setprimarypolicy -hi p > run.out +checkFailure $? + +echo "Platform policy empty" +${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Platform policy to policy secret platform auth" +${PREFIX}setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy Secret with PWAP session" +${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out +checkSuccess $? + +echo "Change platform hierarchy auth to null with policy secret" +${PREFIX}hierarchychangeauth -hi p -se0 03000000 0 > run.out +checkSuccess $? + +echo "" +echo "Policy PCR no select" +echo "" + +# create AND term for policy PCR +# > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt +# 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709 + +# convert to binary policy +# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v + +# 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 +# b6 fa 2c 23 + +echo "Create a signing key with policy PCR no select" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -halg sha1 -se p > run.out +checkSuccess $? + +echo "Policy PCR, update with the correct digest" +${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out +checkSuccess $? + +echo "Policy get digest - should be 6d 38 49 38 ... " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign, should succeed" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy PCR, update with the correct digest" +${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out +checkSuccess $? + +echo "PCR extend PCR 0, updates pcr counter" +${PREFIX}pcrextend -ha 0 -halg sha1 -if policies/aaa > run.out +checkSuccess $? + +echo "Sign, should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Flush the policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy PCR 16" +echo "" + +# policypcr0.txt has 20 * 00 + +# create AND term for policy PCR +# > policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt +# 0000017f000000010004030000016768033e216468247bd031a0a2d9876d79818f8f + +# convert to binary policy +# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v + +# 85 33 11 83 19 03 12 f5 e8 3c 60 43 34 6f 9f 37 +# 21 04 76 8e + +echo "Create a signing key with policy PCR PCR 16 zero" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Reset PCR 16 back to zero" +${PREFIX}pcrreset -ha 16 > run.out +checkSuccess $? + +echo "Read PCR 16, should be 00 00 00 00 ..." +${PREFIX}pcrread -ha 16 -halg sha1 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Sign, policy not satisfied - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkFailure $? + +echo "Policy PCR, update with the correct digest" +${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out +checkSuccess $? + +echo "Policy get digest - should be 85 33 11 83 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign, should succeed" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "PCR extend PCR 16" +${PREFIX}pcrextend -ha 16 -halg sha1 -if policies/aaa > run.out +checkSuccess $? + +echo "Read PCR 0, should be 1d 47 f6 8a ..." +${PREFIX}pcrread -ha 16 -halg sha1 > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Policy PCR, update with the wrong digest" +${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out +checkSuccess $? + +echo "Policy get digest - should be 66 dd e5 e3" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out +checkFailure $? + +echo "Flush the policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# 01000000 authorizing index +# 01000001 authorized index +# 03000000 policy session +# +# 4 byte NV index +# policynv.txt +# policy CC_PolicyNV || args || Name +# +# policynvargs.txt (binary) +# args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==) +# hash -hi n -halg sha1 -if policies/policynvargs.txt -v +# openssl dgst -sha1 policies/policynvargs.txt +# 2c513f149e737ec4063fc1d37aee9beabc4b4bbf +# +# NV authorizing index +# +# after defining index and NV write to set written, use +# ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 +# to get name +# 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c +# +# append Name to policynvnv.txt +# +# convert to binary policy +# > policymaker -halg sha1 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v +# bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc +# +# file zero8.bin has 8 bytes of hex zero + +echo "" +echo "Policy NV, NV index authorizing" +echo "" + +echo "Define a setbits index, authorizing index" +${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out +checkSuccess $? + +echo "NV Read public, get Name, not written" +${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out +checkSuccess $? + +echo "NV setbits to set written" +${PREFIX}nvsetbits -ha 01000000 -pwdn nnn > run.out +checkSuccess $? + +echo "NV Read public, get Name, written" +${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out +checkSuccess $? + +echo "NV Read, should be zero" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +checkSuccess $? + +echo "Define an ordinary index, authorized index, policyNV" +${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out +checkSuccess $? + +echo "NV Read public, get Name, not written" +${PREFIX}nvreadpublic -ha 01000001 -nalg sha1 > run.out +checkSuccess $? + +echo "NV write to set written" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "NV write, policy not satisfied - should fail" +${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy get digest, should be 0" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy NV to satisfy the policy" +${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out +checkSuccess $? + +echo "Policy get digest, should be bc 9b 4c 4f ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "NV write, policy satisfied" +${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out +checkSuccess $? + +echo "Set bit in authorizing NV index" +${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out +checkSuccess $? + +echo "NV Read, should be 1" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +checkSuccess $? + +echo "Policy NV to satisfy the policy - should fail" +${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out +checkFailure $? + +echo "Policy get digest, should be 00 00 00 00 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "NV Undefine authorizing index" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "NV Undefine authorized index" +${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out +checkSuccess $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "Policy NV Written" +echo "" + +echo "Define an ordinary index, authorized index, policyNV" +${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out +checkSuccess $? + +echo "NV Read public, get Name, not written" +${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "NV write, policy not satisfied - should fail" +${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy NV Written no, does not satisfy policy" +${PREFIX}policynvwritten -hs 03000000 -ws n > run.out +checkSuccess $? + +echo "NV write, policy not satisfied - should fail" +${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +checkFailure $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Policy NV Written yes, satisfy policy" +${PREFIX}policynvwritten -hs 03000000 -ws y > run.out +checkSuccess $? + +echo "NV write, policy satisfied but written clear - should fail" +${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +checkFailure $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "NV write using password, set written" +${PREFIX}nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Policy NV Written yes, satisfy policy" +${PREFIX}policynvwritten -hs 03000000 -ws y > run.out +checkSuccess $? + +echo "NV write, policy satisfied" +${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out +checkSuccess $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Policy NV Written no" +${PREFIX}policynvwritten -hs 03000000 -ws n > run.out +checkSuccess $? + +echo "Policy NV Written yes - should fail" +${PREFIX}policynvwritten -hs 03000000 -ws y > run.out +checkFailure $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "NV Undefine authorizing index" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "" +echo "Policy Signed externally signed cpHash" +echo "" + +# NV Index 01000000 has policy OR + +# Policy A - provisioning: policy written false + policysigned +# demo: authorizer signs NV write all zero + +# Policy B - application: policy written true + policysigned +# demo: authorizer signs NV write abcdefgh + +echo "Load external just the public part of PEM at 80000001" +${PREFIX}loadexternal -ipem policies/rsapubkey.pem > run.out +checkSuccess $? + +echo "Get the Name of the signing key at 80000001" +${PREFIX}readpublic -ho 80000001 -ns > run.out +checkSuccess $? +# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 + +# construct policy A + +# policies/policywrittenclrsigned.txt +# 0000018f00 +# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# Add the extra blank line here for policyRef + +# policymaker -if policies/policywrittenclrsigned.txt -of policies/policywrittenclrsigned.bin -pr -ns -v +# intermediate policy digest length 32 +# 3c 32 63 23 67 0e 28 ad 37 bd 57 f6 3b 4c c3 4d +# 26 ab 20 5e f2 2f 27 5c 58 d4 7f ab 24 85 46 6e +# intermediate policy digest length 32 +# 6b 0d 2d 2b 55 4d 68 ec bc 6c d5 b8 c0 96 c1 70 +# 57 5a 95 25 37 56 38 7e 83 d7 76 d9 5b 1b 8e f3 +# intermediate policy digest length 32 +# 48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 +# 18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 +# policy digest length 32 +# 48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 +# 18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 +# policy digest: +# 480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f2 + +# construct policy B + +# policies/policywrittensetsigned.txt +# 0000018f01 +# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# Add the extra blank line here for policyRef + +# policymaker -if policies/policywrittensetsigned.txt -of policies/policywrittensetsigned.bin -pr -ns -v +# intermediate policy digest length 32 +# f7 88 7d 15 8a e8 d3 8b e0 ac 53 19 f3 7a 9e 07 +# 61 8b f5 48 85 45 3c 7a 54 dd b0 c6 a6 19 3b eb +# intermediate policy digest length 32 +# 7d c2 8f b0 dd 4f ee 97 78 2b 55 43 b1 dc 6b 1e +# e2 bc 79 05 d4 a1 f6 8d e2 97 69 5f a9 aa 78 5f +# intermediate policy digest length 32 +# 09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 +# 49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 +# policy digest length 32 +# 09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 +# 49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 +# policy digest: +# 0943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246 + +# construct the Policy OR of A and B + +# policyorwrittensigned.txt - command code plus two policy digests +# 00000171480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f20943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246 +# policymaker -if policies/policyorwrittensigned.txt -of policies/policyorwrittensigned.bin -pr +# policy digest length 32 +# 06 00 ae 34 7a 30 b0 67 36 d3 32 85 a0 cc ad 46 +# 54 1e 62 71 f5 d0 85 10 a7 ff 0e 90 30 54 d6 c9 + +echo "Define index 01000000 with the policy OR" +${PREFIX}nvdefinespace -ha 01000000 -hi o -sz 8 -pwdn "" -pol policies/policyorwrittensigned.bin -at aw > run.out +checkSuccess $? + +echo "Get the Name of the NV index not written, should be 00 0b ... bb 0b" +${PREFIX}nvreadpublic -ha 01000000 -ns > run.out +checkSuccess $? + +# 000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "" +echo "Policy A - not written" +echo "" + +# construct cpHash for Policy A - not written, writing zeros + +# (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of 0's at offset 0000 +# For index auth, authHandle Name and index Name are the same +# policies/nvwritecphasha.txt +# 00000137000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000800000000000000000000 +# policymaker -nz -if policies/nvwritecphasha.txt -of policies/nvwritecphasha.bin -pr -ns +# policy digest length 32 +# cf 98 1e ee 68 04 3b dd ee 0c ab bc 75 b3 63 be +# 3c f9 ee 22 2a 78 b8 26 3f 06 7b b3 55 2c a6 11 +# policy digest: +# cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611 + +# construct aHash for Policy A + +# expiration + cpHashA +# policies/nvwriteahasha.txt +# 00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611 +# just convert to binary, because openssl does the hash before signing +# xxd -r -p policies/nvwriteahasha.txt policies/nvwriteahasha.bin + +echo "Policy NV Written no, satisfy policy" +${PREFIX}policynvwritten -hs 03000000 -ws n > run.out +checkSuccess $? + +echo "Should be policy A first intermediate value 3c 32 63 23 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign aHash with openssl 8813 6530 ..." +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahasha.bin > run.out 2>&1 +echo "" + +echo "Policy signed, signature generated externally" +${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphasha.bin -is sig.bin > run.out +checkSuccess $? + +echo "Should be policy A final value 48 0b 78 2e ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out +checkSuccess $? + +echo "Should be policy OR final value 06 00 ae 34 " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "NV write to set written" +${PREFIX}nvwrite -ha 01000000 -if policies/zero8.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "" +echo "Policy B - written" +echo "" + +echo "Get the new (written) Name of the NV index not written, should be 00 0b f5 75" +${PREFIX}nvreadpublic -ha 01000000 -ns > run.out +checkSuccess $? + +# 000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8 + +# construct cpHash for Policy B + +# (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of abcdefgh at offset 00000 +# For index auth, authHandle Name and index Name are the same +# policies/nvwritecphashb.txt +# 00000137000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000861626364656667680000 +# policymaker -nz -if policies/nvwritecphashb.txt -of policies/nvwritecphashb.bin -pr -ns +# policy digest length 32 +# df 58 08 f9 ab cb 23 7f 8c d7 c9 09 1c 86 12 2d +# 88 6f 02 d4 6e db 53 c8 da 39 bf a2 d6 cf 07 63 +# policy digest: +# df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763 + +# construct aHash for Policy B + +# expiration + cpHashA +# policies/nvwriteahashb.txt +# 00000000df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763 +# just convert to binary, because openssl does the hash before signing +# xxd -r -p policies/nvwriteahashb.txt policies/nvwriteahashb.bin + +echo "Policy NV Written yes, satisfy policy" +${PREFIX}policynvwritten -hs 03000000 -ws y > run.out +checkSuccess $? + +echo "Should be policy A first intermediate value f7 88 7d 15 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign aHash with openssl 3700 0a91 ..." +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahashb.bin > run.out 2>&1 +echo "" + +echo "Policy signed, signature generated externally" +${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphashb.bin -is sig.bin > run.out +checkSuccess $? + +echo "Should be policy B final value 09 43 ba 3c ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out +checkSuccess $? + +echo "Should be policy OR final value 06 00 ae 34 " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "NV write new data" +${PREFIX}nvwrite -ha 01000000 -ic abcdefgh -se0 03000000 1 > run.out +checkSuccess $? + +echo "" +echo "Cleanup" +echo "" + +echo "Flush the policy session 03000000" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the signature verification key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Undefine the NV Index 01000000" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkSuccess $? + +# test using clockrateadjust +# policycphashhash.txt is (hex) 00000130 4000000c 000 +# hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v +# openssl dgst -sha1 policycphashhash.txt +# cpHash is +# b5f919bbc01f0ebad02010169a67a8c158ec12f3 +# append to policycphash.txt 00000163 + cpHash +# policymaker -halg sha1 -if policies/policycphash.txt -of policies/policycphash.bin -pr +# 06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f + +echo "" +echo "Policy cpHash" +echo "" + +echo "Set the platform policy to policy cpHash" +${PREFIX}setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out +checkSuccess $? + +echo "Clockrate adjust using wrong password - should fail" +${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out +checkFailure $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Clockrate adjust, policy not satisfied - should fail" +${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy cpHash, satisfy policy" +${PREFIX}policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out +checkSuccess $? + +echo "Policy get digest, should be 06 e4 6c f9" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Clockrate adjust, policy satisfied but bad command params - should fail" +${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out +checkFailure $? + +echo "Clockrate adjust, policy satisfied" +${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Clear the platform policy" +${PREFIX}setprimarypolicy -hi p > run.out +checkSuccess $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "" +echo "Policy Duplication Select with includeObject FALSE" +echo "" + +# These tests uses a new parent and object to be duplicated generated +# externally. This makes the Names repeatable and permits the +# policy to be pre-calculated and static. + +# command code 00000188 +# newParentName +# 000b 1a5d f667 7533 4527 37bc 79a5 5ab6 +# d9fa 9174 5c03 3dfe 3f82 cdf0 903b a9d6 +# 55f1 +# includeObject 00 +# policymaker -if policies/policydupsel-no.txt -of policies/policydupsel-no.bin -pr -v +# 5f 55 ba 2b 69 0f b0 38 ac 15 ff 2a 86 ef 65 66 +# be a8 23 68 43 97 4c 3f a7 36 37 72 56 ec bc 45 + +# 80000000 SK storage primary key +# 80000001 NP new parent, the target of the duplication +# 80000002 SI signing key, duplicate from SK to NP +# 03000000 policy session + +echo "Import the new parent storage key NP under the primary key" +${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -st -pwdk rrrr -opu tmpstpub.bin -opr tmpstpriv.bin -halg sha256 > run.out +checkSuccess $? + +echo "Load the new parent TPM storage key NP at 80000001" +${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpstpub.bin -ipr tmpstpriv.bin > run.out +checkSuccess $? + +echo "Import a signing key SI under the primary key 80000000, with policy duplication select" +${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policydupsel-no.bin > run.out +checkSuccess $? + +echo "Load the signing key SI at 80000002" +${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy duplication select, object SI 80000002 to new parent NP 80000001" +${PREFIX}policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin > run.out +checkSuccess $? + +echo "Get policy digest, should be 5f 55 ba 2b ...." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001" +${PREFIX}duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the original SI at 80000002 to free object slot for import" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Import signing key SI under new parent TPM storage key NP 80000001" +${PREFIX}import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out +checkSuccess $? + +echo "Load the signing key SI at 80000002" +${PREFIX}load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Flush the duplicated SI at 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "" +echo "Policy Duplication Select with includeObject TRUE" +echo "" + +# command code 00000188 +# SI objectName +# 000b 6319 28da 1624 3135 3a59 c03a 2ca7 +# dbb7 0989 1440 4236 3c7f a838 39d9 da6c +# 437a +# HP newParentName +# 000b +# 1a5d f667 7533 4527 37bc 79a5 5ab6 d9fa +# 9174 5c03 3dfe 3f82 cdf0 903b a9d6 55f1 +# includeObject 01 +# +# policymaker -if policies/policydupsel-yes.txt -of policies/policydupsel-yes.bin -pr -v +# 14 64 06 4c 80 cb e3 4f f5 03 82 15 38 62 43 17 +# 93 94 8f f1 e8 8a c6 23 4d d1 b0 c5 4c 05 f7 3b + +# 80000000 SK storage primary key +# 80000001 NP new parent, the target of the duplication +# 80000002 SI signing key, duplicate from SK to NP +# 03000000 policy session + +echo "Import a signing key SI under the primary key 80000000, with policy authorize" +${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out +checkSuccess $? + +echo "Load the signing key SI with objectName 000b 6319 28da at 80000002" +${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy duplication select, object SI 80000002 to new parent NP 80000001 with includeObject" +${PREFIX}policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin -io > run.out +checkSuccess $? + +echo "Get policy digest, should be policy to approve, aHash input 14 64 06 4c same as policies/policydupsel-yes.bin" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the original SI at 80000002 to free object slot for loadexternal " +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policydupsel-yes.bin > run.out 2>&1 + +echo "Load external just the public part of PEM authorizing key 80000002" +${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +checkSuccess $? + +echo "Verify the signature against 80000002 to generate ticket" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/policydupsel-yes.bin -is pssig.bin -raw -tk tkt.bin > run.out +checkSuccess $? + +echo "Policy authorize using the ticket" +${PREFIX}policyauthorize -ha 03000000 -appr policies/policydupsel-yes.bin -skn ${TPM_DATA_DIR}/h80000002.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Get policy digest" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the PEM authorizing verification key at 80000002 to free object slot for import" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Load the original signing key SI at 80000002" +${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +checkSuccess $? + +echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001 000b 1a5d f667" +${PREFIX}duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the original SI at 80000002 to free object slot for import" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Import signing key SI under new parent TPM storage key NP 80000001" +${PREFIX}import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out +checkSuccess $? + +echo "Load the signing key SI at 80000002" +${PREFIX}load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out +checkSuccess $? + +echo "Sign a digest" +${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Flush the duplicated SI at 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the new parent TPM storage key NP 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy Name Hash" +echo "" + +# signing key SI Name +# 000b +# 6319 28da 1624 3135 3a59 c03a 2ca7 dbb7 +# 0989 1440 4236 3c7f a838 39d9 da6c 437a + +# compute nameHash + +# nameHash - just a hash, not an extend +# policymaker -if policies/pnhnamehash.txt -of policies/pnhnamehash.bin -nz -pr -v -ns +# 18 e0 0c 62 77 18 d9 fc 81 22 3d 8a 56 33 7e eb +# 0e 7d 98 28 bd 7b c7 29 1d 3c 27 3f 7a c4 04 f1 +# 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1 + +# compute policy (based on + +# 00000170 TPM_CC_PolicyNameHash +# signing key SI Name +# 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1 + +# policymaker -if policies/policynamehash.txt -of policies/policynamehash.bin -pr -v +# 96 30 f9 00 c3 4c 66 09 c1 c5 92 41 78 c1 b2 3d +# 9f d4 93 f4 f9 c2 98 c8 30 4a e3 0f 97 a2 fd 49 + +# 80000000 SK storage primary key +# 80000001 SI signing key +# 80000002 Authorizing public key +# 03000000 policy session + +echo "Import a signing key SI under the primary key 80000000, with policy authorize" +${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out +checkSuccess $? + +echo "Load the signing key SI at 80000001" +${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out +checkSuccess $? + +echo "Sign a digest using the password" +${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy name hash, object SI 80000001" +${PREFIX}policynamehash -ha 03000000 -nh policies/pnhnamehash.bin > run.out +checkSuccess $? + +echo "Get policy digest,should be policy to approve, 96 30 f9 00" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policynamehash.bin > run.out 2>&1 + +echo "Load external just the public part of PEM authorizing key 80000002" +${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out +checkSuccess $? + +echo "Verify the signature against 80000002 to generate ticket" +${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/policynamehash.bin -is pssig.bin -raw -tk tkt.bin > run.out +checkSuccess $? + +echo "Policy authorize using the ticket" +${PREFIX}policyauthorize -ha 03000000 -appr policies/policynamehash.bin -skn ${TPM_DATA_DIR}/h80000002.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Get policy digest, should be eb a3 f9 8c ...." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest using the policy" +${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -se0 03000000 0 > run.out +checkSuccess $? + +echo "Verify the signature" +${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out +checkSuccess $? + +echo "Flush the signing key at 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the authorizing key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +# test using clockrateadjust and platform policy + +# operand A time is 64 bits at offset 0, operation GT (2) +# 0000016d 0000 0000 0000 0000 | 0000 | 0002 +# +# convert to binary policy +# > policymaker -halg sha1 -if policies/policycountertimer.txt -of policies/policycountertimer.bin -pr -v +# e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd +# aa 26 42 9a + +echo "" +echo "Policy Counter Timer" +echo "" + +echo "Set the platform policy to policy " +${PREFIX}setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out +checkSuccess $? + +echo "Clockrate adjust using wrong password - should fail" +${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out +checkFailure $? + +echo "Start policy session" +${PREFIX}startauthsession -se p -halg sha1 > run.out +checkSuccess $? + +echo "Clockrate adjust, policy not satisfied - should fail" +${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail" +${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out +checkFailure $? + +echo "Policy counter timer, zero operandB, op GT satisfy policy" +${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out +checkSuccess $? + +echo "Policy get digest, should be e6 84 81 27" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Clockrate adjust, policy satisfied" +${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Clear the platform policy" +${PREFIX}setprimarypolicy -hi p > run.out +checkSuccess $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + + +# policyccsign.txt 0000016c 0000015d (policy command code | sign) +# policyccquote.txt 0000016c 00000158 (policy command code | quote) +# +# > policymaker -if policies/policyccsign.txt -of policies/policyccsign.bin -pr -v +# cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811 +# +# > policymaker -if policies/policyccquote.txt -of policies/policyccquote.bin -pr -v +# a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27 +# +# policyor.txt is CC_PolicyOR || digests +# 00000171 | cc69 ... | a039 ... +# > policymaker -if policies/policyor.txt -of policies/policyor.bin -pr -v +# 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 +# 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db + +echo "" +echo "PolicyOR" +echo "" + +echo "Create an unrestricted signing key, policy command code sign or quote" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyor.bin > run.out +checkSuccess $? + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy get digest" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - should fail" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Quote - should fail" +${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +checkFailure $? + +echo "Get time - should fail, policy not set" +${PREFIX}gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out +checkFailure $? + +echo "Policy OR - should fail" +${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +checkFailure $? + +echo "Policy Command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out +checkSuccess $? + +echo "Policy get digest, should be cc 69 18 b2" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +checkSuccess $? + +echo "Policy get digest, should be 6b fe c2 3a" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign with policy OR" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Policy Command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out +checkSuccess $? + +echo "Policy OR" +${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +checkSuccess $? + +echo "Quote - should fail, wrong command code" +${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy Command code - quote, digest a0 39 ca d5" +${PREFIX}policycommandcode -ha 03000000 -cc 00000158 > run.out +checkSuccess $? + +echo "Policy OR, digest 6b fe c2 3a" +${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +checkSuccess $? + +echo "Quote with policy OR" +${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out +checkSuccess $? + +echo "Policy Command code - gettime 7a 3e bd aa" +${PREFIX}policycommandcode -ha 03000000 -cc 0000014c > run.out +checkSuccess $? + +echo "Policy OR, gettime not an AND term - should fail" +${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out +checkFailure $? + +echo "Flush policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Flush signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# There are times that a policy creator has TPM, PEM, or DER format +# information, but does not have access to a TPM. The publicname +# utility accepts these inputs and outputs the name in the 'no spaces' +# format suitable for pasting into a policy. + +echo "" +echo "publicname RSA" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create an rsa ${HALG} key under the primary key" + ${PREFIX}create -hp 80000000 -rsa 2048 -nalg ${HALG} -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the rsa ${HALG} key 80000001" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Compute the TPM2B_PUBLIC Name" + ${PREFIX}publicname -ipu tmppub.bin -on tmp.bin > run.out + checkSuccess $? + + echo "Verify the TPM2B_PUBLIC result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Convert the rsa public key to PEM format" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Flush the rsa ${HALG} key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "loadexternal the rsa PEM public key" + ${PREFIX}loadexternal -ipem tmppub.pem -si -rsa -nalg ${HALG} -halg ${HALG} -scheme rsassa > run.out + checkSuccess $? + + echo "Compute the PEM Name" + ${PREFIX}publicname -ipem tmppub.pem -rsa -si -nalg ${HALG} -halg ${HALG} -on tmp.bin > run.out + checkSuccess $? + + echo "Verify the PEM result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Convert the TPM PEM key to DER" + openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin > run.out 2>&1 + echo "INFO:" + + echo "Compute the DER Name" + ${PREFIX}publicname -ider tmppub.der -rsa -si -nalg ${HALG} -halg ${HALG} -on tmp.bin -v > run.out + checkSuccess $? + + echo "Verify the DER result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Flush the rsa ${HALG} key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "publicname ECC" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create an ecc nistp256 ${HALG} key under the primary key" + ${PREFIX}create -hp 80000000 -ecc nistp256 -nalg ${HALG} -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ecc ${HALG} key 80000001" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Compute the TPM2B_PUBLIC Name" + ${PREFIX}publicname -ipu tmppub.bin -on tmp.bin > run.out + checkSuccess $? + + echo "Verify the TPM2B_PUBLIC result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Convert the ecc public key to PEM format" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Flush the ecc ${HALG} key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "loadexternal the ecc PEM public key" + ${PREFIX}loadexternal -ipem tmppub.pem -si -ecc -nalg ${HALG} -halg ${HALG} > run.out + checkSuccess $? + + echo "Compute the PEM Name" + ${PREFIX}publicname -ipem tmppub.pem -ecc -si -nalg ${HALG} -halg ${HALG} -on tmp.bin > run.out + checkSuccess $? + + echo "Verify the PEM result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Convert the TPM PEM key to DER" + openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin -pubout > run.out 2>&1 + echo "INFO:" + + echo "Compute the DER Name" + ${PREFIX}publicname -ider tmppub.der -ecc -si -nalg ${HALG} -halg ${HALG} -on tmp.bin -v > run.out + checkSuccess $? + + echo "Verify the DER result" + diff tmp.bin h80000001.bin > run.out + checkSuccess $? + + echo "Flush the ecc ${HALG} key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "publicname NV" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "NV Define Space ${HALG}" + ${PREFIX}nvdefinespace -hi o -ha 01000000 -sz 16 -nalg ${HALG} > run.out + checkSuccess $? + + echo "NV Read Public" + ${PREFIX}nvreadpublic -ha 01000000 -opu tmppub.bin -on tmpname.bin > run.out + checkSuccess $? + + echo "Compute the NV Index Name" + ${PREFIX}publicname -invpu tmppub.bin -on tmp.bin > run.out + checkSuccess $? + + echo "Verify the NV Index result" + diff tmp.bin tmpname.bin > run.out + checkSuccess $? + + echo "NV Undefine Space" + ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out + checkSuccess $? + +done + +# cleanup + +rm -f pssig.bin +rm -f run.out +rm -f sig.bin +rm -f tkt.bin +rm -f tmp.bin +rm -f tmpdup.bin +rm -f tmphkey.bin +rm -f tmpname.bin +rm -f tmppol.bin +rm -f tmppriv.bin +rm -f tmppriv.bin +rm -f tmppub.bin +rm -f tmppub.der +rm -f tmppub.pem +rm -f tmpsig.bin +rm -f tmpsipriv.bin +rm -f tmpsipriv1.bin +rm -f tmpsipub.bin +rm -f tmpss.bin +rm -f tmpstpriv.bin +rm -f tmpstpub.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 01000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 +# ${PREFIX}getcapability -cap 1 -pr 03000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.bat new file mode 100644 index 000000000000..08a45d7b7d21 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.bat @@ -0,0 +1,600 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # $Id: testpolicy138.sh 793 2016-11-10 21:27:40Z kgoldman $ # +REM # # +REM # (c) Copyright IBM Corporation 2016 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# +REM +REM # Policy command code - sign +REM +REM # cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 +REM # 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 +REM +REM # NV index name after written +REM +REM # 000b +REM # 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 +REM # ffac 4996 ea4b 6fba de6d a42b 632d 4918 +REM +REM # Policy Authorize NV with above Name +REM +REM # 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 +REM # ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa +REM +REM # Policy in NV index 01000000 +REM # signing key 80000001 + +setlocal enableDelayedExpansion + +echo "" +echo "Policy Authorize NV" +echo "" + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key, policyauthnv" +%TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizenv.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -sz 50 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV not written, policyauthorizenv - should fail" +%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Write algorithm ID into NV index 01000000" +%TPM_EXE_PATH%nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write policy command code sign into NV index 01000000" +%TPM_EXE_PATH%nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be cc 69 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Authorize NV against 01000000" +%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be 66 1f ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - policy and wrong password" +%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - sign" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Authorize NV against 01000000" +%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Quote - policy, should fail" +%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - quote" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Authorize NV against 01000000 - should fail" +%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session 03000000" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key 80000001 " +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Template" +echo "" + +REM # create template hash +REM +REM # run createprimary -si -v, extract template +REM +REM # policies/policytemplate.txt +REM +REM # 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 +REM # 00 00 00 00 00 00 +REM +REM # policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz +REM # -nz says do not extend, just hash the hexascii line +REM # yields a template hash for policytemplate +REM +REM # ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 +REM # aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 +REM +REM # prepend the command code 00000190 to ef 64 ... and construct the actual object policy +REM # policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin +REM +REM # fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 +REM # 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de + +echo "" +echo "Policy Template with TPM2_Create" +echo "" + +echo "Create a primary storage key policy template, 80000001" +%TPM_EXE_PATH%createprimary -hi p -pol policies/policytemplatehash.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session 03000000" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Template" +%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be fb 94 ... " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create signing key under primary key" +%TPM_EXE_PATH%create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Template with TPM2_CreateLoaded" +echo "" + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Template" +%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be fb 94 ... " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create loaded signing key under primary key" +%TPM_EXE_PATH%createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the created key 80000002" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Policy Template with TPM2_CreatePrimary" +echo "" + +echo "Set primary policy for platform hierarchy" +%TPM_EXE_PATH%setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy restart, set back to zero" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Template" +%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be fb 94 ... " +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create loaded primary signing key policy template, 80000001" +%TPM_EXE_PATH%createprimary -si -hi p -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # +REM # Use case of the PCR brittleness solution using PolicyAuthorize, but +REM # where the authorizing public key is not hard coded in the sealed +REM # blob policy. Rather, it's in an NV Index, so that the authorizing +REM # key can be changed. Here, the authorization to change is platform +REM # auth. The NV index is locked until reboot as a second level of +REM # protection. +REM # + +REM # Policy design + +REM # PolicyAuthorizeNV and Name of NV index AND Unseal +REM # where the NV index holds PolicyAuthorize with the Name of the authorizing signing key +REM # where PolicyAuthorize will authorize command Unseal AND PCR values + +REM # construct Policies + +REM # Provision the NV Index data first. The NV Index Name is needed for the policy +REM # PolicyAuthorize with the Name of the authorizing signing key. + +REM # The authorizing signing key Name can be obtained using the TPM from +REM # loadexternal below. It can also be calculated off line using this +REM # utility + +REM # > publicname -ipem policies/rsapubkey.pem -halg sha256 -nalg sha256 -v -ns + +REM # policyauthorize and CA public key +REM # policies/policyauthorizesha256.txt +REM # 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # (need blank line for policyRef) +REM # > policymaker -halg sha256 -if policies/policyauthorizesha256.txt -pr -v -ns -of policies/policyauthorizesha256.bin +REM # intermediate policy digest length 32 +REM # fc 17 cd 86 c0 4f be ca d7 17 5f ef c7 75 5b 63 +REM # a8 90 49 12 c3 2e e6 9a 4c 99 1a 7b 5a 59 bd 82 +REM # intermediate policy digest length 32 +REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +REM # policy digest length 32 +REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +REM # policy digest: +REM # eba3f98c5eaf1ea8f94f519b4d2a3183ee79876672398e2315d933c288a8e503 + +REM # Once the NV Index Name is known, calculated the sealed blob policy. + +REM # PolicyAuthorizeNV and Name of NV Index AND Unseal +REM # +REM # get NV Index Name from nvreadpublic after provisioning +REM # 000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e +REM # +REM # policies/policyauthorizenv-unseal.txt +REM # +REM # policyauthorizenv and Name of NV Index +REM # 00000192000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e +REM # policy command code unseal +REM # 0000016c0000015e +REM # +REM # > policymaker -halg sha256 -if policies/policyauthorizenv-unseal.txt -of policies/policyauthorizenv-unseal.bin -pr -v -ns +REM # intermediate policy digest length 32 +REM # 2f 7a d9 b7 53 26 35 e5 03 8c e7 7b 8f 63 5e 4c +REM # f9 96 c8 62 18 13 98 94 c2 71 45 e7 7d d5 e8 e8 +REM # intermediate policy digest length 32 +REM # cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 +REM # 33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d +REM # policy digest length 32 +REM # cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 +REM # 33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d +REM # policy digest: +REM # cd1b2426fe10086c5235859422a05969334b8847820d0bd98c431f7ff736345d + +REM # The authorizing signer signs the PCR white list, here just PCR 16 extended with aaa +REM # PCR 16 is the resettable debug PCR, convenient for development + +echo "" +echo "PolicyAuthorizeNV -> PolicyAuthorize -> PolicyPCR" +echo "" + +REM # Initial provisioning (NV Index) + +echo "NV Define Space" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -hia p -sz 34 +at wst +at ar > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write algorithm ID into NV index 01000000" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -off 0 -if policies/sha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write the NV index at offset 2 with policy authorize and the Name of the CA signing key" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -off 2 -if policies/policyauthorizesha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Lock the NV Index" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the NV Index Name to be used above in Policy" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # Initial provisioning (Sealed Data) + +echo "Create a sealed data object" +%TPM_EXE_PATH%create -hp 80000000 -nalg sha256 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -uwa -if msg.bin -pol policies/policyauthorizenv-unseal.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # Once per new PCR approved values, signer authorizing PCRs in policysha256.bin + +echo "Openssl generate and sign aHash (empty policyRef)" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaasha256.bin + +REM # Once per boot, simulating setting PCRs to authorized values, lock +REM # the NV index, which is unloaded at reboot to permit platform auth to +REM # roll the authorized signing key + +echo "Lock the NV Index" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR 16 Reset" +%TPM_EXE_PATH%pcrreset -ha 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Extend PCR 16 to correct value" +%TPM_EXE_PATH%pcrextend -halg sha256 -ha 16 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # At each unseal, or reuse the ticket tkt.bin for its lifetime + +echo "Load external just the public part of PEM authorizing key sha256 80000001" +%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem -ns > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the signature to generate ticket 80000001 sha256" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/policypcr16aaasha256.bin -is pssig.bin -raw -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # Run time unseal + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p -halg sha256 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy PCR, update with the correct PCR 16 value" +%TPM_EXE_PATH%policypcr -halg sha256 -ha 03000000 -bm 10000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy get digest - should be policies/policypcr16aaasha256.bin" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # policyauthorize process + +echo "Policy authorize using the ticket" +%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policypcr16aaasha256.bin -skn h80000001.bin -tk tkt.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policies/policyauthorizesha256.bin" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the authorizing public key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Authorize NV against NV Index 01000000" +%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin intermediate" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - unseal" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin final" +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the sealed data object" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal the data blob" +%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM cleanup + +rm -f tmppriv.bin +rm -f tmppub.bin + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.sh new file mode 100755 index 000000000000..e39120786ee4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testpolicy138.sh @@ -0,0 +1,477 @@ +#!/bin/bash + +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2016 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# used for the name in policy ticket + +if [ -z $TPM_DATA_DIR ]; then + TPM_DATA_DIR=. +fi + +# PolicyCommandCode - sign + +# cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 +# 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 + +# NV index name after written + +# 000b +# 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 +# ffac 4996 ea4b 6fba de6d a42b 632d 4918 + +# PolicyAuthorizeNV with above Name + +# 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 +# ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa + +# Policy in NV index 01000000 +# signing key 80000001 + +echo "" +echo "Policy Authorize NV" +echo "" + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Create a signing key, policyauthnv" +${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizenv.bin > run.out +checkSuccess $? + +echo "Load the signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "NV Define Space" +${PREFIX}nvdefinespace -hi o -ha 01000000 -sz 50 > run.out +checkSuccess $? + +echo "NV not written, policyauthorizenv - should fail" +${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out +checkFailure $? + +echo "Write algorithm ID into NV index 01000000" +${PREFIX}nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out +checkSuccess $? + +echo "Write policy command code sign into NV index 01000000" +${PREFIX}nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out +checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy get digest - should be cc 69 ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy Authorize NV against 01000000" +${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out +checkSuccess $? + +echo "Policy get digest - should be 66 1f ..." +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Sign a digest - policy and wrong password" +${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out +checkSuccess $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy command code - sign" +${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out +checkSuccess $? + +echo "Policy Authorize NV against 01000000" +${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out +checkSuccess $? + +echo "Quote - policy, should fail" +${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy command code - quote" +${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out +checkSuccess $? + +echo "Policy Authorize NV against 01000000 - should fail" +${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out +checkFailure $? + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out +checkSuccess $? + +echo "Flush the policy session 03000000" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the signing key 80000001 " +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Policy Template" +echo "" + +# create template hash + +# run createprimary -si -v, extract template + +# policies/policytemplate.txt + +# 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 +# 00 00 00 00 00 00 + +# policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz +# -nz says do not extend, just hash the hexascii line +# yields a template hash for policytemplate + +# ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 +# aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 + +# prepend the command code 00000190 to ef 64 ... and construct the actual object policy +# policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin + +# fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 +# 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de + +echo "" +echo "Policy Template with TPM2_Create" +echo "" + +echo "Create a primary storage key policy template, 80000001" +${PREFIX}createprimary -hi p -pol policies/policytemplatehash.bin > run.out +checkSuccess $? + +echo "Start a policy session 03000000" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Policy Template" +${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +checkSuccess $? + +echo "Policy get digest - should be fb 94 ... " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Create signing key under primary key" +${PREFIX}create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out +checkSuccess $? + +echo "" +echo "Policy Template with TPM2_CreateLoaded" +echo "" + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy Template" +${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +checkSuccess $? + +echo "Policy get digest - should be fb 94 ... " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Create loaded signing key under primary key" +${PREFIX}createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out +checkSuccess $? + +echo "Flush the primary key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the created key 80000002" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "" +echo "Policy Template with TPM2_CreatePrimary" +echo "" + +echo "Set primary policy for platform hierarchy" +${PREFIX}setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out +checkSuccess $? + +echo "Policy restart, set back to zero" +${PREFIX}policyrestart -ha 03000000 > run.out +checkSuccess $? + +echo "Policy Template" +${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out +checkSuccess $? + +echo "Policy get digest - should be fb 94 ... " +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Create loaded primary signing key policy template, 80000001" +${PREFIX}createprimary -si -hi p -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the primary key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# +# Use case of the PCR brittleness solution using PolicyAuthorize, but +# where the authorizing public key is not hard coded in the sealed +# blob policy. Rather, it's in an NV Index, so that the authorizing +# key can be changed. Here, the authorization to change is platform +# auth. The NV index is locked until reboot as a second level of +# protection. +# + +# Policy design + +# PolicyAuthorizeNV and Name of NV index AND Unseal +# where the NV index holds PolicyAuthorize with the Name of the authorizing signing key +# where PolicyAuthorize will authorize command Unseal AND PCR values + +# construct Policies + +# Provision the NV Index data first. The NV Index Name is needed for the policy +# PolicyAuthorize with the Name of the authorizing signing key. + +# The authorizing signing key Name can be obtained using the TPM from +# loadexternal below. It can also be calculated off line using this +# utility + +# > publicname -ipem policies/rsapubkey.pem -halg sha256 -nalg sha256 -v -ns + +# policyauthorize and CA public key +# policies/policyauthorizesha256.txt +# 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# (need blank line for policyRef) +# > policymaker -halg sha256 -if policies/policyauthorizesha256.txt -pr -v -ns -of policies/policyauthorizesha256.bin +# intermediate policy digest length 32 +# fc 17 cd 86 c0 4f be ca d7 17 5f ef c7 75 5b 63 +# a8 90 49 12 c3 2e e6 9a 4c 99 1a 7b 5a 59 bd 82 +# intermediate policy digest length 32 +# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +# policy digest length 32 +# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +# policy digest: +# eba3f98c5eaf1ea8f94f519b4d2a3183ee79876672398e2315d933c288a8e503 + +# Once the NV Index Name is known, calculated the sealed blob policy. + +# PolicyAuthorizeNV and Name of NV Index AND Unseal +# +# get NV Index Name from nvreadpublic after provisioning +# 000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e +# +# policies/policyauthorizenv-unseal.txt +# +# policyauthorizenv and Name of NV Index +# 00000192000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e +# policy command code unseal +# 0000016c0000015e +# +# > policymaker -halg sha256 -if policies/policyauthorizenv-unseal.txt -of policies/policyauthorizenv-unseal.bin -pr -v -ns +# intermediate policy digest length 32 +# 2f 7a d9 b7 53 26 35 e5 03 8c e7 7b 8f 63 5e 4c +# f9 96 c8 62 18 13 98 94 c2 71 45 e7 7d d5 e8 e8 +# intermediate policy digest length 32 +# cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 +# 33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d +# policy digest length 32 +# cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 +# 33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d +# policy digest: +# cd1b2426fe10086c5235859422a05969334b8847820d0bd98c431f7ff736345d + +# The authorizing signer signs the PCR white list, here just PCR 16 extended with aaa +# PCR 16 is the resettable debug PCR, convenient for development + +echo "" +echo "PolicyAuthorizeNV -> PolicyAuthorize -> PolicyPCR" +echo "" + +# Initial provisioning (NV Index) + +echo "NV Define Space" +${PREFIX}nvdefinespace -ha 01000000 -hi p -hia p -sz 34 +at wst +at ar > run.out +checkSuccess $? + +echo "Write algorithm ID into NV index 01000000" +${PREFIX}nvwrite -ha 01000000 -hia p -off 0 -if policies/sha256.bin > run.out +checkSuccess $? + +echo "Write the NV index at offset 2 with policy authorize and the Name of the CA signing key" +${PREFIX}nvwrite -ha 01000000 -hia p -off 2 -if policies/policyauthorizesha256.bin > run.out +checkSuccess $? + +echo "Lock the NV Index" +${PREFIX}nvwritelock -ha 01000000 -hia p +checkSuccess $? + +echo "Read the NV Index Name to be used above in Policy" +${PREFIX}nvreadpublic -ha 01000000 -ns > run.out +checkSuccess $? + +# Initial provisioning (Sealed Data) + +echo "Create a sealed data object" +${PREFIX}create -hp 80000000 -nalg sha256 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -uwa -if msg.bin -pol policies/policyauthorizenv-unseal.bin > run.out +checkSuccess $? + +# Once per new PCR approved values, signer authorizing PCRs in policysha256.bin + +echo "Openssl generate and sign aHash (empty policyRef) ${HALG}" +openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaasha256.bin > run.out 2>&1 +echo " INFO:" + +# Once per boot, simulating setting PCRs to authorized values, lock +# the NV index, which is unloaded at reboot to permit platform auth to +# roll the authorized signing key + +echo "Lock the NV Index" +${PREFIX}nvwritelock -ha 01000000 -hia p +checkSuccess $? + +echo "PCR 16 Reset" +${PREFIX}pcrreset -ha 16 > run.out +checkSuccess $? + +echo "Extend PCR 16 to correct value" +${PREFIX}pcrextend -halg sha256 -ha 16 -if policies/aaa > run.out +checkSuccess $? + +# At each unseal, or reuse the ticket tkt.bin for its lifetime + +echo "Load external just the public part of PEM authorizing key sha256 80000001" +${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem -ns > run.out +checkSuccess $? + +echo "Verify the signature to generate ticket 80000001 sha256" +${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/policypcr16aaasha256.bin -is pssig.bin -raw -tk tkt.bin > run.out +checkSuccess $? + +# Run time unseal + +echo "Start a policy session" +${PREFIX}startauthsession -se p -halg sha256 > run.out +checkSuccess $? + +echo "Policy PCR, update with the correct PCR 16 value" +${PREFIX}policypcr -halg sha256 -ha 03000000 -bm 10000 > run.out +checkSuccess $? + +echo "Policy get digest - should be policies/policypcr16aaasha256.bin" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +# policyauthorize process + +echo "Policy authorize using the ticket" +${PREFIX}policyauthorize -ha 03000000 -appr policies/policypcr16aaasha256.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out +checkSuccess $? + +echo "Get policy digest, should be policies/policyauthorizesha256.bin" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Flush the authorizing public key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Policy Authorize NV against NV Index 01000000" +${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out +checkSuccess $? + +echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin intermediate" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Policy command code - unseal" +${PREFIX}policycommandcode -ha 03000000 -cc 0000015e > run.out +checkSuccess $? + +echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin final" +${PREFIX}policygetdigest -ha 03000000 > run.out +checkSuccess $? + +echo "Load the sealed data object" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Unseal the data blob" +${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +checkSuccess $? + +echo "Flush the sealed object" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +echo "NV Undefine Space" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +# cleanup + + +rm -f tmppriv.bin +rm -f tmppub.bin + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.bat new file mode 100644 index 000000000000..ab8d9856e3ba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.bat @@ -0,0 +1,224 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM $Id: testprimary.bat 1278 2018-07-23 21:20:42Z kgoldman $ # +REM # +REM (c) Copyright IBM Corporation 2015 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Primary key - CreatePrimary" +echo "" + +echo "Create a primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Read the public part" +%TPM_EXE_PATH%readpublic -ho 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create a storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the primary storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key - should fail" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "" +echo "Primary key - CreatePrimary with no unique field" +echo "" + +REM no unique + +echo "Create a primary storage key with no unique field" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Create a storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the primary storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM empty unique + +echo "Create a primary storage key with no unique field" +touch empty.bin +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu empty.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the original storage key under the primary key with empty unique field" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the primary storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Primary key - CreatePrimary with unique field" +echo "" + +REM unique + +echo "Create a primary storage key with unique field" +touch empty.bin +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the original storage key under the primary key - should fail" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + +echo "Create a storage key under the primary key" +%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the primary storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +REM same unique + +echo "Create a primary storage key with same unique field" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Load the previous storage key under the primary key" +%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "Flush the primary storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.sh new file mode 100755 index 000000000000..073d04f44feb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testprimary.sh @@ -0,0 +1,175 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testprimary.sh 1277 2018-07-23 20:30:23Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015 - 2018 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Primary key - CreatePrimary" +echo "" + +echo "Create a primary storage key" +${PREFIX}createprimary -hi p -pwdk sto > run.out +checkSuccess $? + +echo "Read the public part" +${PREFIX}readpublic -ho 80000001 > run.out +checkSuccess $? + +echo "Create a storage key under the primary key" +${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Load the storage key under the primary key - should fail" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkFailure $? + +echo "" +echo "Primary key - CreatePrimary with no unique field" +echo "" + +# no unique + +echo "Create a primary storage key with no unique field" +${PREFIX}createprimary -hi p -pwdk sto > run.out +checkSuccess $? + +echo "Create a storage key under the primary key" +${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# empty unique + +echo "Create a primary storage key with empty unique field" +touch empty.bin +${PREFIX}createprimary -hi p -pwdk sto -iu empty.bin > run.out +checkSuccess $? + +echo "Load the original storage key under the primary key with empty unique field" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Primary key - CreatePrimary with unique field" +echo "" + +# unique + +echo "Create a primary storage key with unique field" +touch empty.bin +${PREFIX}createprimary -hi p -pwdk sto -iu policies/aaa > run.out +checkSuccess $? + +echo "Load the original storage key under the primary key - should fail" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkFailure $? + +echo "Create a storage key under the primary key" +${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out +checkSuccess $? + +echo "Load the storage key under the primary key" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# same unique + +echo "Create a primary storage key with same unique field" +${PREFIX}createprimary -hi p -pwdk sto -iu policies/aaa > run.out +checkSuccess $? + +echo "Load the previous storage key under the primary key" +${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000002 > run.out +checkSuccess $? + +echo "Flush the primary storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# cleanup + +rm -f empty.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.bat new file mode 100644 index 000000000000..5422a78418e7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.bat @@ -0,0 +1,59 @@ +REM ############################################################################# +REM # +REM TPM2 regression test # +REM Written by Ken Goldman # +REM IBM Thomas J. Watson Research Center # +REM $Id: testrng.bat 480 2015-12-29 22:41:45Z kgoldman $ # +REM # +REM (c) Copyright IBM Corporation 2015 # +REM # +REM All rights reserved. # +REM # +REM Redistribution and use in source and binary forms, with or without # +REM modification, are permitted provided that the following conditions are # +REM met: # +REM # +REM Redistributions of source code must retain the above copyright notice, # +REM this list of conditions and the following disclaimer. # +REM # +REM Redistributions in binary form must reproduce the above copyright # +REM notice, this list of conditions and the following disclaimer in the # +REM documentation and/or other materials provided with the distribution. # +REM # +REM Neither the names of the IBM Corporation nor the names of its # +REM contributors may be used to endorse or promote products derived from # +REM this software without specific prior written permission. # +REM # +REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Random Number Generator" +echo "" + +echo "Stir Random" +%TPM_EXE_PATH%stirrandom -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get Random" +%TPM_EXE_PATH%getrandom -by 64 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.sh new file mode 100755 index 000000000000..5da840df0784 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testrng.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# $Id: testrng.sh 979 2017-04-04 17:57:18Z kgoldman $ # +# # +# (c) Copyright IBM Corporation 2015, 2016 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Random Number Generator" +echo "" + +echo "Stir Random" +${PREFIX}stirrandom -if policies/aaa > run.out +checkSuccess $? + +echo "Get Random" +${PREFIX}getrandom -by 64 > run.out +checkSuccess $? diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.bat new file mode 100644 index 000000000000..789f02810eef --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.bat @@ -0,0 +1,432 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +for %%B in (2048 3072) do ( + + echo "generate the %%B encryption key with openssl" + openssl genrsa -out tmpkeypairrsa%%B.pem -aes256 -passout pass:rrrr 2048 + + echo "Convert key pair to plaintext DER format" + openssl rsa -inform pem -outform der -in tmpkeypairrsa%%B.pem -out tmpkeypairrsa%%B.der -passin pass:rrrr > run.out +) + +echo "" +echo "RSA decryption key" +echo "" + +for %%B in (2048 3072) do ( + + echo "Load the RSA %%B decryption key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr derrsa%%Bpriv.bin -ipu derrsa%%Bpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "RSA encrypt with the %%B encryption key" + %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "RSA decrypt with the %%B decryption key" + %TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + tail --bytes=3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the %%B decryption key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "RSA decryption key to sign with OID" +echo "" + +for %%B in (2048 3072) do ( + + echo "Load the RSA %%B decryption key" + %TPM_EXE_PATH%load -hp 80000000 -ipu derrsa%%Bpub.bin -ipr derrsa%%Bpriv.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + set HSIZ=20 32 48 64 + set HALG=%ITERATE_ALGS% + + set i=0 + for %%a in (!HSIZ!) do set /A i+=1 & set HSIZ[!i!]=%%a + set i=0 + for %%b in (!HALG!) do set /A i+=1 & set HALG[!i!]=%%b + set L=!i! + + for /L %%i in (1,1,!L!) do ( + + echo "Decrypt/Sign with a caller specified OID - !HALG[%%i]!" + %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk dec -ie policies/!HALG[%%i]!aaa.bin -od tmpsig.bin -oid !HALG[%%i]! > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Encrypt/Verify - !HALG[%%i]!" + %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id tmpsig.bin -oe tmpmsg.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify Result - !HALG[%%i]! !HSIZ[%%i]! bytes" + tail --bytes=!HSIZ[%%i]! tmpmsg.bin > tmpdig.bin + diff tmpdig.bin policies/!HALG[%%i]!aaa.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + ) + + echo "Flush the RSA %%B signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + checkSuccess $? + +) + +echo "" +echo "Import PEM RSA encryption key" +echo "" + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%B in (2048 3072) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Import the %%B encryption key under the primary key" + %TPM_EXE_PATH%importpem -hp 80000000 -den -pwdp sto -ipem tmpkeypairrsa%%B.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the TPM encryption key" + %TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign the message %%~S - should fail" + %TPM_EXE_PATH%sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin %%~S > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "RSA encrypt with the encryption key" + %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "RSA decrypt with the decryption key %%~S" + %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + tail --bytes=3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the encryption key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Loadexternal DER encryption key" +echo "" + +for %%B in (2048 3072) do ( + + echo "Start an HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Load the openssl key pair in the NULL hierarchy 80000001" + %TPM_EXE_PATH%loadexternal -den -ider tmpkeypairrsa%%B.der -pwdk rrrr > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "RSA encrypt with the encryption key" + %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "RSA decrypt with the decryption key %%~S" + %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the decrypt result" + tail --bytes=3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the encryption key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + + echo "Flush the session" + %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "" +echo "Encrypt with OpenSSL OAEP, decrypt with TPM" +echo "" + +echo "Create OAEP encryption key" +%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha1 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load encryption key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr tmpprivkey.bin -ipu tmppubkey.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Encrypt using OpenSSL and the PEM public key" +openssl rsautl -oaep -encrypt -inkey tmppubkey.pem -pubin -in policies/aaa -out enc.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Decrypt using TPM key at 80000001" +%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the decrypt result" +diff policies/aaa dec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the encryption key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Child RSA decryption key RSAES" +echo "" + +echo "Create RSAES encryption key" +%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -dee -opr deepriv.bin -opu deepub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load encryption key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr deepriv.bin -ipu deepub.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA encrypt with the encryption key" +%TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA decrypt with the decryption key" +%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the decrypt result" +tail --bytes=3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the encryption key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Primary RSA decryption key RSAES" +echo "" + +echo "Create Primary RSAES encryption key" +%TPM_EXE_PATH%createprimary -hi p -dee -halg sha256 -opem tmppubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA encrypt with the encryption key" +%TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA decrypt with the decryption key" +%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the decrypt result" +tail --bytes=3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the encryption key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Primary Create Loaded RSA decryption key RSAES" +echo "" + +echo "CreateLoaded primary key, storage parent 80000001" +%TPM_EXE_PATH%createloaded -hp 40000001 -dee > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA encrypt with the encryption key" +%TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "RSA decrypt with the decryption key" +%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) +echo "Verify the decrypt result" +tail --bytes=3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the encryption key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM cleanup + +rm -f tmp.bin +rm -f enc.bin +rm -f dec.bin +rm -f deepub.bin +rm -f deepriv.bin +rm -f tmpmsg.bin +rm -f tmpdig.bin +rm -f tmpsig.bin +rm -f tmpkeypairrsa2048.der +rm -f tmpkeypairrsa2048.pem +rm -f tmpkeypairrsa3072.der +rm -f tmpkeypairrsa3072.pem +rm -f tmppubkey.bin +rm -f tmppubkey.pem +rm -f tmpprivkey.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 +REM +REM flushcontext -ha 80000001 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.sh new file mode 100755 index 000000000000..23bf8947b75e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testrsa.sh @@ -0,0 +1,350 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# openssl keys to use in this file + +echo "" +echo "Test RSA" +echo "" + +for BITS in 2048 3072 +do + + echo "generate the RSA $BITS encryption key with openssl" + openssl genrsa -out tmpkeypairrsa${BITS}.pem -aes256 -passout pass:rrrr 2048 > run.out 2>&1 + + echo "Convert key pair to plaintext DER format" + openssl rsa -inform pem -outform der -in tmpkeypairrsa${BITS}.pem -out tmpkeypairrsa${BITS}.der -passin pass:rrrr > run.out 2>&1 + +done + +echo "" +echo "RSA decryption key" +echo "" + +for BITS in 2048 3072 +do + + echo "Load the RSA $BITS decryption key under the primary key" + ${PREFIX}load -hp 80000000 -ipr derrsa${BITS}priv.bin -ipu derrsa${BITS}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "RSA encrypt with the $BITS encryption key" + ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + checkSuccess $? + + echo "RSA decrypt with the ${BITS} decryption key" + ${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out + checkSuccess $? + + echo "Verify the decrypt result" + tail -c 3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + checkSuccess $? + + echo "Flush the $BITS decryption key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "RSA decryption key to sign with OID" +echo "" + +for BITS in 2048 3072 +do + + echo "Load the RSA $BITS decryption key" + ${PREFIX}load -hp 80000000 -ipu derrsa${BITS}pub.bin -ipr derrsa${BITS}priv.bin -pwdp sto > run.out + checkSuccess $? + + HALG=(${ITERATE_ALGS}) + HSIZ=("20" "32" "48" "64") + + for ((i = 0 ; i < 4 ; i++)) + do + + echo "Decrypt/Sign with a caller specified OID - ${HALG[i]}" + ${PREFIX}rsadecrypt -hk 80000001 -pwdk dec -ie policies/${HALG[i]}aaa.bin -od tmpsig.bin -oid ${HALG[i]} > run.out + checkSuccess $? + + echo "Encrypt/Verify - ${HALG[i]}" + ${PREFIX}rsaencrypt -hk 80000001 -id tmpsig.bin -oe tmpmsg.bin > run.out + checkSuccess $? + + echo "Verify Result - ${HALG[i]} ${HSIZ[i]} bytes" + tail -c ${HSIZ[i]} tmpmsg.bin > tmpdig.bin + diff tmpdig.bin policies/${HALG[i]}aaa.bin > run.out + checkSuccess $? + + done + + echo "Flush the RSA ${BITS} decryption key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "Import PEM RSA encryption key" +echo "" + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for BITS in 2048 3072 +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Import the $BITS encryption key under the primary key" + ${PREFIX}importpem -hp 80000000 -den -pwdp sto -ipem tmpkeypairrsa${BITS}.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin > run.out + checkSuccess $? + + echo "Load the TPM encryption key" + ${PREFIX}load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out + checkSuccess $? + + echo "Sign the message ${SESS} - should fail" + ${PREFIX}sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin ${SESS} > run.out + checkFailure $? + + echo "RSA encrypt with the encryption key" + ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + checkSuccess $? + + echo "RSA decrypt with the decryption key ${SESS}" + ${PREFIX}rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + tail -c 3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + checkSuccess $? + + echo "Flush the encryption key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done + +done + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "" +echo "Loadexternal DER encryption key" +echo "" + +for BITS in 2048 3072 +do + + echo "Start an HMAC auth session" + ${PREFIX}startauthsession -se h > run.out + checkSuccess $? + + for SESS in "" "-se0 02000000 1" + do + + echo "Load the openssl key pair in the NULL hierarchy 80000001" + ${PREFIX}loadexternal -den -ider tmpkeypairrsa${BITS}.der -pwdk rrrr > run.out + checkSuccess $? + + echo "RSA encrypt with the encryption key" + ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out + checkSuccess $? + + echo "RSA decrypt with the decryption key ${SESS}" + ${PREFIX}rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin ${SESS} > run.out + checkSuccess $? + + echo "Verify the decrypt result" + tail -c 3 dec.bin > tmp.bin + diff policies/aaa tmp.bin > run.out + checkSuccess $? + + echo "Flush the encryption key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done + + echo "Flush the session" + ${PREFIX}flushcontext -ha 02000000 > run.out + checkSuccess $? + +done + +echo "" +echo "Encrypt with OpenSSL OAEP, decrypt with TPM" +echo "" + +echo "Create OAEP encryption key" +${PREFIX}create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha1 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out +checkSuccess $? + +echo "Load encryption key at 80000001" +${PREFIX}load -hp 80000000 -pwdp sto -ipr tmpprivkey.bin -ipu tmppubkey.bin > run.out +checkSuccess $? + +echo "Encrypt using OpenSSL and the PEM public key" +openssl rsautl -oaep -encrypt -inkey tmppubkey.pem -pubin -in policies/aaa -out enc.bin > run.out 2>&1 +checkSuccess $? + +echo "Decrypt using TPM key at 80000001" +${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +checkSuccess $? + +echo "Verify the decrypt result" +diff policies/aaa dec.bin > run.out +checkSuccess $? + +echo "Flush the encryption key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Child RSA decryption key RSAES" +echo "" + +echo "Create RSAES encryption key" +${PREFIX}create -hp 80000000 -pwdp sto -dee -opr deepriv.bin -opu deepub.bin > run.out +checkSuccess $? + +echo "Load encryption key at 80000001" +${PREFIX}load -hp 80000000 -pwdp sto -ipr deepriv.bin -ipu deepub.bin > run.out +checkSuccess $? + +echo "RSA encrypt with the encryption key" +${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +checkSuccess $? + +echo "RSA decrypt with the decryption key" +${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +checkSuccess $? + +echo "Verify the decrypt result" +tail -c 3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +checkSuccess $? + +echo "Flush the encryption key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Primary RSA decryption key RSAES" +echo "" + +echo "Create Primary RSAES encryption key" +${PREFIX}createprimary -hi p -dee -halg sha256 -opem tmppubkey.pem > run.out +checkSuccess $? + +echo "RSA encrypt with the encryption key" +${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +checkSuccess $? + +echo "RSA decrypt with the decryption key" +${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +checkSuccess $? + +echo "Verify the decrypt result" +tail -c 3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +checkSuccess $? + +echo "Flush the encryption key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Primary Create Loaded RSA decryption key RSAES" +echo "" + +echo "CreateLoaded primary key, storage parent 80000001" +${PREFIX}createloaded -hp 40000001 -dee > run.out +checkSuccess $? + +echo "RSA encrypt with the encryption key" +${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out +checkSuccess $? + +echo "RSA decrypt with the decryption key" +${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out +checkSuccess $? + +echo "Verify the decrypt result" +tail -c 3 dec.bin > tmp.bin +diff policies/aaa tmp.bin > run.out +checkSuccess $? + +echo "Flush the encryption key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# cleanup + +rm -f tmp.bin +rm -f enc.bin +rm -f dec.bin +rm -f deepriv.bin +rm -f deepub.bin +rm -f tmpmsg.bin +rm -f tmpdig.bin +rm -f tmpsig.bin +rm -f tmpkeypairrsa2048.der +rm -f tmpkeypairrsa2048.pem +rm -f tmpkeypairrsa3072.der +rm -f tmpkeypairrsa3072.pem +rm -f tmppubkey.bin +rm -f tmppubkey.pem +rm -f tmpprivkey.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 + +# ${PREFIX}flushcontext -ha 80000001 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.bat new file mode 100644 index 000000000000..774751bd36ba --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.bat @@ -0,0 +1,433 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Salt Session - Load" +echo "" + +for %%A in ("-rsa 2048" "-rsa 3072" "-ecc nistp256") do ( + + for %%H in (%ITERATE_ALGS%) do ( + + REM In general a storage key can be used. A decryption key is + REM used here because the hash algorithm doesn't have to match + REM that of the parent. + + echo "Create a %%A %%H storage key under the primary key " + %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -halg %%H %%~A -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 222 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the %%A storage key 80000001 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a %%A salted HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key using the salt" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +echo "" +echo "Salt Session - Load External" +echo "" + +echo "Create RSA and ECC key pairs in PEM format using openssl" + +openssl genrsa -out tmpkeypairrsa.pem -aes256 -passout pass:rrrr 2048 > run.out +openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out + +echo "Convert key pair to plaintext DER format" + +openssl rsa -inform pem -outform der -in tmpkeypairrsa.pem -out tmpkeypairrsa.der -passin pass:rrrr > run.out +openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Load the RSA openssl key pair in the NULL hierarchy 80000001 - %%H" + %TPM_EXE_PATH%loadexternal -halg %%H -st -ider tmpkeypairrsa.der > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a salted HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key using the salt" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Load the ECC openssl key pair in the NULL hierarchy 80000001 - %%H" + %TPM_EXE_PATH%loadexternal -ecc -halg %%H -st -ider tmpkeypairecc.der > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a salted HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key using the salt" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "" +echo "Salt Session - CreatePrimary storage key" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a primary storage key - %%H" + %TPM_EXE_PATH%createprimary -nalg %%H -hi p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a salted HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a signing key using the salt" + %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Salt Session - CreatePrimary RSA key" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a primary RSA key - %%H" + %TPM_EXE_PATH%createprimary -nalg %%H -halg %%H -hi p -deo > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a salted HMAC auth session" + %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Create a primary HMAC key using the salt" + %TPM_EXE_PATH%createprimary -kh -se0 02000000 0 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the HMAC key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the RSA key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "" +echo "Salt Session - EvictControl" +echo "" + +echo "Load the storage key" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Make the storage key persistent" +%TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a salted HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 81800000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key using the salt" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key from transient memory" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key from persistent memory" +%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Salt Session - ContextSave and ContextLoad" +echo "" + +echo "Load the storage key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save context for the key at 80000001" +%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key at 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load context, new storage key at 80000001" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a salted HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key using the salt" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the context loaded key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Salt Audit Session - PCR Read, Read Public, NV Read Public" +echo "" + +echo "Load the storage key at 80000001" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a salted HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR read with salted audit session" +%TPM_EXE_PATH%pcrread -ha 16 -se0 02000000 81 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read public with salted audit session" +%TPM_EXE_PATH%readpublic -ho 80000001 -se0 02000000 81 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV define space" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Read public with salted audit session" +%TPM_EXE_PATH%nvreadpublic -ha 01000000 -se0 02000000 81 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the salt session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV undefine space" +%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + + +echo "" +echo "Salt Policy Session with policyauthvalue" +echo "" + +echo "Load the RSA storage key 80000001 under the primary key 80000000" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a salted policy session" +%TPM_EXE_PATH%startauthsession -se p -hs 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy command code - create" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy authvalue" +%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key using the salt" +%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the storage key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Salt Policy Session with no policyauthvalue" +echo "" + +echo "Start a salted policy session" +%TPM_EXE_PATH%startauthsession -se p -hs 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a signing key using the salt" +%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -se0 03000000 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -f tmpkeypairrsa.pem +rm -f tmpkeypairecc.pem +rm -f tmpkeypairrsa.der +rm -f tmpkeypairecc.der + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.sh new file mode 100755 index 000000000000..05e0b307136d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testsalt.sh @@ -0,0 +1,347 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "Salt Session - Load" +echo "" + +# mbedtls port does not support ECC salted sessions yet + +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + SALTALGS=("-rsa 2048" "-rsa 3072" "-ecc nistp256") +elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then + SALTALGS=("-rsa 2048") +else + echo "Error: crypto library ${CRYPTOLIBRARY} not supported" + exit 255 +fi + +for ASY in "${SALTALGS[@]}" +do + for HALG in ${ITERATE_ALGS} + do + + # In general a storage key can be used. A decryption key is + # used here because the hash algorithm doesn't have to match + # that of the parent. + + echo "Create a ${ASY} ${HALG} decryption key under the primary key " + ${PREFIX}create -hp 80000000 -nalg ${HALG} -halg ${HALG} ${ASY} -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 222 > run.out + checkSuccess $? + + echo "Load the ${ASY} storage key 80000001 under the primary key" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a ${ASY} salted HMAC auth session" + ${PREFIX}startauthsession -se h -hs 80000001 > run.out + checkSuccess $? + + echo "Create a signing key using the salt" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +done + +echo "" +echo "Salt Session - Load External" +echo "" + +echo "Create RSA and ECC key pairs in PEM format using openssl" + +openssl genrsa -out tmpkeypairrsa.pem -aes256 -passout pass:rrrr 2048 > run.out 2>&1 +openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out 2>&1 + +echo "Convert key pair to plaintext DER format" + +openssl rsa -inform pem -outform der -in tmpkeypairrsa.pem -out tmpkeypairrsa.der -passin pass:rrrr > run.out 2>&1 +openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out 2>&1 + +for HALG in ${ITERATE_ALGS} +do + + echo "Load the RSA openssl key pair in the NULL hierarchy 80000001 - ${HALG}" + ${PREFIX}loadexternal -rsa -halg ${HALG} -st -ider tmpkeypairrsa.der > run.out + checkSuccess $? + + echo "Start a salted HMAC auth session" + ${PREFIX}startauthsession -se h -hs 80000001 > run.out + checkSuccess $? + + echo "Create a signing key using the salt" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + for HALG in ${ITERATE_ALGS} + do + + echo "Load the ECC openssl key pair in the NULL hierarchy 80000001 - ${HALG}" + ${PREFIX}loadexternal -ecc -halg ${HALG} -st -ider tmpkeypairecc.der > run.out + checkSuccess $? + + echo "Start a salted HMAC auth session" + ${PREFIX}startauthsession -se h -hs 80000001 > run.out + checkSuccess $? + + echo "Create a signing key using the salt" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + done +fi + +echo "" +echo "Salt Session - CreatePrimary storage key" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create a primary storage key - $HALG" + ${PREFIX}createprimary -nalg $HALG -hi p > run.out + checkSuccess $? + + echo "Start a salted HMAC auth session" + ${PREFIX}startauthsession -se h -hs 80000001 > run.out + checkSuccess $? + + echo "Create a signing key using the salt" + ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out + checkSuccess $? + + echo "Flush the storage key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "Salt Session - CreatePrimary RSA key" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create a primary RSA key - $HALG" + ${PREFIX}createprimary -nalg $HALG -halg $HALG -hi p -deo > run.out + checkSuccess $? + + echo "Start a salted HMAC auth session" + ${PREFIX}startauthsession -se h -hs 80000001 > run.out + checkSuccess $? + + echo "Create a primary HMAC key using the salt" + ${PREFIX}createprimary -kh -se0 02000000 0 > run.out + checkSuccess $? + + echo "Flush the HMAC key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the RSA key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "Salt Session - EvictControl" +echo "" + +echo "Load the storage key" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Make the storage key persistent" +${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out +checkSuccess $? + +echo "Start a salted HMAC auth session" +${PREFIX}startauthsession -se h -hs 81800000 > run.out +checkSuccess $? + +echo "Create a signing key using the salt" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out +checkSuccess $? + +echo "Flush the storage key from transient memory" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the storage key from persistent memory" +${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out +checkSuccess $? + +echo "" +echo "Salt Session - ContextSave and ContextLoad" +echo "" + +echo "Load the storage key at 80000001" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Save context for the key at 80000001" +${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out +checkSuccess $? + +echo "Flush the storage key at 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Load context, new storage key at 80000001" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Start a salted HMAC auth session" +${PREFIX}startauthsession -se h -hs 80000001 > run.out +checkSuccess $? + +echo "Create a signing key using the salt" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out +checkSuccess $? + +echo "Flush the context loaded key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Salt Audit Session - PCR Read, Read Public, NV Read Public" +echo "" + +echo "Load the storage key at 80000001" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a salted HMAC auth session" +${PREFIX}startauthsession -se h -hs 80000001 > run.out +checkSuccess $? + +echo "PCR read with salted audit session" +${PREFIX}pcrread -ha 16 -se0 02000000 81 > run.out +checkSuccess $? + +echo "Read public with salted audit session" +${PREFIX}readpublic -ho 80000001 -se0 02000000 81 > run.out +checkSuccess $? + +echo "NV define space" +${PREFIX}nvdefinespace -ha 01000000 -hi p > run.out +checkSuccess $? + +echo "NV Read public with salted audit session" +${PREFIX}nvreadpublic -ha 01000000 -se0 02000000 81 > run.out +checkSuccess $? + +echo "Flush the storage key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the salt session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "NV undefine space" +${PREFIX}nvundefinespace -ha 01000000 -hi p > run.out +checkSuccess $? + +echo "" +echo "Salt Policy Session with policyauthvalue" +echo "" + +echo "Load the RSA storage key 80000001 under the primary key 80000000" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a salted policy session" +${PREFIX}startauthsession -se p -hs 80000001 > run.out +checkSuccess $? + +echo "Policy command code - create" +${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out +checkSuccess $? + +echo "Policy authvalue" +${PREFIX}policyauthvalue -ha 03000000 > run.out +checkSuccess $? + +echo "Create a signing key using the salt" +${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -se0 03000000 0 > run.out +checkSuccess $? + +echo "Flush the storage key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Salt Policy Session with no policyauthvalue" +echo "" + +echo "Start a salted policy session" +${PREFIX}startauthsession -se p -hs 80000000 > run.out +checkSuccess $? + +echo "Create a signing key using the salt" +${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -se0 03000000 0 > run.out +checkSuccess $? + +rm -f tmpkeypairrsa.pem +rm -f tmpkeypairecc.pem +rm -f tmpkeypairrsa.der +rm -f tmpkeypairecc.der +# ${PREFIX}getcapability -cap 1 -pr 80000000 + diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.bat new file mode 100644 index 000000000000..05212611949b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.bat @@ -0,0 +1,541 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +REM 01000000 WST +REM 01000001 WD WST +REM 01000002 GL +REM 01000003 GL WD + +setlocal enableDelayedExpansion + +echo "" +echo "TPM Resume (state/state) - suspend" +echo "" + +echo "PCR 0 Extend" +%TPM_EXE_PATH%pcrextend -ha 0 -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR 0 Read" +%TPM_EXE_PATH%pcrread -ha 0 -of tmp1.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save the session context" +%TPM_EXE_PATH%contextsave -ha 02000001 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Context save the signing key" +%TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Define index 01000000 with write stclear, read stclear" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Define index 01000001 with write stclear, read stclear" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at rst +at wst +at wd > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Define index 01000002 with write stclear, read stclear" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000002 -pwdn nnn -sz 16 +at rst +at gl > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Define index 01000003 with write stclear, read stclear" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000003 -pwdn nnn -sz 16 +at rst +at gl +at wd > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000000" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000001" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000002" +%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000003" +%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read lock" +%TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock 01000001" +%TPM_EXE_PATH%nvwritelock -ha 01000001 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV global lock (01000002 and 01000003)" +%TPM_EXE_PATH%nvglobalwritelock -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000001 - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000002 - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000003 - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Shutdown state" +%TPM_EXE_PATH%shutdown -s > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Power cycle" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup state" +%TPM_EXE_PATH%startup -s > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR 0 Read" +%TPM_EXE_PATH%pcrread -ha 0 -of tmp2.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify that PCR 0 is restored" +diff tmp1.bin tmp2.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Context load the signing key" +%TPM_EXE_PATH%contextload -if tmpsk.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Signing Key Self Certify" +%TPM_EXE_PATH%certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Signing Key Self Certify - should fail, signing key missing" +%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Load the signing key - should fail, primary key missing" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Create a platform primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Signing Key Self Certify - should fail, signing key missing" +%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Signing Key Self Certify - should fail, session missing" +%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Load the saved session context" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Signing Key Self Certify" +%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000000 - should fail, still locked after TPM Resume" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000001 - should fail, still locked after TPM Resume" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000002 - should fail, still locked after TPM Resume" +%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000003 - should fail, still locked after TPM Resume" +%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV read - should fail, still locked" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "TPM Restart (state/clear) - hibernate" +echo "" + +echo "Load the signing key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Context save the signing key" +%TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save the session" +%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Shutdown state" +%TPM_EXE_PATH%shutdown -s > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Power cycle" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup clear" +%TPM_EXE_PATH%startup -c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the session" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Context load the signing key" +%TPM_EXE_PATH%contextload -if tmpsk.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "PCR 0 Read" +%TPM_EXE_PATH%pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify that PCR 0 is reset" +diff policies/policypcr0.bin tmp2.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000000 - unlocked after TPM Restart" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000001 - should fail, still locked after TPM Restart" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000002 - unlocked after TPM Restart" +%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000003 - should fail, still locked after TPM Restart" +%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV read" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV global lock (01000002 and 01000003)" +%TPM_EXE_PATH%nvglobalwritelock -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Recreate a platform primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "TPM Reset (clear/clear) - cold boot" +echo "" + +echo "Start a session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Save the session" +%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Shutdown clear" +%TPM_EXE_PATH%shutdown -c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Power cycle" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup clear" +%TPM_EXE_PATH%startup -c > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the session - should fail" +%TPM_EXE_PATH%contextload -if tmp.bin > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Recreate a platform primary storage key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000000 - unlocked after TPM Reset" +%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000001 - should fail, still locked after TPM Reset" +%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV write 01000002 - unlocked after TPM Reset" +%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV write 01000003 - should fail, still locked after TPM Reset" +%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000000" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000001" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000002" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000003" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000003 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM shutdown removes the session +rm h02000000.bin +rm tmpsk.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 +REM getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.sh new file mode 100755 index 000000000000..c73481c046eb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testshutdown.sh @@ -0,0 +1,396 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# NV Index +# 01000000 WST +# 01000001 WD WST +# 01000002 GL +# 01000003 GL WD + +echo "" +echo "TPM Resume (state/state) - suspend" +echo "" + +echo "PCR 0 Extend" +${PREFIX}pcrextend -ha 0 -if policies/aaa > run.out +checkSuccess $? + +echo "PCR 0 Read" +${PREFIX}pcrread -ha 0 -of tmp1.bin > run.out +checkSuccess $? + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Start an HMAC session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Save the session context" +${PREFIX}contextsave -ha 02000001 -of tmp.bin > run.out +checkSuccess $? + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Context save the signing key" +${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out +checkSuccess $? + +echo "Define index 01000000 with write stclear, read stclear" +${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out +checkSuccess $? + +echo "Define index 01000001 with write stclear, read stclear" +${PREFIX}nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at rst +at wst +at wd > run.out +checkSuccess $? + +echo "Define index 01000002 with write stclear, read stclear" +${PREFIX}nvdefinespace -hi o -ha 01000002 -pwdn nnn -sz 16 +at rst +at gl > run.out +checkSuccess $? + +echo "Define index 01000003 with write stclear, read stclear" +${PREFIX}nvdefinespace -hi o -ha 01000003 -pwdn nnn -sz 16 +at rst +at gl +at wd > run.out +checkSuccess $? + +echo "NV write 01000000" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000001" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000002" +${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000003" +${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "Read lock" +${PREFIX}nvreadlock -ha 01000000 -pwdn nnn > run.out +checkSuccess $? + +echo "Write lock 01000000" +${PREFIX}nvwritelock -ha 01000000 -pwdn nnn > run.out +checkSuccess $? + +echo "Write lock 01000001" +${PREFIX}nvwritelock -ha 01000001 -pwdn nnn > run.out +checkSuccess $? + +echo "NV global lock (01000002 and 01000003)" +${PREFIX}nvglobalwritelock -hia p > run.out +checkSuccess $? + +echo "NV write 01000000 - should fail" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000001 - should fail" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000002 - should fail" +${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000003 - should fail" +${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "Shutdown state" +${PREFIX}shutdown -s > run.out +checkSuccess $? + +echo "Power cycle" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup state" +${PREFIX}startup -s > run.out +checkSuccess $? + +echo "PCR 0 Read" +${PREFIX}pcrread -ha 0 -of tmp2.bin > run.out +checkSuccess $? + +echo "Verify that PCR 0 is restored" +diff tmp1.bin tmp2.bin > run.out +checkSuccess $? + +echo "Context load the signing key" +${PREFIX}contextload -if tmpsk.bin > run.out +checkSuccess $? + +echo "Signing Key Self Certify" +${PREFIX}certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000000 > run.out +checkSuccess $? + +echo "Signing Key Self Certify - should fail, signing key missing" +${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +checkFailure $? + +echo "Load the signing key - should fail, primary key missing" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkFailure $? + +# Create a platform primary storage key +initprimary +checkSuccess $? + +echo "Signing Key Self Certify - should fail, signing key missing" +${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +checkFailure $? + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Signing Key Self Certify - should fail, session missing" +${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out +checkFailure $? + +echo "Load the saved session context" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Signing Key Self Certify" +${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out +checkSuccess $? + +echo "NV write 01000000 - should fail, still locked after TPM Resume" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000001 - should fail, still locked after TPM Resume" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000002 - should fail, still locked after TPM Resume" +${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000003 - should fail, still locked after TPM Resume" +${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV read - should fail, still locked" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out +checkFailure $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "TPM Restart (state/clear) - hibernate" +echo "" + +echo "Load the signing key" +${PREFIX}load -hp 80000000 -ipr signrsa2048priv.bin -ipu signrsa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Context save the signing key" +${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out +checkSuccess $? + +echo "Start a session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Save the session" +${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out +checkSuccess $? + +echo "Shutdown state" +${PREFIX}shutdown -s > run.out +checkSuccess $? + +echo "Power cycle" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup clear" +${PREFIX}startup -c > run.out +checkSuccess $? + +echo "Load the session" +${PREFIX}contextload -if tmp.bin > run.out +checkSuccess $? + +echo "Flush the session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +echo "Context load the signing key" +${PREFIX}contextload -if tmpsk.bin > run.out +checkSuccess $? + +echo "PCR 0 Read" +${PREFIX}pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out +checkSuccess $? + +echo "Verify that PCR 0 is reset" +diff policies/policypcr0.bin tmp2.bin > run.out +checkSuccess $? + +echo "NV write 01000000 - unlocked after TPM Restart" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000001 - should fail, still locked after TPM Restart" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000002 - unlocked after TPM Restart" +${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000003 - should fail, still locked after TPM Restart" +${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV read" +${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out +checkSuccess $? + +echo "Write lock 01000000" +${PREFIX}nvwritelock -ha 01000000 -pwdn nnn > run.out +checkSuccess $? + +echo "NV global lock (01000002 and 01000003)" +${PREFIX}nvglobalwritelock -hia p > run.out +checkSuccess $? + +echo "Recreate a platform primary storage key" +${PREFIX}createprimary -hi p -pwdk sto > run.out +checkSuccess $? + +echo "" +echo "TPM Reset (clear/clear) - cold boot" +echo "" + +echo "Start a session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +echo "Save the session" +${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out +checkSuccess $? + +echo "Shutdown clear" +${PREFIX}shutdown -c > run.out +checkSuccess $? + +echo "Power cycle" +${PREFIX}powerup > run.out +checkSuccess $? + +echo "Startup clear" +${PREFIX}startup -c > run.out +checkSuccess $? + +echo "Load the session - should fail" +${PREFIX}contextload -if tmp.bin > run.out +checkFailure $? + +echo "Recreate a platform primary storage key" +${PREFIX}createprimary -hi p -pwdk sto > run.out +checkSuccess $? + +echo "NV write - unlocked after TPM Reset" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000000 - unlocked after TPM Reset" +${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000001 - should fail, still locked after TPM Reset" +${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +echo "NV write 01000002 - unlocked after TPM Reset" +${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out +checkSuccess $? + +echo "NV write 01000003 - should fail, still locked after TPM Reset" +${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out +checkFailure $? + +# cleanup + +echo "NV Undefine Space 01000000" +${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out +checkSuccess $? + +echo "NV Undefine Space 01000001" +${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out +checkSuccess $? + +echo "NV Undefine Space 01000002" +${PREFIX}nvundefinespace -hi p -ha 01000002 > run.out +checkSuccess $? + +echo "NV Undefine Space 01000003" +${PREFIX}nvundefinespace -hi p -ha 01000003 > run.out +checkSuccess $? + +# shutdown removes the session +rm h02000000.bin +rm tmpsk.bin + +exit + + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 +# ${PREFIX}getcapability -cap 1 -pr 01000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.bat new file mode 100644 index 000000000000..18b331b734df --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.bat @@ -0,0 +1,504 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "RSA Signing key" +echo "" + +for %%B in (2048 3072) do ( + + echo "Create an RSA key pair in PEM format using openssl" + openssl genrsa -out tmpkeypairrsa%%B.pem -aes256 -passout pass:rrrr 2048 > run.out + + echo "Convert key pair to plaintext DER format" + openssl rsa -inform pem -outform der -in tmpkeypairrsa%%B.pem -out tmpkeypairrsa%%B.der -passin pass:rrrr > run.out + + echo "Load the RSA signing key under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr signrsa%%Bpriv.bin -ipu signrsa%%Bpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + for %%H in (%ITERATE_ALGS%) do ( + for %%S in (rsassa rsapss) do ( + + echo "Sign a digest - %%H %%S %%B" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -scheme %%S -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa%%Bpub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature signature using the TPM - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem signrsa%%Bpub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the public part" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using readpublic PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the openssl key pair in the NULL hierarchy - %%H %%S %%B" + %TPM_EXE_PATH%loadexternal -halg %%H -scheme %%S -ider tmpkeypairrsa%%B.der > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Use the TPM as a crypto coprocessor to sign - %%H" + %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -scheme %%S -if policies/aaa -os sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the openssl signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) + ) + echo "Flush the signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "ECC Signing key" +echo "" + +echo "Create an ECC key pair in PEM format using openssl" + +openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out + +echo "Convert key pair to plaintext DER format" + +openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out + +echo "Load the ECC signing key under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Sign a digest - %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the ECC signature using the TPM - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -ecc -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem signeccpub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the public part" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using readpublic PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the openssl key pair in the NULL hierarchy 80000002 - %%H" + %TPM_EXE_PATH%loadexternal -halg %%H -ecc -ider tmpkeypairecc.der > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Use the TPM as a crypto coprocessor to sign - %%H" + %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -salg ecc -if policies/aaa -os sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -ecc -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the openssl signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "Flush the ECC signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +echo "" +echo "Primary RSA Signing Key 80000001" +echo "" + +echo "Create primary signing key - RSA" +%TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Sign a digest - %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the public part" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using readpublic PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Convert TPM public key to PEM" + %TPM_EXE_PATH%tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using createprimary converted PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the primary signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Primary ECC Signing Key" +echo "" + +echo "Create primary signing key - ECC 80000001" +%TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Sign a digest - %%H" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature - %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the public part" + %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using readpublic PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + echo "Convert TPM public key to PEM" + %TPM_EXE_PATH%tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature using createprimary converted PEM - %%H" + %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "Flush the primary signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Restricted Signing Key" +echo "" + +echo "Create primary signing key - restricted" +%TPM_EXE_PATH%createprimary -sir -opu tmppub.bin -pwdk sig > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET" +%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "External Verification Key" +echo "" + +REM # create rsaprivkey.pem +REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 +REM # extract the public key +REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem +REM # sign a test message msg.bin +REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin + +echo "Load external just the public part of PEM RSA" +%TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a test message with openssl RSA" +openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin + +echo "Verify the RSA signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # generate the p256 key +REM # > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem +REM # extract public key +REM # > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem + +echo "Load external just the public part of PEM ECC" +%TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Sign a test message with openssl ECC" +openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin + +echo "Verify the ECC signature" +%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the signing key" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Sign with restricted HMAC key" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a %%H restricted keyed hash key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -khr -kt f -kt p -opr khrpriv%%H.bin -opu khrpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key under the primary key 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr khrpriv%%H.bin -ipu khrpub%%H.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash and create ticket" + %TPM_EXE_PATH%hash -hi p -halg %%H -if msg.bin -tk tkt.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest with a restricted signing key and ticket" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -tk tkt.bin -os sig.bin -pwdk khk > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest with a restricted signing key and no ticket - should fail" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Flush the signing key 80000001 " + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + +echo "" +echo "Sign with unrestricted HMAC key" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a %%H unrestricted keyed hash key under the primary key" + %TPM_EXE_PATH%create -hp 80000000 -kh -kt f -kt p -opr khpriv%%H.bin -opu khpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key under the primary key 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr khpriv%%H.bin -ipu khpub%%H.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Hash" + %TPM_EXE_PATH%hash -hi p -halg %%H -if msg.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Sign a digest with an unrestricted signing key" + %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key 80000001 " + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rm tmpkeypairrsa2048.pem +rm tmpkeypairrsa2048.der +rm tmpkeypairrsa3072.pem +rm tmpkeypairrsa3072.der +rm tmpkeypairecc.pem +rm tmpkeypairecc.der +rm pssig.bin +rm tmppub.bin +rm tmppub.pem + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.sh new file mode 100755 index 000000000000..98841e312d2f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testsign.sh @@ -0,0 +1,402 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +echo "" +echo "RSA Signing key" +echo "" + +for BITS in 2048 3072 +do + + echo "Create an RSA $BITS key pair in PEM format using openssl" + openssl genrsa -out tmpkeypairrsa${BITS}.pem -aes256 -passout pass:rrrr 2048 > run.out 2>&1 + + echo "Convert RSA $BITS key pair to plaintext DER format" + openssl rsa -inform pem -outform der -in tmpkeypairrsa${BITS}.pem -out tmpkeypairrsa${BITS}.der -passin pass:rrrr > run.out 2>&1 + + echo "Load the RSA $BITS signing key under the primary key" + ${PREFIX}load -hp 80000000 -ipr signrsa${BITS}priv.bin -ipu signrsa${BITS}pub.bin -pwdp sto > run.out + checkSuccess $? + + for HALG in ${ITERATE_ALGS} + do + + for SCHEME in rsassa rsapss + do + + echo "Sign a digest - $HALG $SCHEME $BITS" + ${PREFIX}sign -hk 80000001 -halg $HALG -scheme $SCHEME -if policies/aaa -os sig.bin -pwdk sig -ipu signrsa${BITS}pub.bin > run.out + checkSuccess $? + + echo "Verify the signature using the TPM - $HALG" + ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature using PEM - $HALG" + ${PREFIX}verifysignature -ipem signrsa${BITS}pub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Read the public part" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using readpublic PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Load the openssl key pair in the NULL hierarchy 80000002 - $HALG $SCHEME $BITS" + ${PREFIX}loadexternal -halg $HALG -scheme $SCHEME -ider tmpkeypairrsa${BITS}.der > run.out + checkSuccess $? + + echo "Use the TPM as a crypto coprocessor to sign - $HALG $SCHEME" + ${PREFIX}sign -hk 80000002 -halg $HALG -scheme $SCHEME -if policies/aaa -os sig.bin > run.out + checkSuccess $? + + echo "Verify the signature - $HALG" + ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Flush the openssl signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + done + + done + + echo "Flush the RSA signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "ECC Signing key" +echo "" + +echo "Load the ECC signing key under the primary key" +${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Create an ECC key pair in PEM format using openssl" + +openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out 2>&1 + +echo "Convert key pair to plaintext DER format" + +openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out 2>&1 + +for HALG in ${ITERATE_ALGS} +do + + echo "Sign a digest - $HALG" + ${PREFIX}sign -hk 80000001 -halg $HALG -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out + checkSuccess $? + + echo "Verify the ECC signature using the TPM - $HALG" + ${PREFIX}verifysignature -hk 80000001 -halg $HALG -ecc -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature using PEM - $HALG" + ${PREFIX}verifysignature -ipem signeccpub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Read the public part" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using readpublic PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Load the openssl key pair in the NULL hierarchy 80000002 - $HALG" + ${PREFIX}loadexternal -halg $HALG -ecc -ider tmpkeypairecc.der > run.out + checkSuccess $? + + echo "Use the TPM as a crypto coprocessor to sign - $HALG" + ${PREFIX}sign -hk 80000002 -halg $HALG -salg ecc -if policies/aaa -os sig.bin > run.out + checkSuccess $? + + echo "Verify the signature - $HALG" + ${PREFIX}verifysignature -hk 80000002 -halg $HALG -ecc -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Flush the openssl signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +echo "Flush the ECC signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Primary RSA Signing Key" +echo "" + +echo "Create primary signing key - RSA 80000001" +${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out +checkSuccess $? + +for HALG in ${ITERATE_ALGS} +do + + echo "Sign a digest - $HALG" + ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out + checkSuccess $? + + echo "Verify the signature - $HALG" + ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature using PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Read the public part and convert to PEM" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using readpublic PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Convert TPM public key to PEM" + ${PREFIX}tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using createprimary converted PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + +done + +echo "Flush the primary signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Primary ECC Signing Key" +echo "" + +echo "Create primary signing key - ECC 80000001" +${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out +checkSuccess $? + +for HALG in ${ITERATE_ALGS} +do + + echo "Sign a digest - $HALG" + ${PREFIX}sign -hk 80000001 -halg $HALG -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out + checkSuccess $? + + echo "Verify the signature - $HALG" + ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Verify the signature using PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Read the public part" + ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using readpublic PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + + echo "Convert TPM public key to PEM" + ${PREFIX}tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out + checkSuccess $? + + echo "Verify the signature using createprimary converted PEM - $HALG" + ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out + checkSuccess $? + +done + +echo "Flush the primary signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Restricted Signing Key" +echo "" + +echo "Create primary signing key - restricted" +${PREFIX}createprimary -sir -opu tmppub.bin -pwdk sig > run.out +checkSuccess $? + +echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET" +${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out +checkFailure $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "External Verification Key" +echo "" + +# create rsaprivkey.pem +# > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 +# convert to der +# > openssl rsa -inform pem -outform der -in rsaprivkey.pem -out rsaprivkey.der -passin pass:rrrr +# extract the public key +# > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem +# sign a test message msg.bin +# > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin + +echo "Load external just the public part of PEM RSA" +${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out +checkSuccess $? + +echo "Sign a test message with openssl RSA" +openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin > run.out 2>&1 + +echo "Verify the RSA signature" +${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +# generate the p256 key +# > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem +# extract public key +# > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem + +echo "Load external just the public part of PEM ECC" +${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out +checkSuccess $? + +echo "Sign a test message with openssl ECC" +openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin > run.out 2>&1 + +echo "Verify the ECC signature" +${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out +checkSuccess $? + +echo "Flush the signing key" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Sign with restricted HMAC key" +echo "" + +for HALG in ${ITERATE_ALGS} + +do + + echo "Create a ${HALG} restricted keyed hash key under the primary key" + ${PREFIX}create -hp 80000000 -khr -kt f -kt p -opr khrpriv${HALG}.bin -opu khrpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out + checkSuccess $? + + echo "Load the signing key under the primary key 80000001" + ${PREFIX}load -hp 80000000 -ipr khrpriv${HALG}.bin -ipu khrpub${HALG}.bin -pwdp sto > run.out + checkSuccess $? + + echo "Hash and create ticket" + ${PREFIX}hash -hi p -halg ${HALG} -if msg.bin -tk tkt.bin > run.out + checkSuccess $? + + echo "Sign a digest with a restricted signing key and ticket" + ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -tk tkt.bin -os sig.bin -pwdk khk > run.out + checkSuccess $? + + echo "Sign a digest with a restricted signing key and no ticket - should fail" + ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out + checkFailure $? + + echo "Flush the signing key 80000001 " + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +echo "" +echo "Sign with unrestricted HMAC key" +echo "" + +for HALG in ${ITERATE_ALGS} + +do + + echo "Create a ${HALG} unrestricted keyed hash key under the primary key" + ${PREFIX}create -hp 80000000 -kh -kt f -kt p -opr khpriv${HALG}.bin -opu khpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out + checkSuccess $? + + echo "Load the signing key under the primary key 80000001" + ${PREFIX}load -hp 80000000 -ipr khpriv${HALG}.bin -ipu khpub${HALG}.bin -pwdp sto > run.out + checkSuccess $? + + echo "Hash" + ${PREFIX}hash -hi p -halg ${HALG} -if msg.bin > run.out + checkSuccess $? + + echo "Sign a digest with an unrestricted signing key" + ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out + checkSuccess $? + + echo "Flush the signing key 80000001 " + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + +done + +rm -f tmpkeypairrsa2048.pem +rm -f tmpkeypairrsa2048.der +rm -f tmpkeypairrsa3072.pem +rm -f tmpkeypairrsa3072.der +rm -f tmpkeypairecc.pem +rm -f tmpkeypairecc.der +rm -r pssig.bin +rm -r tmppub.bin +rm -r tmppub.pem + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.bat new file mode 100644 index 000000000000..11a6e16ea37d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.bat @@ -0,0 +1,205 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +REM Primary storage key at 80000000 password sto +REM storage key at 80000001 password sto + +echo "" +echo "RSA Storage key" +echo "" + +echo "Load the RSA storage key 80000001 under the primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start an HMAC auth session" +%TPM_EXE_PATH%startauthsession -se h > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%N in (%ITERATE_ALGS%) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Create an unrestricted signing key under the RSA storage key 80000001 %%N %%~S" + %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg %%N %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the signing key 80000002 under the storage key 80000001 %%~S" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the signing key 80000002 public area" + %TPM_EXE_PATH%readpublic -ho 80000002 -opu tmppub2.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load external just the storage key public part 80000002 %%N" + %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu storersa2048pub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the public key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load external, signing key public part 80000002 %%N" + %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu tmppub2.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the public key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +echo "Flush the RSA storage key 80000001" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "ECC Storage key" +echo "" + +echo "Load ECC the storage key 80000001 under the primary key 80000000" +%TPM_EXE_PATH%load -hp 80000000 -ipr storeeccpriv.bin -ipu storeeccpub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +for %%N in (%ITERATE_ALGS%) do ( + + for %%S in ("" "-se0 02000000 1") do ( + + echo "Create an unrestricted signing key under the ECC storage key 80000001 %%N %%~S" + %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -ecc nistp256 -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg %%N %%~S > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the ECC signing key 80000002 under the ECC storage key 80000001 %%~S" + %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto %%~S> run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Read the signing key 80000002 public area" + %TPM_EXE_PATH%readpublic -ho 80000002 -opu tmppub2.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load external, storage key public part 80000002 %%N" + %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu storeeccpub.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the public key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load external, signing key public part 80000002 %%N" + %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu tmppub2.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the signing key 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + ) +) + +echo "Flush the ECC storage key 80000001 " +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the auth session" +%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -f tmppub2.bin +rm -f tmppub.bin +rm -f tmppriv.bin +rm -f tmpsig.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 +REM getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.sh new file mode 100755 index 000000000000..f2b91f4bdd96 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/teststorage.sh @@ -0,0 +1,164 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# Primary storage key at 80000000 password sto +# storage key at 80000001 password sto + +echo "" +echo "RSA Storage key" +echo "" + +echo "Load the RSA storage key 80000001 under the primary key 80000000" +${PREFIX}load -hp 80000000 -ipr storersa2048priv.bin -ipu storersa2048pub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start an HMAC auth session" +${PREFIX}startauthsession -se h > run.out +checkSuccess $? + +for NALG in ${ITERATE_ALGS} +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Create an unrestricted signing key under the RSA storage key 80000001 ${NALG} ${SESS}" + ${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg ${NALG} ${SESS} > run.out + checkSuccess $? + + echo "Load the signing key 80000002 under the storage key 80000001 ${SESS}" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto ${SESS} > run.out + checkSuccess $? + + echo "Read the signing key 80000002 public area" + ${PREFIX}readpublic -ho 80000002 -opu tmppub2.bin > run.out + checkSuccess $? + + echo "Flush the signing key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Load external just the storage key public part 80000002 ${NALG}" + ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu storersa2048pub.bin > run.out + checkSuccess $? + + echo "Flush the public key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Load external, signing key public part 80000002 ${NALG}" + ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu tmppub2.bin > run.out + checkSuccess $? + + echo "Flush the public key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + done +done + +echo "Flush the RSA storage key 80000001" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "ECC Storage key" +echo "" + +echo "Load ECC the storage key 80000001 under the primary key 80000000" +${PREFIX}load -hp 80000000 -ipr storeeccpriv.bin -ipu storeeccpub.bin -pwdp sto > run.out +checkSuccess $? + +for NALG in ${ITERATE_ALGS} +do + + for SESS in "" "-se0 02000000 1" + do + + echo "Create an unrestricted signing key under the ECC storage key 80000001 ${NALG} ${SESS}" + ${PREFIX}create -hp 80000001 -si -kt f -kt p -ecc nistp256 -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg ${NALG} ${SESS} > run.out + checkSuccess $? + + echo "Load the ECC signing key 80000002 under the ECC storage key 80000001 ${SESS}" + ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto ${SESS}> run.out + checkSuccess $? + + echo "Read the signing key 80000002 public area" + ${PREFIX}readpublic -ho 80000002 -opu tmppub2.bin > run.out + checkSuccess $? + + echo "Flush the signing key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Load external, storage key public part 80000002 ${NALG}" + ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu storeeccpub.bin > run.out + checkSuccess $? + + echo "Flush the public key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Load external, signing key public part 80000002 ${NALG}" + ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu tmppub2.bin > run.out + checkSuccess $? + + echo "Flush the signing key 80000002" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + done +done + +echo "Flush the ECC storage key 80000001 " +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the auth session" +${PREFIX}flushcontext -ha 02000000 > run.out +checkSuccess $? + +rm -f tmppub2.bin +rm -f tmppub.bin +rm -f tmppriv.bin +rm -f tmpsig.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 +# ${PREFIX}getcapability -cap 1 -pr 02000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.bat new file mode 100644 index 000000000000..03449e2bc127 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.bat @@ -0,0 +1,765 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2015 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "Seal and Unseal to Password" +echo "" + +echo "Create a sealed data object" +%TPM_EXE_PATH%create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the sealed data object" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal the data blob" +%TPM_EXE_PATH%unseal -ha 80000001 -pwd sea -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal with bad password - should fail" +%TPM_EXE_PATH%unseal -ha 80000001 -pwd xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Flush the sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a primary sealed data object" +%TPM_EXE_PATH%createprimary -bl -kt f -kt p -pwdk seap -if msg.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal the primary data blob" +%TPM_EXE_PATH%unseal -ha 80000001 -pwd seap -of tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the primary sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Seal and Unseal to PolicySecret Platform Auth" +echo "" + +REM # policy is policy secret pointing to platform auth +REM # 000001514000000C plus newline for policyRef + +echo "Change platform hierarchy auth" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Create a sealed data object with policysecret platform auth under primary key" +%TPM_EXE_PATH%create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Load the sealed data object under primary key" +%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal the data blob - policy failure, policysecret not run" +%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session and platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Unseal the data blob" +%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Change platform hierarchy auth back to null" +%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the sealed object" +%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +REM # extend of aaa + 0 pad to digest length +REM # pcrreset -ha 16 +REM # pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa +REM # pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +REM # +REM # 1d47f68aced515f7797371b554e32d47981aa0a0 +REM # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +REM # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +REM # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +REM # +REM # paste that with no white space to file policypcr16aaasha1.txt, etc. +REM # +REM # create AND term for policy PCR, PCR 16 +REM # and then convert to binary policy +REM +REM # > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt +REM # 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d +REM # convert to binary policy +REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v +REM # 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 +REM # a4 24 f5 f2 +REM +REM # > policymakerpcr -halg sha256 -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt +REM # 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 +REM # > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v +REM # 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 +REM # ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 +REM +REM # > policymakerpcr -halg sha384 -bm 10000 -if policies/policypcr16aaasha384.txt -v -pr -of policies/policypcr.txt +REM # 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932 +REM # > policymaker -halg sha384 -if policies/policypcr.txt -of policies/policypcr16aaasha384.bin -pr -v +REM # ea aa 8b 90 d2 69 b6 31 c0 85 91 e4 bf 29 a3 12 +REM # 87 04 f2 18 4c 02 ee 83 6a fb c4 c6 7f 28 c1 7f +REM # 86 ea 22 b7 00 3d 06 fc b4 57 a3 b5 c4 f7 3c 95 +REM +REM # > policymakerpcr -halg sha512 -bm 10000 -if policies/policypcr16aaasha512.txt -v -pr -of policies/policypcr.txt +REM # 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f +REM # policymaker -halg sha512 -if policies/policypcr.txt -of policies/policypcr16aaasha512.bin -pr -v +REM # 1a 57 25 8d 99 64 d8 74 f0 85 0f 2c 8d 70 41 cc +REM # be 21 c2 0f df 7e 07 e6 b1 99 ea 05 66 46 b7 fb +REM # 23 55 77 4b 96 7e ab e2 65 db 5a 52 82 08 9c af +REM # 3c c0 10 e4 99 36 5d ec 7f 0d 3e 6d 2a 62 6d 2e + +REM sealed blob 80000001 +REM policy session 03000000 + +echo "" +echo "Seal and Unseal to PCR 16" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a sealed data object %%H" + %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr16aaa%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the sealed data object" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session %%H" + %TPM_EXE_PATH%startauthsession -se p -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR 16 Reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob - policy failure, policypcr not run" + %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Policy PCR, update with the wrong PCR 16 value" + %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob - policy failure, PCR 16 incorrect" + %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Extend PCR 16 to correct value" + %TPM_EXE_PATH%pcrextend -halg %%H -ha 16 -if policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy restart, set back to zero" + %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy PCR, update with the correct PCR 16 value" + %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob" + %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed object" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the policy session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rem # This test uses the same values for PCR 16 and PCR 23 for simplicity. +rem # For different values, calculate the PCR white list value and change +rem # the cat line to use two different values. + +rem # extend of aaa + 0 pad to digest length +rem # pcrreset -ha 16 +rem # pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa +rem # pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +rem # +rem # 1d47f68aced515f7797371b554e32d47981aa0a0 +rem # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +rem # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +rem # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +rem # +rem # paste that with no white space to file policypcr16aaasha1.txt, etc. +rem # +rem # create AND term for policy PCR, PCR 16 and 23 +rem # and then convert to binary policy + +rem # > cat policies/policypcr16aaasha1.txt policies/policypcr16aaasha1.txt >! policypcra.txt +rem # > policymakerpcr -halg sha1 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +rem #0000017f0000000100040300008173820c1f0f279933a5a58629fe44d081e740d4ae +rem # > policymaker -halg sha1 -if policypcr.txt -of policies/policypcr1623aaasha1.bin -pr -v +rem # policy digest length 20 +rem # b4 ed de a3 35 87 d7 43 29 f6 a8 d1 e7 89 92 64 +rem # 46 f0 4c 85 + +rem # > cat policies/policypcr16aaasha256.txt policies/policypcr16aaasha256.txt >! policypcra.txt +rem # > policymakerpcr -halg sha256 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +rem # 0000017f00000001000b030000815a9f104273886b7ec8919a449d440d107d0da5df367e28c6ac145c9023cb5e76 +rem # > policymaker -halg sha256 -if policypcr.txt -of policies/policypcr1623aaasha256.bin -pr -v +rem # policy digest length 32 +rem # 84 ff 2f f1 2d 37 cb 23 fb 3d 14 d9 66 77 ca ec +rem # 48 94 5c 0b 83 e5 ea a2 be 98 e9 75 aa 21 e3 d6 + +rem # > cat policies/policypcr16aaasha384.txt policies/policypcr16aaasha384.txt >! policypcra.txt +rem # > policymakerpcr -halg sha384 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +rem # 0000017f00000001000c0300008105f7f12c86c3b0ed988d369a96d401bb4a58b74f982eb03e8474cb66076114ba2b933dd95cde1c7ea69d0a797abc99d4 +rem # > policymaker -halg sha384 -if policypcr.txt -of policies/policypcr1623aaasha384.bin -pr -v +rem # policy digest length 48 +rem # 4b 03 cd b3 eb 07 15 14 7c 49 93 43 a5 65 ee dc +rem # 86 22 7c 86 36 20 97 a2 5e 0f 34 2e d2 4f 7e ad +rem # a0 61 8b 5e d7 ba bb e3 5e f0 ab ea 99 55 df 84 + +rem # > cat policies/policypcr16aaasha512.txt policies/policypcr16aaasha512.txt >! policypcra.txt +rem # > policymakerpcr -halg sha512 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +rem # 0000017f00000001000d03000081266ae24c92f63b30322e9c22e44e9540313a2223ae79b27eafe798168bef373ac55de22a0ca78ec8b2e9402aa1f8b47b6ef40e9e53aebaa694af58f240efa0fd +rem # > policymaker -halg sha512 -if policypcr.txt -of policies/policypcr1623aaasha512.bin -pr -v +rem # policy digest length 64 +rem # 13 84 59 76 b8 d4 d8 a9 a4 7d 75 0e 3e 81 cd c2 +rem # 78 08 ec 95 d7 13 e8 ef 0c 0b 85 c7 38 2e ad 46 +rem # e4 72 31 1d 11 a3 38 17 54 e5 cf 2e 6d 23 67 6d +rem # 39 5a 93 51 9d f3 f0 90 56 4d 66 f8 7b 90 fc 61 + +rem # sealed blob 80000001 +rem # policy session 03000000 + +echo "" +echo "Seal and Unseal to PCR 16 and 23" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + echo "Create a sealed data object %%H" + %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr1623aaa%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the sealed data object" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session %%H" + %TPM_EXE_PATH%startauthsession -se p -halg %%H > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR 16 Reset" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR 23 Reset" + %TPM_EXE_PATH%pcrreset -ha 23 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Extend PCR 16 to correct value" + %TPM_EXE_PATH%pcrextend -halg %%H -ha 16 -if policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Extend PCR 23 to correct value" + %TPM_EXE_PATH%pcrextend -halg %%H -ha 23 -if policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy PCR, update with the correct PCR 16 and 23 values" + %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 810000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob" + %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed object" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the policy session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) +) + + +REM # +REM # Sample application to demonstrate the policy authorize solution to +REM # the PCR brittleness problem when sealing. Rather than sealing +REM # directly to the PCRs, the blob is sealed to an authorizing public +REM # key. The authorizing private key signs the approved policy PCR +REM # digest. +REM # +REM # Name for 80000001 authorizing key (output of loadexternal below) is +REM # used to calculate the policy authorize policy +REM # +REM # 00044234c24fc1b9de6693a62453417d2734d7538f6f +REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +REM # 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +REM # 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 +REM # +REM # Use 0000016a || the above Name, with a following blank line for +REM # policyRef to make policies/policyauthorizesha[].txt. Use policymaker +REM # to create the binary policy. This will be the session digest after +REM # the policyauthorize command. +REM # +REM # > policymaker -halg sha[] -if policies/policyauthorizesha[].txt -of policies/policyauthorizesha[].bin -pr +REM # 16 82 10 58 c0 32 8c c4 e5 2e c4 ec ce 61 6c 0a +REM # f4 8a 30 88 +REM # +REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +REM # +REM # 5c c6 34 89 fe f9 c8 42 7e fe 2c 5f 08 39 74 b6 +REM # d9 a8 36 02 4a cd d9 70 7e f0 b9 fd 15 26 56 da +REM # a5 07 0a 9b bf d6 66 df 49 d2 5b 8d 50 8e 16 38 +REM # +REM # c9 c8 29 fb bc 75 54 99 db 48 b7 26 88 24 d1 f8 +REM # 29 72 01 60 6b d6 5f 41 8e 06 98 7e f7 3e 6a 7e +REM # 25 82 c7 6d 8f 1c 36 43 68 01 ee 56 51 d5 06 b4 +REM # 68 4c fe d1 d0 6a d7 65 23 3f c2 92 94 fd 2c c5 + +REM # setup and policy PCR calculations +REM # +REM # 16 is the debug PCR, a typical application may seal to PCR 0-7 +REM # > pcrreset -ha 16 +REM # +REM # policies/aaa represents the new 'BIOS' measurement hash extended +REM # into all PCR banks +REM # +REM # > pcrextend -ha 16 -halg [] -if policies/aaa +REM # +REM # These are the new PCR values to be authorized. Typically, these are +REM # calculated by other software based on the enterprise. Here, they're +REM # just read from the TPM. +REM # +REM # > pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +REM # +REM # 1d47f68aced515f7797371b554e32d47981aa0a0 +REM # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +REM # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +REM # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +REM # +REM # Put the above authorized PCR value in an intermediate file +REM # policies/policypcr16aaasha1.txt for policymakerpcr, and create the +REM # policypcr AND term policies/policypcr.txt. policymakerpcr prepends the command code and +REM # PCR select bit mask. +REM # +REM # > policymakerpcr -halg sha[] -bm 010000 -if policies/policypcr16aaasha1.txt -of policies/policypcr.txt -pr -v +REM # +REM # 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d +REM # 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 +REM # 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932 +REM # 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f +REM # +REM # Send the policymakerpcr AND term result to policymaker to create the +REM # Policy PCR digest. This is the authorized policy signed by the +REM # authorizing private key. +REM # +REM # > policymaker -halg sha[] -if policies/policypcr.txt -of policies/policypcr16aaasha[].bin -v -pr -ns +REM # +REM # 12b6dd164382cae45d0ed07f9e51d163a424f5f2 +REM # 7644f611ea10d760dab936c3951e1d85ecdb84ce9a7903dde1c7e0a2d909a013 +REM # eaaa8b90d269b631c08591e4bf29a3128704f2184c02ee836afbc4c67f28c17f86ea22b7003d06fcb457a3b5c4f73c95 +REM # 1a57258d9964d874f0850f2c8d7041ccbe21c20fdf7e07e6b199ea056646b7fb2355774b967eabe265db5a5282089caf3cc010e499365dec7f0d3e6d2a626d2e + +echo "" +echo "Policy PCR with Policy Authorize (PCR brittleness solution)" +echo "" + +for %%H in (%ITERATE_ALGS%) do ( + + REM # One time task, create sealed blob with policy of policyauthorize + REM # with Name of authorizing key + + echo "Create a sealed data object %%H" + %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -if msg.bin -pol policies/policyauthorize%%H.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM # Once per new PCR approved values, authorizing PCRs in policy%%H.bin + + echo "Openssl generate and sign aHash (empty policyRef) %%H" + openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaa%%H.bin + + REM # Once per boot, simulating setting PCRs to authorized values + + echo "Reset PCR 16 back to zero" + %TPM_EXE_PATH%pcrreset -ha 16 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "PCR extend PCR 16 %%H" + %TPM_EXE_PATH%pcrextend -ha 16 -halg %%H -if policies/aaa > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM # beginning of unseal process, policy PCR + + echo "Start a policy session %%H" + %TPM_EXE_PATH%startauthsession -halg %%H -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy PCR, update with the correct digest %%H" + %TPM_EXE_PATH%policypcr -ha 03000000 -halg %%H -bm 10000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy get digest, should be policies/policypcr16aaa%%H.bin" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM # policyauthorize process + + echo "Load external just the public part of PEM authorizing key %%H 80000001" + %TPM_EXE_PATH%loadexternal -hi p -halg %%H -nalg %%H -ipem policies/rsapubkey.pem -ns > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the signature to generate ticket 80000001 %%H" + %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/policypcr16aaa%%H.bin -is pssig.bin -raw -tk tkt.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy authorize using the ticket" + %TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policypcr16aaa%%H.bin -skn h80000001.bin -tk tkt.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get policy digest, should be policies/policyauthorize%%H.bin" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the verification public key 80000001" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + REM # load the sealed blob and unseal + + echo "Load the sealed data object 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob using the policy session" + %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed object" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the policy session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "Import and Unseal" +echo "" + +REM # primary key P1 80000000 +REM # sealed data S1 80000001 originally under 80000000 +REM # target storage key K1 80000002 + +for %%A in ("rsa2048" "ecc") do ( + + echo "Create a sealed data object S1 under the primary key P1 80000000" + %TPM_EXE_PATH%create -hp 80000000 -bl -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policyccduplicate.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the sealed data object S1 at 80000001" + %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the %%~A storage key K1 80000002" + %TPM_EXE_PATH%load -hp 80000000 -ipr store%%~Apriv.bin -ipu store%%~Apub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Start a policy session 03000000" + %TPM_EXE_PATH%startauthsession -se p > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Policy command code, duplicate" + %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Get policy digest" + %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Duplicate sealed data object S1 80000001 under %%~A K1 80000002" + %TPM_EXE_PATH%duplicate -ho 80000001 -pwdo sig -hp 80000002 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the original S1 to free object slot for import" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Import S1 under %%~A K1 80000002" + %TPM_EXE_PATH%import -hp 80000002 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv1.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the duplicated sealed data object S1 at 80000001 under %%~A K1 80000002" + %TPM_EXE_PATH%load -hp 80000002 -ipr tmppriv1.bin -ipu tmppub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Unseal the data blob" + %TPM_EXE_PATH%unseal -ha 80000001 -pwd sea -of tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the sealed data object at 80000001" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the storage key at 80000002" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the session" + %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rm tmppriv.bin +rm tmppub.bin +rm tmp.bin +rm tmpdup.bin +rm tmpss.bin +rm tmppriv1.bin + +exit /B 0 + +REM getcapability -cap 1 -pr 80000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.sh new file mode 100755 index 000000000000..c48458ea9a01 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testunseal.sh @@ -0,0 +1,619 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2015 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# used for the name in policy authorize + +if [ -z $TPM_DATA_DIR ]; then + TPM_DATA_DIR=. +fi + +echo "" +echo "Seal and Unseal to Password" +echo "" + +echo "Create a sealed data object" +${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out +checkSuccess $? + +echo "Load the sealed data object" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Unseal the data blob" +${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out +checkSuccess $? + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +checkSuccess $? + +echo "Unseal with bad password - should fail" +${PREFIX}unseal -ha 80000001 -pwd xxx > run.out +checkFailure $? + +echo "Flush the sealed object" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Create a primary sealed data object" +${PREFIX}createprimary -bl -kt f -kt p -pwdk seap -if msg.bin > run.out +checkSuccess $? + +echo "Unseal the primary data blob" +${PREFIX}unseal -ha 80000001 -pwd seap -of tmp.bin > run.out +checkSuccess $? + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +checkSuccess $? + +echo "Flush the primary sealed object" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "" +echo "Seal and Unseal to PolicySecret Platform Auth" +echo "" + +# policy is policy secret pointing to platform auth +# 000001514000000C plus newline for policyRef + +echo "Change platform hierarchy auth" +${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out +checkSuccess $? + +echo "Create a sealed data object with policysecret platform auth under primary key" +${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policysecretp.bin > run.out +checkSuccess $? + +echo "Load the sealed data object under primary key" +${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out +checkSuccess $? + +echo "Start a policy session" +${PREFIX}startauthsession -se p > run.out +checkSuccess $? + +echo "Unseal the data blob - policy failure, policysecret not run" +${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +checkFailure $? + +echo "Policy Secret with PWAP session and platform auth" +${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out +checkSuccess $? + +echo "Unseal the data blob" +${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out +checkSuccess $? + +echo "Verify the unsealed result" +diff msg.bin tmp.bin > run.out +checkSuccess $? + +echo "Change platform hierarchy auth back to null" +${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out +checkSuccess $? + +echo "Flush the sealed object" +${PREFIX}flushcontext -ha 80000001 > run.out +checkSuccess $? + +echo "Flush the policy session" +${PREFIX}flushcontext -ha 03000000 > run.out +checkSuccess $? + +# extend of aaa + 0 pad to digest length +# pcrreset -ha 16 +# pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa +# pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +# +# 1d47f68aced515f7797371b554e32d47981aa0a0 +# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +# +# paste that with no white space to file policypcr16aaasha1.txt, etc. +# +# create AND term for policy PCR, PCR 16 +# and then convert to binary policy + +# > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt +# 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d +# convert to binary policy +# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v +# 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 +# a4 24 f5 f2 + +# > policymakerpcr -halg sha256 -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt +# 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 +# > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v +# 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 +# ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 + +# > policymakerpcr -halg sha384 -bm 10000 -if policies/policypcr16aaasha384.txt -v -pr -of policies/policypcr.txt +# 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932 +# > policymaker -halg sha384 -if policies/policypcr.txt -of policies/policypcr16aaasha384.bin -pr -v +# ea aa 8b 90 d2 69 b6 31 c0 85 91 e4 bf 29 a3 12 +# 87 04 f2 18 4c 02 ee 83 6a fb c4 c6 7f 28 c1 7f +# 86 ea 22 b7 00 3d 06 fc b4 57 a3 b5 c4 f7 3c 95 + +# > policymakerpcr -halg sha512 -bm 10000 -if policies/policypcr16aaasha512.txt -v -pr -of policies/policypcr.txt +# 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f +# policymaker -halg sha512 -if policies/policypcr.txt -of policies/policypcr16aaasha512.bin -pr -v +# 1a 57 25 8d 99 64 d8 74 f0 85 0f 2c 8d 70 41 cc +# be 21 c2 0f df 7e 07 e6 b1 99 ea 05 66 46 b7 fb +# 23 55 77 4b 96 7e ab e2 65 db 5a 52 82 08 9c af +# 3c c0 10 e4 99 36 5d ec 7f 0d 3e 6d 2a 62 6d 2e + +# sealed blob 80000001 +# policy session 03000000 + +echo "" +echo "Seal and Unseal to PCR 16" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create a sealed data object ${HALG}" + ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr16aaa${HALG}.bin > run.out + checkSuccess $? + + echo "Load the sealed data object" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a policy session ${HALG}" + ${PREFIX}startauthsession -se p -halg ${HALG} > run.out + checkSuccess $? + + echo "PCR 16 Reset" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "Unseal the data blob - policy failure, policypcr not run" + ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + checkFailure $? + + echo "Policy PCR, update with the wrong PCR 16 value" + ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out + checkSuccess $? + + echo "Unseal the data blob - policy failure, PCR 16 incorrect" + ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + checkFailure $? + + echo "Extend PCR 16 to correct value" + ${PREFIX}pcrextend -halg ${HALG} -ha 16 -if policies/aaa > run.out + checkSuccess $? + + echo "Policy restart, set back to zero" + ${PREFIX}policyrestart -ha 03000000 > run.out + checkSuccess $? + + echo "Policy PCR, update with the correct PCR 16 value" + ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out + checkSuccess $? + + echo "Unseal the data blob" + ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the sealed object" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the policy session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + +done + +# This test uses the same values for PCR 16 and PCR 23 for simplicity. +# For different values, calculate the PCR white list value and change +# the cat line to use two different values. + +# extend of aaa + 0 pad to digest length +# pcrreset -ha 16 +# pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa +# pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +# +# 1d47f68aced515f7797371b554e32d47981aa0a0 +# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +# +# paste that with no white space to file policypcr16aaasha1.txt, etc. +# +# create AND term for policy PCR, PCR 16 and 23 +# and then convert to binary policy + +# > cat policies/policypcr16aaasha1.txt policies/policypcr16aaasha1.txt >! policypcra.txt +# > policymakerpcr -halg sha1 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +#0000017f0000000100040300008173820c1f0f279933a5a58629fe44d081e740d4ae +# > policymaker -halg sha1 -if policypcr.txt -of policies/policypcr1623aaasha1.bin -pr -v + # policy digest length 20 + # b4 ed de a3 35 87 d7 43 29 f6 a8 d1 e7 89 92 64 + # 46 f0 4c 85 + +# > cat policies/policypcr16aaasha256.txt policies/policypcr16aaasha256.txt >! policypcra.txt +# > policymakerpcr -halg sha256 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +# 0000017f00000001000b030000815a9f104273886b7ec8919a449d440d107d0da5df367e28c6ac145c9023cb5e76 +# > policymaker -halg sha256 -if policypcr.txt -of policies/policypcr1623aaasha256.bin -pr -v + # policy digest length 32 + # 84 ff 2f f1 2d 37 cb 23 fb 3d 14 d9 66 77 ca ec + # 48 94 5c 0b 83 e5 ea a2 be 98 e9 75 aa 21 e3 d6 + +# > cat policies/policypcr16aaasha384.txt policies/policypcr16aaasha384.txt >! policypcra.txt +# > policymakerpcr -halg sha384 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +# 0000017f00000001000c0300008105f7f12c86c3b0ed988d369a96d401bb4a58b74f982eb03e8474cb66076114ba2b933dd95cde1c7ea69d0a797abc99d4 +# > policymaker -halg sha384 -if policypcr.txt -of policies/policypcr1623aaasha384.bin -pr -v + # policy digest length 48 + # 4b 03 cd b3 eb 07 15 14 7c 49 93 43 a5 65 ee dc + # 86 22 7c 86 36 20 97 a2 5e 0f 34 2e d2 4f 7e ad + # a0 61 8b 5e d7 ba bb e3 5e f0 ab ea 99 55 df 84 + +# > cat policies/policypcr16aaasha512.txt policies/policypcr16aaasha512.txt >! policypcra.txt +# > policymakerpcr -halg sha512 -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt +# 0000017f00000001000d03000081266ae24c92f63b30322e9c22e44e9540313a2223ae79b27eafe798168bef373ac55de22a0ca78ec8b2e9402aa1f8b47b6ef40e9e53aebaa694af58f240efa0fd +# > policymaker -halg sha512 -if policypcr.txt -of policies/policypcr1623aaasha512.bin -pr -v + # policy digest length 64 + # 13 84 59 76 b8 d4 d8 a9 a4 7d 75 0e 3e 81 cd c2 + # 78 08 ec 95 d7 13 e8 ef 0c 0b 85 c7 38 2e ad 46 + # e4 72 31 1d 11 a3 38 17 54 e5 cf 2e 6d 23 67 6d + # 39 5a 93 51 9d f3 f0 90 56 4d 66 f8 7b 90 fc 61 + +# sealed blob 80000001 +# policy session 03000000 + +echo "" +echo "Seal and Unseal to PCR 16 and 23" +echo "" + +for HALG in ${ITERATE_ALGS} +do + + echo "Create a sealed data object ${HALG}" + ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr1623aaa${HALG}.bin > run.out + checkSuccess $? + + echo "Load the sealed data object" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a policy session ${HALG}" + ${PREFIX}startauthsession -se p -halg ${HALG} > run.out + checkSuccess $? + + echo "PCR 16 Reset" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "PCR 23 Reset" + ${PREFIX}pcrreset -ha 23 > run.out + checkSuccess $? + + echo "Extend PCR 16 to correct value" + ${PREFIX}pcrextend -halg ${HALG} -ha 16 -if policies/aaa > run.out + checkSuccess $? + + echo "Extend PCR 23 to correct value" + ${PREFIX}pcrextend -halg ${HALG} -ha 23 -if policies/aaa > run.out + checkSuccess $? + + echo "Policy PCR, update with the correct PCR 16 and 23 values" + ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 810000 > run.out + checkSuccess $? + + echo "Unseal the data blob" + ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the sealed object" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the policy session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + +done + +# +# Sample application to demonstrate the policy authorize solution to +# the PCR brittleness problem when sealing. Rather than sealing +# directly to the PCRs, the blob is sealed to an authorizing public +# key. The authorizing private key signs the approved policy PCR +# digest. +# +# Name for 80000001 authorizing key (output of loadexternal below) is +# used to calculate the policy authorize policy +# +# 00044234c24fc1b9de6693a62453417d2734d7538f6f +# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799 +# 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c +# 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466 +# +# Use 0000016a || the above Name, with a following blank line for +# policyRef to make policies/policyauthorizesha[].txt. Use policymaker +# to create the binary policy. This will be the session digest after +# the policyauthorize command. +# +# > policymaker -halg sha[] -if policies/policyauthorizesha[].txt -of policies/policyauthorizesha[].bin -pr +# 16 82 10 58 c0 32 8c c4 e5 2e c4 ec ce 61 6c 0a +# f4 8a 30 88 +# +# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 +# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 +# +# 5c c6 34 89 fe f9 c8 42 7e fe 2c 5f 08 39 74 b6 +# d9 a8 36 02 4a cd d9 70 7e f0 b9 fd 15 26 56 da +# a5 07 0a 9b bf d6 66 df 49 d2 5b 8d 50 8e 16 38 +# +# c9 c8 29 fb bc 75 54 99 db 48 b7 26 88 24 d1 f8 +# 29 72 01 60 6b d6 5f 41 8e 06 98 7e f7 3e 6a 7e +# 25 82 c7 6d 8f 1c 36 43 68 01 ee 56 51 d5 06 b4 +# 68 4c fe d1 d0 6a d7 65 23 3f c2 92 94 fd 2c c5 + +# setup and policy PCR calculations +# +# 16 is the debug PCR, a typical application may seal to PCR 0-7 +# > pcrreset -ha 16 +# +# policies/aaa represents the new 'BIOS' measurement hash extended +# into all PCR banks +# +# > pcrextend -ha 16 -halg [] -if policies/aaa +# +# These are the new PCR values to be authorized. Typically, these are +# calculated by other software based on the enterprise. Here, they're +# just read from the TPM. +# +# > pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns +# +# 1d47f68aced515f7797371b554e32d47981aa0a0 +# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb +# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384 +# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778 +# +# Put the above authorized PCR value in an intermediate file +# policies/policypcr16aaasha1.txt for policymakerpcr, and create the +# policypcr AND term policies/policypcr.txt. policymakerpcr prepends the command code and +# PCR select bit mask. +# +# > policymakerpcr -halg sha[] -bm 010000 -if policies/policypcr16aaasha1.txt -of policies/policypcr.txt -pr -v +# +# 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d +# 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 +# 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932 +# 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f +# +# Send the policymakerpcr AND term result to policymaker to create the +# Policy PCR digest. This is the authorized policy signed by the +# authorizing private key. +# +# > policymaker -halg sha[] -if policies/policypcr.txt -of policies/policypcr16aaasha[].bin -v -pr -ns +# +# 12b6dd164382cae45d0ed07f9e51d163a424f5f2 +# 7644f611ea10d760dab936c3951e1d85ecdb84ce9a7903dde1c7e0a2d909a013 +# eaaa8b90d269b631c08591e4bf29a3128704f2184c02ee836afbc4c67f28c17f86ea22b7003d06fcb457a3b5c4f73c95 +# 1a57258d9964d874f0850f2c8d7041ccbe21c20fdf7e07e6b199ea056646b7fb2355774b967eabe265db5a5282089caf3cc010e499365dec7f0d3e6d2a626d2e + +echo "" +echo "Policy PCR with Policy Authorize (PCR brittleness solution)" +echo "" + +for HALG in ${ITERATE_ALGS} +do + # One time task, create sealed blob with policy of policyauthorize + # with Name of authorizing key + + echo "Create a sealed data object ${HALG}" + ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -if msg.bin -pol policies/policyauthorize${HALG}.bin > run.out + checkSuccess $? + + # Once per new PCR approved values, authorizing PCRs in policy${HALG}.bin + + echo "Openssl generate and sign aHash (empty policyRef) ${HALG}" + openssl dgst -${HALG} -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaa${HALG}.bin > run.out 2>&1 + + # Once per boot, simulating setting PCRs to authorized values + + echo "Reset PCR 16 back to zero" + ${PREFIX}pcrreset -ha 16 > run.out + checkSuccess $? + + echo "PCR extend PCR 16 ${HALG}" + ${PREFIX}pcrextend -ha 16 -halg ${HALG} -if policies/aaa > run.out + checkSuccess $? + + # beginning of unseal process, policy PCR + + echo "Start a policy session ${HALG}" + ${PREFIX}startauthsession -halg ${HALG} -se p > run.out + checkSuccess $? + + echo "Policy PCR, update with the correct digest ${HALG}" + ${PREFIX}policypcr -ha 03000000 -halg ${HALG} -bm 10000 > run.out + checkSuccess $? + + echo "Policy get digest, should be policies/policypcr16aaa${HALG}.bin" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + # policyauthorize process + + echo "Load external just the public part of PEM authorizing key ${HALG} 80000001" + ${PREFIX}loadexternal -hi p -halg ${HALG} -nalg ${HALG} -ipem policies/rsapubkey.pem -ns > run.out + checkSuccess $? + + echo "Verify the signature to generate ticket 80000001 ${HALG}" + ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if policies/policypcr16aaa${HALG}.bin -is pssig.bin -raw -tk tkt.bin > run.out + checkSuccess $? + + echo "Policy authorize using the ticket" + ${PREFIX}policyauthorize -ha 03000000 -appr policies/policypcr16aaa${HALG}.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out + checkSuccess $? + + echo "Get policy digest, should be policies/policyauthorize${HALG}.bin" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Flush the verification public key 80000001" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + # load the sealed blob and unseal + + echo "Load the sealed data object 80000001" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Unseal the data blob using the policy session" + ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the sealed object" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the policy session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + +done + +echo "" +echo "Import and Unseal" +echo "" + +# primary key P1 80000000 +# sealed data S1 80000001 originally under 80000000 +# target storage key K1 80000002 + +for ALG in "rsa2048" "ecc" +do + + echo "Create a sealed data object S1 under the primary key P1 80000000" + ${PREFIX}create -hp 80000000 -bl -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policyccduplicate.bin > run.out + checkSuccess $? + + echo "Load the sealed data object S1 at 80000001" + ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ${ALG} storage key K1 80000002" + ${PREFIX}load -hp 80000000 -ipr store${ALG}priv.bin -ipu store${ALG}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Start a policy session 03000000" + ${PREFIX}startauthsession -se p > run.out + checkSuccess $? + + echo "Policy command code, duplicate" + ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out + checkSuccess $? + + echo "Get policy digest" + ${PREFIX}policygetdigest -ha 03000000 > run.out + checkSuccess $? + + echo "Duplicate sealed data object S1 80000001 under ${ALG} K1 80000002" + ${PREFIX}duplicate -ho 80000001 -pwdo sig -hp 80000002 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out + checkSuccess $? + + echo "Flush the original S1 to free object slot for import" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Import S1 under ${ALG} K1 80000002" + ${PREFIX}import -hp 80000002 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv1.bin > run.out + checkSuccess $? + + echo "Load the duplicated sealed data object S1 at 80000001 under ${ALG} K1 80000002" + ${PREFIX}load -hp 80000002 -ipr tmppriv1.bin -ipu tmppub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Unseal the data blob" + ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out + checkSuccess $? + + echo "Verify the unsealed result" + diff msg.bin tmp.bin > run.out + checkSuccess $? + + echo "Flush the sealed data object at 80000001" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + + echo "Flush the storage key at 80000002" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the session" + ${PREFIX}flushcontext -ha 03000000 > run.out + checkSuccess $? + +done + +rm -r tmppriv.bin +rm -r tmppub.bin +rm -r tmp.bin +rm -f tmpdup.bin +rm -f tmpss.bin +rm -f tmppriv1.bin +rm -f pssig.bin +rm -f tkt.bin + +# ${PREFIX}getcapability -cap 1 -pr 80000000 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.bat b/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.bat new file mode 100644 index 000000000000..d6a677f76be0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.bat @@ -0,0 +1,426 @@ +REM ############################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2018 - 2020 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ############################################################################# + +setlocal enableDelayedExpansion + +echo "" +echo "TPM2_CertifyX509" +echo "" + +rem # basic test + +rem # sign%%Arpriv.bin is a restricted signing key +rem # sign%%Apriv.bin is an unrestricted signing key + +set SALG=rsa ecc +set SKEY=rsa2048 ecc + +set i=0 +for %%a in (!SALG!) do set /A i+=1 & set SALG[!i!]=%%a +set i=0 +for %%b in (!SKEY!) do set /A i+=1 & set SKEY[!i!]=%%b +set L=!i! + +for /L %%i in (1,1,!L!) do ( + + echo "Load the !SALG[%%i]! issuer key 80000001 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!rpriv.bin -ipu sign!SKEY[%%i]!rpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the !SALG[%%i]! subject key 80000002 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!priv.bin -ipu sign!SKEY[%%i]!pub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Self Certify CA Root !SKEY[%%i]!" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000001 -halg sha256 -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin -salg !SALG[%%i]! -sub -v -iob 00050472 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + + rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i1.dump + rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh + rem # dumpasn1 -a -l -d tmppart1.bin > tmppart1.dump + rem # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh + rem # dumpasn1 -a -l -d tmpadd1.bin > tmpadd1.dump + rem # dumpasn1 -a -l -d -hh tmpadd1.bin > tmpadd1.dumphh + rem # dumpasn1 -a -l -d tmpx5091.bin > tmpx5091.dump + rem # dumpasn1 -a -l -d -hh tmpx5091.bin > tmpx5091.dumphh + rem # openssl x509 -text -inform der -in tmpx5091.bin -noout > tmpx5091.txt + + echo "Convert issuer X509 DER to PEM" + openssl x509 -inform der -in tmpx5091.bin -out tmpx5091.pem + + echo "Verify !SKEY[%%i]! self signed issuer root" + openssl verify -CAfile tmpx5091.pem tmpx5091.pem + + echo "Signing Key Certify !SALG[%%i]!" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -iob 00040472 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i2.dump +rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh +rem # dumpasn1 -a -l -d tmppart2.bin > tmppart2.dump +rem # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe +rem # dumpasn1 -a -l -d tmpadd2.bin > tmpadd2.dump +rem # dumpasn1 -a -l -d -hh tmpadd2.bin > tmpadd2.dumphh +rem # dumpasn1 -a -l -d tmpx5092.bin > tmpx5092.dump +rem # dumpasn1 -a -l -d -hh tmpx5092.bin > tmpx5092.dumphh +rem # openssl x509 -text -inform der -in tmpx5092.bin -noout > tmpx5092.txt + + echo "Convert subject X509 DER to PEM" + openssl x509 -inform der -in tmpx5092.bin -out tmpx5092.pem + + echo "Verify !SKEY[%%i]! subject against issuer" + openssl verify -CAfile tmpx5091.pem tmpx5092.pem + + + echo "Signing Key Certify !SALG[%%i]! with bad OID" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -iob ffffffff > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) +rem # bad der, test bits for 250 bytes +rem # better to get size from tmppart2.bin + +rem # for bit in {0..2} +rem # do +rem # echo "Signing Key Certify !SKEY[%%i]! testing bit $bit" +rem # %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -bit $bit > run.out + rem IF !ERRORLEVEL! NEQ 0 ( + rem exit /B 1 + rem ) + + echo "Flush the root CA issuer signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the subject signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rem # bad extensions for key type + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for fixedTPM signing key" +echo "" + +for /L %%i in (1,1,!L!) do ( + + echo "Load the !SKEY[%%i]! issuer key 80000001 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!rpriv.bin -ipu sign!SKEY[%%i]!rpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the !SKEY[%%i]! subject key 80000002 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!priv.bin -ipu sign!SKEY[%%i]!pub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! digitalSignature" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,digitalSignature > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! nonRepudiation" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,nonRepudiation > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyEncipherment > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! dataEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,dataEncipherment > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyAgreement" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyAgreement > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyCertSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyCertSign > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! cRLSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,cRLSign > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! encipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,encipherOnly > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! decipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,decipherOnly > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Flush the root CA issuer signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the subject signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for not fixedTPM signing key" +echo "" + +for /L %%i in (1,1,!L!) do ( + + echo "Load the !SKEY[%%i]! issuer key 80000001 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!nfpriv.bin -ipu sign!SKEY[%%i]!nfpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the !SKEY[%%i]! subject key 80000002 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!nfpriv.bin -ipu sign!SKEY[%%i]!nfpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! digitalSignature" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,digitalSignature > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! nonRepudiation" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,nonRepudiation > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyEncipherment > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! dataEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,dataEncipherment > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyAgreement" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyAgreement > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyCertSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyCertSign > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! cRLSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,cRLSign > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! encipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,encipherOnly > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! decipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg!SALG[%%i]!A -ku critical,decipherOnly > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Flush the root CA issuer signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the subject signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for fixedTpm restricted encryption key" +echo "" + +for /L %%i in (1,1,!L!) do ( + + echo "Load the !SKEY[%%i]! issuer key 80000001 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr sign!SKEY[%%i]!rpriv.bin -ipu sign!SKEY[%%i]!rpub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Load the !SKEY[%%i]! subject key 80000002 under the primary key" + %TPM_EXE_PATH%load -hp 80000000 -ipr store!SKEY[%%i]!priv.bin -ipu store!SKEY[%%i]!pub.bin -pwdp sto > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! digitalSignature" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,digitalSignature > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! nonRepudiation" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,nonRepudiation > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyEncipherment > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! dataEncipherment" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,dataEncipherment > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyAgreement" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyAgreement > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! keyCertSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,keyCertSign > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! cRLSign" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,cRLSign > run.out + IF !ERRORLEVEL! EQU 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! encipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,encipherOnly > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Signing Key Certify !SALG[%%i]! decipherOnly" + %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg !SALG[%%i]! -ku critical,decipherOnly > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the root CA issuer signing key" + %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + + echo "Flush the subject signing key" + %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out + IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 + ) + +) + +rem # cleanup + +rm tmppart1.bin +rm tmpadd1.bin +rm tmptbs1.bin +rm tmpsig1.bin +rm tmpx5091.bin +rm tmpx5091.pem +rm tmpx5092.pem +rm tmpx509i.bin +rm tmppart2.bin +rm tmpadd2.bin +rm tmptbs2.bin +rm tmpsig2.bin +rm tmpx5092.bin + +exit /B 0 diff --git a/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.sh b/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.sh new file mode 100755 index 000000000000..a41cfcca1a48 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/regtests/testx509.sh @@ -0,0 +1,342 @@ +#!/bin/bash +# + +################################################################################# +# # +# TPM2 regression test # +# Written by Ken Goldman # +# IBM Thomas J. Watson Research Center # +# # +# (c) Copyright IBM Corporation 2019 - 2020 # +# # +# All rights reserved. # +# # +# Redistribution and use in source and binary forms, with or without # +# modification, are permitted provided that the following conditions are # +# met: # +# # +# Redistributions of source code must retain the above copyright notice, # +# this list of conditions and the following disclaimer. # +# # +# Redistributions in binary form must reproduce the above copyright # +# notice, this list of conditions and the following disclaimer in the # +# documentation and/or other materials provided with the distribution. # +# # +# Neither the names of the IBM Corporation nor the names of its # +# contributors may be used to endorse or promote products derived from # +# this software without specific prior written permission. # +# # +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# # +################################################################################# + +# The mbedtls port does not support TPM2_CertifyX509 yet */ + +if [ ${CRYPTOLIBRARY} == "openssl" ]; then + +echo "" +echo "TPM2_CertifyX509" +echo "" + +# basic test + +# sign${SKEY[i]}rpriv.bin is a restricted signing key +# sign${SKEY[i]}priv.bin is an unrestricted signing key + +SALG=(rsa ecc) +SKEY=(rsa2048 ecc) + +for ((i = 0 ; i < 2 ; i++)) +do + + echo "Load the ${SALG[i]} issuer key 80000001 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ${SALG[i]} subject key 80000002 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}priv.bin -ipu sign${SKEY[i]}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Signing Key Self Certify CA Root ${SALG[i]}" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000001 -halg sha256 -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin -salg ${SALG[i]} -sub -v -iob 00050472 > run.out + checkSuccess $? + + + # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i1.dump + # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh + # dumpasn1 -a -l -d tmppart1.bin > tmppart1.dump + # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh + # dumpasn1 -a -l -d tmpadd1.bin > tmpadd1.dump + # dumpasn1 -a -l -d -hh tmpadd1.bin > tmpadd1.dumphh + # dumpasn1 -a -l -d tmpx5091.bin > tmpx5091.dump + # dumpasn1 -a -l -d -hh tmpx5091.bin > tmpx5091.dumphh + # openssl x509 -text -inform der -in tmpx5091.bin -noout > tmpx5091.txt + + echo "Convert issuer X509 DER to PEM" + openssl x509 -inform der -in tmpx5091.bin -out tmpx5091.pem > run.out 2>&1 + echo " INFO:" + + echo "Verify ${SALG[i]} self signed issuer root" + echo -n " INFO: " + openssl verify -CAfile tmpx5091.pem tmpx5091.pem > run.out 2>&1 + + echo "Signing Key Certify ${SALG[i]}" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -iob 00040472 > run.out + checkSuccess $? + + # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i2.dump + # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh + # dumpasn1 -a -l -d tmppart2.bin > tmppart2.dump + # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe + # dumpasn1 -a -l -d tmpadd2.bin > tmpadd2.dump + # dumpasn1 -a -l -d -hh tmpadd2.bin > tmpadd2.dumphh + # dumpasn1 -a -l -d tmpx5092.bin > tmpx5092.dump + # dumpasn1 -a -l -d -hh tmpx5092.bin > tmpx5092.dumphh + # openssl x509 -text -inform der -in tmpx5092.bin -noout > tmpx5092.txt + + echo "Convert subject X509 DER to PEM" + openssl x509 -inform der -in tmpx5092.bin -out tmpx5092.pem > run.out 2>&1 + echo " INFO:" + + echo "Verify ${SALG[i]} subject against issuer" + echo -n " INFO: " + openssl verify -CAfile tmpx5091.pem tmpx5092.pem > run.out 2>&1 + + + echo "Signing Key Certify ${SALG[i]} with bad OID" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -iob ffffffff > run.out + checkFailure $? + +# bad der, test bits for 250 bytes +# better to get size from tmppart2.bin + + # for bit in {0..2} + # do + # echo "Signing Key Certify ${SALG[i]} testing bit $bit" + # ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -bit $bit > run.out + # checkSuccess0 $? + # done + + echo "Flush the root CA issuer signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the subject signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +# bad extensions for key type + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for fixedTPM signing key" +echo "" + +for ((i = 0 ; i < 2 ; i++)) +do + + echo "Load the ${SALG[i]} issuer key 80000001 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ${SALG[i]} subject key 80000002 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}priv.bin -ipu sign${SKEY[i]}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} digitalSignature" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,digitalSignature > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} nonRepudiation" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,nonRepudiation > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} keyEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyEncipherment > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} dataEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,dataEncipherment > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} keyAgreement" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyAgreement > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} keyCertSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyCertSign > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} cRLSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,cRLSign > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} encipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,encipherOnly > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} decipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,decipherOnly > run.out + checkFailure $? + + echo "Flush the root CA issuer signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the subject signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for not fixedTPM signing key" +echo "" + +for ((i = 0 ; i < 2 ; i++)) +do + + echo "Load the ${SALG[i]} issuer key 80000001 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}nfpriv.bin -ipu sign${SKEY[i]}nfpub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ${SALG[i]} subject key 80000002 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}nfpriv.bin -ipu sign${SKEY[i]}nfpub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} digitalSignature" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,digitalSignature > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} nonRepudiation" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,nonRepudiation > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} keyEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SAL[i]} -ku critical,keyEncipherment > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} dataEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,dataEncipherment > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} keyAgreement" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyAgreement > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} keyCertSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyCertSign > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} cRLSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,cRLSign > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} encipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,encipherOnly > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} decipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,decipherOnly > run.out + checkFailure $? + + echo "Flush the root CA issuer signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the subject signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +echo "" +echo "TPM2_CertifyX509 Key Usage Extension for fixedTpm restricted encryption key" +echo "" + +for ((i = 0 ; i < 2 ; i++)) +do + + echo "Load the ${SALG[i]} issuer key 80000001 under the primary key" + ${PREFIX}load -hp 80000000 -ipr sign${SKEY[i]}rpriv.bin -ipu sign${SKEY[i]}rpub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Load the ${SALG[i]} subject key 80000002 under the primary key" + ${PREFIX}load -hp 80000000 -ipr store${SKEY[i]}priv.bin -ipu store${SKEY[i]}pub.bin -pwdp sto > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} digitalSignature" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,digitalSignature > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} nonRepudiation" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,nonRepudiation > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} keyEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyEncipherment > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} dataEncipherment" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,dataEncipherment > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} keyAgreement" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyAgreement > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} keyCertSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,keyCertSign > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} cRLSign" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,cRLSign > run.out + checkFailure $? + + echo "Signing Key Certify ${SALG[i]} encipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,encipherOnly > run.out + checkSuccess $? + + echo "Signing Key Certify ${SALG[i]} decipherOnly" + ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG[i]} -ku critical,decipherOnly > run.out + checkSuccess $? + + echo "Flush the root CA issuer signing key" + ${PREFIX}flushcontext -ha 80000001 > run.out + checkSuccess $? + + echo "Flush the subject signing key" + ${PREFIX}flushcontext -ha 80000002 > run.out + checkSuccess $? + +done + +# cleanup + +rm -r tmppart1.bin +rm -r tmpadd1.bin +rm -r tmptbs1.bin +rm -r tmpsig1.bin +rm -r tmpx5091.bin +rm -r tmpx5091.pem +rm -r tmpx5092.pem +rm -r tmpx509i.bin +rm -r tmppart2.bin +rm -r tmpadd2.bin +rm -r tmptbs2.bin +rm -r tmpsig2.bin +rm -r tmpx5092.bin + +# openssl only +fi diff --git a/libstb/tss2/ibmtpm20tss/utils/returncode.c b/libstb/tss2/ibmtpm20tss/utils/returncode.c new file mode 100644 index 000000000000..428517637d96 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/returncode.c @@ -0,0 +1,78 @@ +/********************************************************************************/ +/* */ +/* Return Code Hex to String */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: returncode.c 1290 2018-08-01 14:45:24Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2017. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include +#include + +static void printUsage(void); + +int main(int argc, char *argv[]) +{ + TPM_RC rc; + const char *msg; + const char *submsg; + const char *num; + + if (argc < 2) { + printf("returncode: needs argument\n"); + return EXIT_FAILURE; + } + if (strcmp(argv[1], "-h") == 0) { + printUsage(); + } + + rc = strtoul(argv[1], NULL, 16); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + return 0; +} + +static void printUsage(void) +{ + printf("\n"); + printf("Usage: returncode hex-number\n"); + printf("\n"); + printf("Returns the TPM_RC name and text for the return code\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/rewrap.c b/libstb/tss2/ibmtpm20tss/utils/rewrap.c new file mode 100644 index 000000000000..7a996b2ae16c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/rewrap.c @@ -0,0 +1,349 @@ +/********************************************************************************/ +/* */ +/* Rewrap */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Rewrap_In in; + Rewrap_Out out; + TPMI_DH_OBJECT oldParent = 0; + TPMI_DH_OBJECT newParent = 0; + const char *oldParentPassword = NULL; + const char *inDuplicateFilename = NULL; + const char *nameFilename = NULL; + const char *inSymSeedFilename = NULL; + const char *outDuplicateFilename = NULL; + const char *outSymSeedFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (oldParent == 0) { + printf("Missing or bad object old parent handle -ho\n"); + printUsage(); + } + if (newParent == 0) { + printf("Missing or bad object new parent handle -hn\n"); + printUsage(); + } + if (inDuplicateFilename == NULL) { + printf("Missing duplicate private area parameter -id\n"); + printUsage(); + } + if (nameFilename == NULL) { + printf("Missing name parameter -in\n"); + printUsage(); + } + if (inSymSeedFilename == NULL) { + printf("Missing input symmetric seed parameter -iss\n"); + printUsage(); + } + if (rc == 0) { + in.oldParent = oldParent; + in.newParent = newParent; + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.inDuplicate.b, + sizeof(in.inDuplicate.t.buffer), + inDuplicateFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.name.b, + sizeof(in.name.t.name), + nameFilename); + } + if (rc == 0) { + rc = TSS_File_Read2B(&in.inSymSeed.b, + sizeof(in.inSymSeed.t.secret), + inSymSeedFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Rewrap, + sessionHandle0, oldParentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (outDuplicateFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outDuplicate.t.buffer, + out.outDuplicate.t.size, + outDuplicateFilename); + } + if ((rc == 0) && (outSymSeedFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret, + out.outSymSeed.t.size, + outSymSeedFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("rewrap: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("rewrap: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("rewrap\n"); + printf("\n"); + printf("Runs TPM2_Rewrap\n"); + printf("\n"); + printf("\t-ho\thandle of object old parent\n"); + printf("\t[-pwdo\tpassword for old parent (default empty)]\n"); + printf("\t-hn\thandle of object new parent\n"); + printf("\t-id\tduplicate private area file name\n"); + printf("\t-in\tobject name file name\n"); + printf("\t-iss\tinput symmetric seed file name"); + printf("\n"); + printf("\t[-od\trewrap private area file name (default do not save)]\n"); + printf("\t[-oss\tsymmetric seed file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/rsadecrypt.c b/libstb/tss2/ibmtpm20tss/utils/rsadecrypt.c new file mode 100644 index 000000000000..f43fb178a1fe --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/rsadecrypt.c @@ -0,0 +1,512 @@ +/********************************************************************************/ +/* */ +/* RSA_Decrypt */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printRsaDecrypt(RSA_Decrypt_Out *out); +static TPM_RC getKeySize(TSS_CONTEXT *tssContext, + TPMI_RSA_KEY_BITS *keyBits, + TPMI_DH_PCR objectHandle); +static TPM_RC padData(uint8_t **buffer, + size_t *padLength, + TPMI_ALG_HASH halg, + TPMI_RSA_KEY_BITS keyBits); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + RSA_Decrypt_In in; + RSA_Decrypt_Out out; + TPMI_DH_OBJECT keyHandle = 0; + TPMI_RSA_KEY_BITS keyBits; + const char *encryptFilename = NULL; + const char *decryptFilename = NULL; + const char *keyPassword = NULL; + const char *keyPasswordFilename = NULL; + uint8_t *keyPasswordBuffer = NULL; + size_t keyPasswordBufferLength = 0; + const char *keyPasswordPtr = NULL; + TPMI_ALG_HASH halg = TPM_ALG_NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + uint16_t written; + size_t length; /* input data */ + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (encryptFilename == NULL) { + printf("Missing encrypted message -ie\n"); + printUsage(); + } + if ((keyPassword != NULL) && (keyPasswordFilename != NULL)) { + printf("Only one of -pwdk and -ipwdk can be specified\n"); + printUsage(); + } + if (rc == 0) { + /* use passsword from command line */ + if (keyPassword != NULL) { + keyPasswordPtr = keyPassword; + } + /* use password from file */ + else if (keyPasswordFilename != NULL) { + rc = TSS_File_ReadBinaryFile(&keyPasswordBuffer, /* freed @2 */ + &keyPasswordBufferLength, + keyPasswordFilename); + keyPasswordPtr = (const char *)keyPasswordBuffer; + } + /* empty password */ + else { + keyPasswordPtr = NULL; + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* get the public modulus size for checks and padding */ + if (rc == 0) { + rc = getKeySize(tssContext, &keyBits, keyHandle); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + encryptFilename); + } + if (rc == 0) { + if (length > (keyBits / 8U)) { + printf("Input data too long %u\n", (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* if an OID was requested, treat the encryptFilename as a hash to be signed */ + if ((rc == 0) && (halg != TPM_ALG_NULL)) { + rc = padData(&buffer, /* realloced to fit */ + &length, /* resized for OID and pad */ + halg, /* gigest algorithm for size and OID */ + keyBits); /* RSA modulus length in bits */ + } + if (rc == 0) { + /* Handle of key that will perform rsa decrypt */ + in.keyHandle = keyHandle; + + /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ + { + in.cipherText.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.cipherText.t.buffer, buffer, length); + } + /* padding scheme */ + { + /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + in.inScheme.scheme = TPM_ALG_NULL; + } + /* label */ + { + /* Table 73 - Definition of TPM2B_DATA Structure */ + in.label.t.size = 0; + } + } + free(buffer); /* @1 */ + buffer = NULL; + + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_RSA_Decrypt, + sessionHandle0, keyPasswordPtr, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (decryptFilename != NULL)) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + &out.message, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu); + } + if ((rc == 0) && (decryptFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), + written - sizeof(uint16_t), + decryptFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printRsaDecrypt(&out); + if (tssUtilsVerbose) printf("rsadecrypt: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("rsadecrypt: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + free(keyPasswordBuffer); /* @2 */ + return rc; +} + +/* padData() is used then the private key operation is a signing operation over a hash. It takes a + 'buffer' of original 'length'. The original length should match the hash algorithm digest size. + + buffer is realloc'ed to the key size, than then padded with the OID for the hash algorithm and + the PKCS1 padding. +*/ + +static TPM_RC padData(uint8_t **buffer, + size_t *padLength, + TPMI_ALG_HASH halg, + TPMI_RSA_KEY_BITS keyBits) +{ + TPM_RC rc = 0; + uint16_t digestSize; + const uint8_t *oid; + uint16_t oidSize; + const uint8_t sha1Oid[] = {SHA1_DER}; + const uint8_t sha256Oid[] = {SHA256_DER}; + const uint8_t sha384Oid[] = {SHA384_DER}; + const uint8_t sha512Oid[] = {SHA512_DER}; + + /* check that the original buffer length matches the hash algorithm */ + if (rc == 0) { + digestSize = TSS_GetDigestSize(halg); + if (digestSize == 0) { + printf("padData: Unsupported hash algorithm %04x\n", halg); + rc = TPM_RC_HASH; + } + } + if (rc == 0) { + if (digestSize != *padLength) { + unsigned long pl = *padLength; + printf("paddata: hash algorithm length %u not equal data length %lu\n", + digestSize, pl); + rc = TPM_RC_VALUE; + } + } + /* realloc the buffer to the key size in bytes */ + if (rc == 0) { + *padLength = keyBits / 8; + rc = TSS_Realloc(buffer, *padLength); + } + /* determine the OID */ + if (rc == 0) { + switch (halg) { + case TPM_ALG_SHA1: + oid = sha1Oid; + oidSize = SHA1_DER_SIZE; + break; + case TPM_ALG_SHA256: + oid = sha256Oid; + oidSize = SHA256_DER_SIZE; + break; + case TPM_ALG_SHA384: + oid = sha384Oid; + oidSize = SHA384_DER_SIZE; + break; + case TPM_ALG_SHA512: + oid = sha512Oid; + oidSize = SHA512_DER_SIZE; + break; + default: + printf("padData: Unsupported hash algorithm %04x\n", halg); + rc = TPM_RC_HASH; + } + } + if (rc == 0) { + /* move the hash to the end */ + memmove(*buffer + *padLength - digestSize, *buffer, digestSize); + /* prepend the OID */ + memcpy(*buffer + *padLength - digestSize - oidSize, oid, oidSize); + /* prepend the PKCS1 pad */ + (*buffer)[0] = 0x00; + (*buffer)[1] = 0x01; + memset(&(*buffer)[2], 0xff, *padLength - 3 - oidSize - digestSize); + (*buffer)[*padLength - oidSize - digestSize - 1] = 0x00; + if (tssUtilsVerbose) TSS_PrintAll("padData: padded data", *buffer, *padLength); + } + return rc; +} + +/* getKeySize() gets the key size in bits */ + +static TPM_RC getKeySize(TSS_CONTEXT *tssContext, + TPMI_RSA_KEY_BITS *keyBits, + TPMI_DH_PCR objectHandle) +{ + TPM_RC rc = 0; + ReadPublic_In in; + ReadPublic_Out out; + + /* call TSS to execute the command */ + if (rc == 0) { + in.objectHandle = objectHandle; + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ReadPublic, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + *keyBits = out.outPublic.publicArea.parameters.rsaDetail.keyBits; + if (tssUtilsVerbose) printf("getKeySize: size %u\n", *keyBits); + } + return rc; +} + +static void printRsaDecrypt(RSA_Decrypt_Out *out) +{ + TSS_PrintAll("outData", out->message.t.buffer, out->message.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("rsadecrypt\n"); + printf("\n"); + printf("Runs TPM2_RSA_Decrypt\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)[\n"); + printf("\t[-ipwdk\tpassword file for key, nul terminated (default empty)]\n"); + printf("\t-ie\tencrypt file name\n"); + printf("\t-od\tdecrypt file name (default do not save)\n"); + printf("\t[-oid\t(sha1, sha256, sha384 sha512)]\n"); + printf("\t\toptionally add OID and PKCS1 padding to the\n"); + printf("\t\tencrypt data (demo of signing with arbitrary OID)\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/rsaencrypt.c b/libstb/tss2/ibmtpm20tss/utils/rsaencrypt.c new file mode 100644 index 000000000000..1ef17c25ebc4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/rsaencrypt.c @@ -0,0 +1,262 @@ +/********************************************************************************/ +/* */ +/* RSA_Encrypt */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static TPM_RC getKeySize(TSS_CONTEXT *tssContext, + TPMI_RSA_KEY_BITS *keyBits, + TPMI_DH_PCR objectHandle); +static void printRsaEncrypt(RSA_Encrypt_Out *out); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + RSA_Encrypt_In in; + RSA_Encrypt_Out out; + TPMI_DH_OBJECT keyHandle = 0; + TPMI_RSA_KEY_BITS keyBits; + const char *decryptFilename = NULL; + const char *encryptFilename = NULL; + + uint16_t written = 0; + size_t length = 0; + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i (keyBits / 8U)) { + printf("Input data too long %u\n", (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* Handle of key that will perform rsaencrypting */ + in.keyHandle = keyHandle; + + /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ + { + in.message.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.message.t.buffer, buffer, length); + } + /* padding scheme */ + { + /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + in.inScheme.scheme = TPM_ALG_NULL; + } + /* label */ + { + /* NOTE: label requires the last byte to be zero. I.e., when implemented, do not set + the in.label.t.size to strlen() */ + /* Table 73 - Definition of TPM2B_DATA Structure */ + in.label.t.size = 0; + } + } + free (buffer); /* @1 */ + buffer = NULL; + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_RSA_Encrypt, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (encryptFilename != NULL)) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + &out.outData, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu); + } + if ((rc == 0) && (encryptFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), + written - sizeof(uint16_t), + encryptFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) printRsaEncrypt(&out); + if (tssUtilsVerbose) printf("rsaencrypt: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("rsaencrypt: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(buffer); /* @1 */ + return rc; +} + +/* getKeySize() gets the key size in bits */ + +static TPM_RC getKeySize(TSS_CONTEXT *tssContext, + TPMI_RSA_KEY_BITS *keyBits, + TPMI_DH_PCR objectHandle) +{ + TPM_RC rc = 0; + ReadPublic_In in; + ReadPublic_Out out; + + /* call TSS to execute the command */ + if (rc == 0) { + in.objectHandle = objectHandle; + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ReadPublic, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + *keyBits = out.outPublic.publicArea.parameters.rsaDetail.keyBits; + if (tssUtilsVerbose) printf("getKeySize: size %u\n", *keyBits); + } + return rc; +} + +static void printRsaEncrypt(RSA_Encrypt_Out *out) +{ + TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size); +} + +static void printUsage(void) +{ + printf("\n"); + printf("rsaencrypt\n"); + printf("\n"); + printf("Runs TPM2_RSA_Encrypt\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t-id\tdecrypt file name\n"); + printf("\t[-oe\tencrypt file name (default do not save)]\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/sequencecomplete.c b/libstb/tss2/ibmtpm20tss/utils/sequencecomplete.c new file mode 100644 index 000000000000..20076cb9155f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/sequencecomplete.c @@ -0,0 +1,336 @@ +/********************************************************************************/ +/* */ +/* SequenceComplete */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + SequenceComplete_In in; + SequenceComplete_Out out; + char hierarchyChar = 'n'; + TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; + TPMI_DH_OBJECT sequenceHandle = 0; + const char *inFilename = NULL; + const char *outFilename = NULL; + const char *ticketFilename = NULL; + const char *sequencePassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + size_t length = 0; + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (hierarchyChar == 'e') { + hierarchy = TPM_RH_ENDORSEMENT; + } + else if (hierarchyChar == 'o') { + hierarchy = TPM_RH_OWNER; + } + else if (hierarchyChar == 'p') { + hierarchy = TPM_RH_PLATFORM; + } + else if (hierarchyChar == 'n') { + hierarchy = TPM_RH_NULL; + } + else { + printf("Bad parameter %c for -hi\n", hierarchyChar); + printUsage(); + } + in.hierarchy = hierarchy; + } + if (sequenceHandle == 0) { + printf("Missing sequence handle parameter -hs\n"); + printUsage(); + } + if ((rc == 0) && (inFilename != NULL)) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + inFilename); + } + if (rc == 0) { + if (length > sizeof(in.buffer.t.buffer)) { + printf("Input data too long %u\n", (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* Handle of key that will perform update */ + in.sequenceHandle = sequenceHandle; + + /* data for update */ + in.buffer.t.size = (uint16_t)length; + if (length > 0) { + memcpy(in.buffer.t.buffer, buffer, length); + } + } + free(buffer); /* @1 */ + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_SequenceComplete, + sessionHandle0, sequencePassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (outFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.result.t.buffer, + out.result.t.size, + outFilename); + } + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.validation, + (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshalu, + ticketFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_PrintAll("Result", out.result.t.buffer, out.result.t.size); + if (tssUtilsVerbose) printf("sequencecomplete: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("sequencecomplete: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("sequencecomplete\n"); + printf("\n"); + printf("Runs TPM2_SequenceComplete\n"); + printf("\n"); + printf("\t-hs\tsequence handle\n"); + printf("\t[-pwds\tpassword for sequence (default empty)]\n"); + printf("\t[-if\tinput file to be added (default no data)]\n"); + printf("\t[-of\tresult file name]\n"); + printf("\t[-tk\tticket file name]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/sequenceupdate.c b/libstb/tss2/ibmtpm20tss/utils/sequenceupdate.c new file mode 100644 index 000000000000..c29698b1cba5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/sequenceupdate.c @@ -0,0 +1,268 @@ +/********************************************************************************/ +/* */ +/* SequenceUpdate */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + SequenceUpdate_In in; + TPMI_DH_OBJECT sequenceHandle = 0; + const char *inFilename = NULL; + const char *sequencePassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + size_t length = 0; + uint8_t *buffer = NULL; /* for the free */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (sequenceHandle == 0) { + printf("Missing sequence handle parameter -hs\n"); + printUsage(); + } + if (inFilename == NULL) { + printf("Missing input file -if\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + inFilename); + } + if (rc == 0) { + if (length > sizeof(in.buffer.t.buffer)) { + printf("Input data too long %u\n", (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + /* Handle of key that will perform update */ + in.sequenceHandle = sequenceHandle; + + /* data for update */ + in.buffer.t.size = (uint16_t)length; + memcpy(in.buffer.t.buffer, buffer, length); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_SequenceUpdate, + sessionHandle0, sequencePassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + free(buffer); /* @1 */ + if (rc == 0) { + if (tssUtilsVerbose) printf("sequenceupdate: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("sequenceupdate: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("sequenceupdate\n"); + printf("\n"); + printf("Runs TPM2_SequenceUpdate\n"); + printf("\n"); + printf("\t-hs\tsequence handle\n"); + printf("\t[-pwds\tpassword for sequence (default empty)]\n"); + printf("\t-if\tinput file to be HMACed\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t\t01 continue\n"); + printf("\t\t20 command decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/setcommandcodeauditstatus.c b/libstb/tss2/ibmtpm20tss/utils/setcommandcodeauditstatus.c new file mode 100644 index 000000000000..7a880ae7db43 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/setcommandcodeauditstatus.c @@ -0,0 +1,298 @@ +/********************************************************************************/ +/* */ +/* SetCommandCodeAuditStatus */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + SetCommandCodeAuditStatus_In in; + TPM_CC commandCode; + char authHandleChar = 'p'; + const char *authPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.auditAlg = TPM_ALG_NULL; /* default, don't change */ + in.setList.count = 0; + in.clearList.count = 0; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (authHandleChar == 'o') { + in.auth = TPM_RH_OWNER; + } + else if (authHandleChar == 'p') { + in.auth = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_SetCommandCodeAuditStatus, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("setcommandcodeauditstatus: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("setcommandcodeauditstatus: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("setprimarypolicy\n"); + printf("\n"); + printf("Runs TPM2_SetCommandCodeAuditStatus\n"); + printf("\n"); + printf("\t[-hi\tauthhandle hierarchy (o, p) (default platform)]\n"); + printf("\t[-pwda\tauthorization password (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default null)]\n"); + printf("\t[-set\tcommand code to set (may be specified more than once (default none)]\n"); + printf("\t[-clr\tcommand code to clear (may be specified more than once (default none)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/setprimarypolicy.c b/libstb/tss2/ibmtpm20tss/utils/setprimarypolicy.c new file mode 100644 index 000000000000..619937f83704 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/setprimarypolicy.c @@ -0,0 +1,300 @@ +/********************************************************************************/ +/* */ +/* SetPrimaryPolicy */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2018 + 9. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + SetPrimaryPolicy_In in; + char authHandleChar = 'p'; + const char *authPassword = NULL; + const char *policyFilename = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.hashAlg = TPM_ALG_NULL; /* default */ + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (policyFilename != NULL) { + if (in.hashAlg == TPM_ALG_NULL) { + printf("-pol requires -halg\n"); + printUsage(); + } + } + else { + if (in.hashAlg != TPM_ALG_NULL) { + printf("-halg requires -pol\n"); + printUsage(); + } + } + /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ + if (rc == 0) { + if (authHandleChar == 'l') { + in.authHandle = TPM_RH_LOCKOUT; + } + else if (authHandleChar == 'e') { + in.authHandle = TPM_RH_ENDORSEMENT; + } + else if (authHandleChar == 'o') { + in.authHandle = TPM_RH_OWNER; + } + else if (authHandleChar == 'p') { + in.authHandle = TPM_RH_PLATFORM; + } + else { + printf("Missing or illegal -hi\n"); + printUsage(); + } + } + /* authorization policy */ + if (policyFilename != NULL) { + rc = TSS_File_Read2B(&in.authPolicy.b, + sizeof(in.authPolicy.t.buffer), + policyFilename); + } + else { + in.authPolicy.t.size = 0; /* default empty policy */ + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_SetPrimaryPolicy, + sessionHandle0, authPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("setprimarypolicy: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("setprimarypolicy: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("setprimarypolicy\n"); + printf("\n"); + printf("Runs TPM2_SetPrimaryPolicy\n"); + printf("\n"); + printf("\t[-hi\tauthhandle hierarchy (l, e, o, p) (default platform)]\n"); + printf("\t[-pwda\tauthorization password (default empty)]\n"); + printf("\t[-pol\tpolicy file (default empty policy)]\n"); + printf("\t[-halg\t(sha1, sha256) (default null)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/shutdown.c b/libstb/tss2/ibmtpm20tss/utils/shutdown.c new file mode 100644 index 000000000000..8a3cb634fa86 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/shutdown.c @@ -0,0 +1,129 @@ +/********************************************************************************/ +/* */ +/* Shutdown */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include +#include + +static void printUsage(void); +TPM_RC shutdownCommand(TPM_SU shutdownType); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Shutdown_In in; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + in.shutdownType = TPM_SU_CLEAR; /* default */ + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Sign_In in; + Sign_Out out; + TPMI_DH_OBJECT keyHandle = 0; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_RSASSA; + const char *messageFilename = NULL; + const char *counterFilename = NULL; + const char *ticketFilename = NULL; + const char *publicKeyFilename = NULL; + const char *signatureFilename = NULL; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + unsigned char *data = NULL; /* message */ + size_t length; + uint32_t sizeInBytes; /* hash algorithm mapped to size */ + TPMT_HA digest; /* digest of the message */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (messageFilename == NULL) { + printf("Missing message file name -if\n"); + printUsage(); + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if ((scheme == TPM_ALG_ECDAA) && (counterFilename == NULL)) { + printf("Missing counter file name -cf for ECDAA algorithm\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&data, /* freed @1 */ + &length, + messageFilename); + } + /* hash the file */ + if (rc == 0) { + digest.hashAlg = halg; + sizeInBytes = TSS_GetDigestSize(digest.hashAlg); + rc = TSS_Hash_Generate(&digest, + length, data, + 0, NULL); + } + if (rc == 0) { + /* Handle of key that will perform signing */ + in.keyHandle = keyHandle; + + /* digest to be signed */ + in.digest.t.size = sizeInBytes; + memcpy(&in.digest.t.buffer, (uint8_t *)&digest.digest, sizeInBytes); + /* Table 145 - Definition of TPMT_SIG_SCHEME inScheme */ + in.inScheme.scheme = scheme; + /* Table 144 - Definition of TPMU_SIG_SCHEME details > */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + if ((scheme == TPM_ALG_RSASSA) || + (scheme == TPM_ALG_RSAPSS)) { + in.inScheme.details.rsassa.hashAlg = halg; + } + else if (scheme == TPM_ALG_ECDAA) { + in.inScheme.details.ecdaa.hashAlg = halg; + rc = TSS_File_ReadStructure(&in.inScheme.details.ecdaa.count, + (UnmarshalFunction_t)TSS_UINT16_Unmarshalu, + counterFilename); + } + else { /* scheme TPM_ALG_ECDSA */ + in.inScheme.details.ecdsa.hashAlg = halg; + } + } + if (rc == 0) { + if (ticketFilename == NULL) { + /* proof that digest was created by the TPM (NULL ticket) */ + /* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ + in.validation.tag = TPM_ST_HASHCHECK; + in.validation.hierarchy = TPM_RH_NULL; + in.validation.digest.t.size = 0; + } + else { + rc = TSS_File_ReadStructure(&in.validation, + (UnmarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Unmarshalu, + ticketFilename); + } + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Sign, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (signatureFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.signature, + (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshalu, + signatureFilename); + } + /* if a public key was specified, use openssl to verify the signature using an openssl RSA + format key token */ + if (publicKeyFilename != NULL) { + TPM2B_PUBLIC public; + void *rsaPubKey = NULL; + if (rc == 0) { + rc = TSS_File_ReadStructureFlag(&public, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + TRUE, /* NULL permitted */ + publicKeyFilename); + } + /* construct the OpenSSL RSA public key token */ + if (rc == 0) { + unsigned char earr[3] = {0x01, 0x00, 0x01}; + rc = TSS_RSAGeneratePublicTokenI + (&rsaPubKey, /* freed @2 */ + public.publicArea.unique.rsa.t.buffer, /* public modulus */ + public.publicArea.unique.rsa.t.size, + earr, /* public exponent */ + sizeof(earr)); + } + /* + verify the TPM signature + */ + if (rc == 0) { + rc = verifyRSASignatureFromRSA((uint8_t *)&in.digest.t.buffer, + in.digest.t.size, + &out.signature, + halg, + rsaPubKey); + + } + TSS_RsaFree(rsaPubKey); /* @2 */ + } + free(data); /* @1 */ + if (rc == 0) { + if (tssUtilsVerbose) printf("sign: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("sign: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("sign\n"); + printf("\n"); + printf("Runs TPM2_Sign\n"); + printf("\n"); + printf("\t-hk\tkey handle\n"); + printf("\t-if\tinput message to hash and sign\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n"); + printf("\t[-scheme signing scheme (rsassa, rsapss, ecdsa, ecdaa, hmac)]\n"); + printf("\t\t(default rsassa, ecdsa, hmac)]\n"); + printf("\t[-cf\tinput counter file (commit count required for ECDAA scheme]\n"); + printf("\t[-ipu\tpublic key file name to verify signature (default no verify)]\n"); + printf("\t\tVerify only supported for RSA now\n"); + printf("\t[-os\tsignature file name (default do not save)]\n"); + printf("\t[-tk\tticket file name]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/signapp.c b/libstb/tss2/ibmtpm20tss/utils/signapp.c new file mode 100644 index 000000000000..29514eb1393e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/signapp.c @@ -0,0 +1,836 @@ +/********************************************************************************/ +/* */ +/* Sign Application */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + Demo application, and test of "no file TSS" + + Prerequisite: A provisioned EK certificate. Use 'clientek' in the acs directory to provision a + software TPM EK certificate. + + Program steps: + + Create an EK. The EK would not normally be the storage root key, but this demonstrates use of a + policy session, creating an EK primary key using the EK template, and validation of the EK + against the EK certificate. + + Start a policy session, salt with EK + + Create a signing key, salted policy session + + Load the signing key, salted policy session + + Start an HMAC session, salt with EK, bind to signing key + + Sign a message, verify the signature + + Flush the signing key + + Flush the EK +*/ + +#include +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "ekutils.h" +#include "objecttemplates.h" + +#define KEYPWD "keypwd" + +static TPM_RC startSession(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION *sessionHandle, + TPM_SE sessionType, + TPMI_DH_OBJECT tpmKey, + TPMI_DH_ENTITY bind, + const char *bindPassword); +static TPM_RC policyRestart(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC policyCommandCode(TSS_CONTEXT *tssContext, + TPM_CC commandCode, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC policyAuthValue(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC policyPassword(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC policySecret(TSS_CONTEXT *tssContext, + TPMI_DH_ENTITY authHandle, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC policyGetDigest(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC createKey(TSS_CONTEXT *tssContext, + TPM2B_PRIVATE *outPrivate, + TPM2B_PUBLIC *outPublic, + TPMI_SH_AUTH_SESSION policySessionHandle, + TPM_HANDLE parentHandle, + const char *keyPassword, + int pwSession); +static TPM_RC loadKey(TSS_CONTEXT *tssContext, + TPM_HANDLE *keyHandle, + TPM_HANDLE parentHandle, + TPMI_SH_AUTH_SESSION policySessionHandle, + TPM2B_PRIVATE *outPrivate, + TPM2B_PUBLIC *outPublic, + int pwSession); +static TPM_RC sign(TSS_CONTEXT *tssContext, + TPMT_SIGNATURE *signature, + TPM_HANDLE keyHandle, + TPMI_SH_AUTH_SESSION sessionHandle, + uint32_t sizeInBytes, + TPMT_HA *messageDigest); +static TPM_RC verify(TSS_CONTEXT *tssContext, + TPM_HANDLE keyHandle, + uint32_t sizeInBytes, + TPMT_HA *messageDigest, + TPMT_SIGNATURE *signature); +static TPM_RC flush(TSS_CONTEXT *tssContext, + TPMI_DH_CONTEXT flushHandle); +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + int pwSession = FALSE; /* default HMAC session */ + const char *messageString = NULL; + uint32_t sizeInBytes; + TPMT_HA messageDigest; /* digest of the message */ + TPMI_SH_AUTH_SESSION policySessionHandle = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle = TPM_RH_NULL; + TPM_HANDLE ekKeyHandle = TPM_RH_NULL; /* primary key handle */ + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM_HANDLE keyHandle = TPM_RH_NULL; /* signing key handle */ + TPMT_SIGNATURE signature; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i> HR_SHIFT); + + if (rc == 0) { + signIn.keyHandle = keyHandle; + signIn.digest.t.size = sizeInBytes; + memcpy(&signIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes); + signIn.inScheme.scheme = TPM_ALG_RSASSA; + signIn.inScheme.details.rsassa.hashAlg = TPM_ALG_SHA256; + signIn.validation.tag = TPM_ST_HASHCHECK; /* optional, to make a ticket */ + signIn.validation.hierarchy = TPM_RH_NULL; + signIn.validation.digest.t.size = 0; + /* password session */ + if (sessionHandle == TPM_RS_PW) { + pwd = KEYPWD; + } + /* policy session is policy password or policy authvalue */ + else if (handleType == TPM_HT_POLICY_SESSION) { + pwd = KEYPWD; + } + /* HMAC session - bound (password ignored) */ + else { + pwd = NULL; + } + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&signOut, + (COMMAND_PARAMETERS *)&signIn, + NULL, + TPM_CC_Sign, + /* bind, observe that no password is required here */ + sessionHandle, pwd, TPMA_SESSION_CONTINUESESSION, + TPM_RH_NULL, NULL, 0); + } + if (rc == 0) { + *signature = signOut.signature; + } + return rc; +} + +/* verify() verifies the signature against the message digest using the previously loaded key in + keyHandle. + + */ + +static TPM_RC verify(TSS_CONTEXT *tssContext, + TPM_HANDLE keyHandle, + uint32_t sizeInBytes, /* hash algorithm mapped to size */ + TPMT_HA *messageDigest, /* digest of the message */ + TPMT_SIGNATURE *signature) +{ + TPM_RC rc = 0; + VerifySignature_In verifySignatureIn; + VerifySignature_Out verifySignatureOut; + + if (rc == 0) { + verifySignatureIn.keyHandle = keyHandle; + verifySignatureIn.digest.t.size = sizeInBytes; + memcpy(&verifySignatureIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes); + verifySignatureIn.signature = *signature; + } + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&verifySignatureOut, + (COMMAND_PARAMETERS *)&verifySignatureIn, + NULL, + TPM_CC_VerifySignature, + TPM_RH_NULL, NULL, 0); + } + return rc; +} + +/* flush() flushes some handle, either a session or the signing key in this demo. + + */ + +static TPM_RC flush(TSS_CONTEXT *tssContext, + TPMI_DH_CONTEXT flushHandle) +{ + TPM_RC rc = 0; + FlushContext_In in; + + if (rc == 0) { + in.flushHandle = flushHandle; + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_FlushContext, + TPM_RH_NULL, NULL, 0); + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("signapp\n"); + printf("\n"); + printf("Runs a TPM2_Sign application, including creating a primary storage key\n"); + printf("and creating and loading a signing key\n"); + printf("\n"); + printf("\t-ic\tinput message to hash and sign\n"); + printf("\n"); + printf("\t[-pwsess\tUse a password session, no HMAC or parameter encryption]\n"); + printf("\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/startauthsession.c b/libstb/tss2/ibmtpm20tss/utils/startauthsession.c new file mode 100644 index 000000000000..d47c731ccdc2 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/startauthsession.c @@ -0,0 +1,301 @@ +/********************************************************************************/ +/* */ +/* StartAuthSession */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + + */ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + StartAuthSession_In in; + StartAuthSession_Out out; + StartAuthSession_Extra extra; + TPMI_DH_OBJECT tpmKey = TPM_RH_NULL; /* salt key */ + TPMI_DH_ENTITY bindHandle = TPM_RH_NULL; /* default */ + const char *bindPassword = NULL; + char seChar = 0; /* session type */ + TPMI_ALG_HASH halg = TPM_ALG_SHA256; /* default */ + TPMI_ALG_SYM algorithm = TPM_ALG_XOR; /* default symmetric algorithm */ + const char *nonceTPMFilename = NULL; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include + +#include +#include + +static void printUsage(void); +TPM_RC selftestCommand(void); +TPM_RC startupCommand(TPM_SU startupType); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + int doStartup = TRUE; /* default startup */ + int doSelftest = FALSE; /* default no self test */ + TPM_SU startupType = TPM_SU_CLEAR; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + StirRandom_In in; + const char *inputFilename = NULL; + + uint8_t *buffer = NULL; /* for the free */ + size_t length = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i sizeof(in.inData.t.buffer)) { + printf("Input data too long %u\n", (uint32_t)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + in.inData.t.size = (uint16_t)length; /* cast safe, range tested above */ + memcpy(in.inData.t.buffer, buffer, length); + } + free(buffer); /* @1 */ + buffer = NULL; + + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + NULL, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_StirRandom, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if (rc == 0) { + if (tssUtilsVerbose) printf("stirrandom: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("stirrandom: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("stirrandom\n"); + printf("\n"); + printf("Runs TPM2_StirRandom\n"); + printf("\n"); + printf("\t-if\tinput file name\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/timepacket.c b/libstb/tss2/ibmtpm20tss/utils/timepacket.c new file mode 100644 index 000000000000..a105d555f37b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/timepacket.c @@ -0,0 +1,210 @@ +/********************************************************************************/ +/* */ +/* Time a TPM Command */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2017 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include +#include + +#ifdef TPM_WINDOWS +#include +#include +#endif + +#ifdef TPM_POSIX +#include +#endif + +#include +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + const char *commandFilename = NULL; + unsigned char *commandBufferString = NULL; + unsigned char *commandBuffer = NULL; + size_t commandStringLength; + size_t commandLength; + unsigned int loops = 1; + unsigned int count; + uint8_t responseBuffer[MAX_RESPONSE_SIZE]; + uint32_t responseLength; + time_t startTime; + time_t endTime; + double timeDiff = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include + +/* Windows 10 crypto API clashes with openssl */ +#ifdef TPM_WINDOWS +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#endif + +#include +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + const char *publicKeyFilename = NULL; + const char *pemFilename = NULL; + TPM2B_PUBLIC public; + + tssUtilsVerbose = FALSE; + for (i=1 ; (i +#include +#include + +/* FIXME should really be in tpmtcpprotocol.h */ +#ifdef TPM_WINDOWS +#include /* for simulator startup */ +#endif + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + uint32_t command = 0; + const char *message = ""; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i +#include +#include +#include +#include +#include + +#include +#include + +#include + +#define LOAD32(buffer,offset) ( ntohl(*(uint32_t *)&(buffer)[(offset)]) ) + +#ifndef SSIZE_MAX +#define SSIZE_MAX INT_MAX +#endif + +/* standard TCG definitions */ + +typedef unsigned long TSS_RESULT; +typedef unsigned char BYTE; +typedef unsigned short TPM_TAG; + +/* local constants */ + +#define ERROR_CODE -1 +#define DEFAULT_PORT 2321 +#define PACKET_SIZE 4096 +#define TRACE_SIZE (PACKET_SIZE * 4) + +#define SERVER_TYPE_MSSIM 0 +#define SERVER_TYPE_RAW 1 +#define TPM_SEND_COMMAND 8 /* simulator command preamble */ + +/* local prototypes */ + +void printUsage(void); +long getArgs(short *port, + int *verbose, + char **logFileName, + int argc, + char **argv); +void logAll(const char *message, unsigned long length, const unsigned char* buff); + +TSS_RESULT socketInit(SOCKET *sock_fd, short port); +TSS_RESULT socketConnect(SOCKET *accept_fd, + SOCKET sock_fd, + short port); +TSS_RESULT socketRead(SOCKET accept_fd, + char *buffer, + uint32_t *bufferLength, + size_t bufferSize); +TSS_RESULT socketReadBytes(SOCKET accept_fd, + char *buffer, + size_t nbytes); +TSS_RESULT socketWrite(SOCKET accept_fd, + const char *buffer, + size_t buffer_length); +TSS_RESULT socketDisconnect(SOCKET accept_fd); + +void TPM_HandleWsaStartupError(const char *prefix, + int irc); +void TPM_HandleWsaError(const char *prefix); +void TPM_GetWsaStartupError(int status, + const char **error_string); +void TPM_GetWsaError(const char **error_string); + +void TPM_GetTBSError(const char *prefix, + TBS_RESULT rc); +void CheckTPMError(const char *prefix, + unsigned char *response); + +/* global variable for trace logging */ + +int verbose; /* verbose debug tracing */ +char *logFilename; /* trace log file name */ +char logMsg[TRACE_SIZE]; /* since it's big, put it here rather than on the stack */ + +/* global socket server format type */ + +int serverType = SERVER_TYPE_MSSIM; /* default MS simulator format */ + +#define false 0 +#define true 1 + +int main(int argc, char** argv) +{ + TBS_RESULT rc = 0; + TBS_RESULT rc1 = 0; + time_t start_time; + int contextOpened = false; + SOCKET sock_fd; /* server socket */ + SOCKET accept_fd; /* server accept socket for a packet */ + int socketOpened = FALSE; + + TBS_HCONTEXT hContext = 0; + TBS_CONTEXT_PARAMS2 contextParams; + + /* TPM command and response */ + BYTE command[PACKET_SIZE]; + uint32_t commandLength; + BYTE response[PACKET_SIZE]; + uint32_t responseLength; + + /* command line arguments */ + short port; /* TCPIP server port */ + + /* command line argument defaults */ + port = DEFAULT_PORT; + logFilename = NULL; + verbose = FALSE; + + /* initialization */ + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe */ + start_time = time(NULL); + + /* get command line arguments */ + if (rc == 0) { + rc = getArgs(&port, &verbose, &logFilename, + argc, argv); + } + /* open HW TPM device driver */ + if (rc == 0) { + if (verbose) printf("tpmproxy: start at %s", ctime(&start_time)); + if (verbose) printf("tpmproxy: server type %s\n", + (serverType == SERVER_TYPE_MSSIM) ? "MS simulator" : "raw"); + contextParams.version = TBS_CONTEXT_VERSION_TWO; + contextParams.includeTpm12 = 0; + contextParams.includeTpm20 = 1; + rc = Tbsi_Context_Create((TBS_CONTEXT_PARAMS *)&contextParams, + &hContext); + + if (verbose) printf("tpmproxy: Tbsi_Context_Create rc %08x\n", rc); + if (rc == 0) { + contextOpened = true; + } + else { + TPM_GetTBSError("Tbsi_Context_Create ", rc); + } + } + /* open / initialize server socket */ + if (rc == 0) { + if (verbose) printf("Opening socket at port %hu\n", port); + rc = socketInit(&sock_fd, port); + if (rc != 0) { + printf("tpmproxy: socket open failed\n"); + } + else { + socketOpened = TRUE; + } + } + /* main loop */ + while (rc == 0) { + /* connect to the client application */ + if (rc == 0) { + if (verbose) printf("Connecting on socket %hu\n", port); + rc = socketConnect(&accept_fd, sock_fd, port); + } + /* read a command from client */ + if (rc == 0) { + rc = socketRead(accept_fd, + (char *)command, /* windows wants signed */ + &commandLength, + sizeof(command)); + logAll("Command", commandLength, command); + } + /* send command to TPM and receive response */ + if (rc == 0) { + responseLength = sizeof(response); + rc = Tbsip_Submit_Command(hContext, + TBS_COMMAND_LOCALITY_ZERO, + TBS_COMMAND_PRIORITY_NORMAL, + command, + commandLength, + response, + &responseLength); + if (rc != 0) { + TPM_GetTBSError("Tbsi_Context_Create ", rc); + } + } + /* send response to client */ + if (rc == 0) { + logAll("Response", responseLength, response); + rc = socketWrite(accept_fd, + (char *)response, /* windows wants signed char */ + responseLength); + } + /* disconnect from client */ + if (rc == 0) { + rc = socketDisconnect(accept_fd); + } + } + /* close socket */ + if (socketOpened) { + socketDisconnect(sock_fd); + } + /* close TPM */ + if (contextOpened) { + rc1 = Tbsip_Context_Close(hContext); + if (verbose) printf("tpmproxy:Tbsip_Context_Close rc1 %08x\n", rc1); + if (rc == 0) { + rc = rc1; + } + } + if (verbose) printf("tpmproxy: exit rc %08x\n", rc); + return rc; +} + +/* + All the socket code is basically a cut and paste from the TPM 1.2 tpm_io.c +*/ + +TSS_RESULT socketInit(SOCKET *sock_fd, short port) +{ + TSS_RESULT rc = 0; + int irc; + struct sockaddr_in serv_addr; + int opt; + WSADATA wsaData; + + /* initiate use of the Windows Sockets DLL 2.0 */ + if (rc == 0) { + if ((irc = WSAStartup(0x202,&wsaData)) != 0) { /* if not successful */ + printf("socketInit: Error, WSAStartup()\n"); + TPM_HandleWsaStartupError("socketInit:", irc); + rc = ERROR_CODE; + } + } + /* create a tcpip protocol socket */ + if (rc == 0) { + /* if (verbose) printf(" socketInit: Port %hu\n", port); */ + *sock_fd = socket(AF_INET, SOCK_STREAM, 0); /* tcpip socket */ + if (*sock_fd == INVALID_SOCKET) { + printf("socketInit: Error, server socket()\n"); + TPM_HandleWsaError("socketInit:"); + rc = ERROR_CODE; + } + } + if (rc == 0) { + memset(&serv_addr, 0, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; /* Internet socket */ + serv_addr.sin_port = htons(port); /* host to network byte order for short */ + serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* host to network byte order for long */ + opt = 1; + /* Set SO_REUSEADDR before calling bind() for servers that bind to a fixed port number. */ + /* For boolean values, opt must be an int, but the setsockopt prototype is IMHO wrong. + It should take void *, but uses char *. Hence the type cast. */ + irc = setsockopt(*sock_fd, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)); + if (irc == SOCKET_ERROR) { + printf("socketInit: Error, server setsockopt()\n"); + TPM_HandleWsaError("socketInit:"); + closesocket(*sock_fd); + rc = ERROR_CODE; + } + } + /* bind the (local) server port name to the socket */ + if (rc == 0) { + irc = bind(*sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)); + if (irc == SOCKET_ERROR) { + printf("socketInit: Error, server bind()\n"); + printf("socketInit: Is SW TPM listening on this port?\n"); + TPM_HandleWsaError("socketInit:"); + closesocket(*sock_fd); + rc = ERROR_CODE; + } + } + /* listen for a connection to the socket */ + if (rc == 0) { + irc = listen(*sock_fd, SOMAXCONN); + if (irc == SOCKET_ERROR) { + printf("socketInit: Error, server listen()\n"); + TPM_HandleWsaError("socketInit:"); + closesocket(*sock_fd); + rc = ERROR_CODE; + } + } + if (rc != 0) { + WSACleanup(); + } + return rc; +} + +TSS_RESULT socketConnect(SOCKET *accept_fd, + SOCKET sock_fd, + short port) +{ + TSS_RESULT rc = 0; + int cli_len; + struct sockaddr_in cli_addr; /* Internet version of sockaddr */ + + /* accept a connection */ + if (rc == 0) { + cli_len = sizeof(cli_addr); + /* block until connection from client */ + /* printf(" socketConnect: Waiting for connection on port %hu ...\n", port); */ + *accept_fd = accept(sock_fd, (struct sockaddr *)&cli_addr, &cli_len); + if (*accept_fd == SOCKET_ERROR) { + printf("socketConnect: Error, accept()\n"); + TPM_HandleWsaError("socketConnect: "); + closesocket(sock_fd); + WSACleanup(); + rc = ERROR_CODE; + } + } + return rc; +} + +/* socketRead() reads a TPM command packet from the host + + Puts the result in 'buffer' up to 'bufferSize' bytes. + + On success, the number of bytes in the buffer is equal to 'bufferLength' bytes + + This function is intended to be platform independent. +*/ + +TSS_RESULT socketRead(SOCKET accept_fd, /* read/write file descriptor */ + char *buffer, /* output: command stream */ + uint32_t *bufferLength, /* output: command stream length */ + size_t bufferSize) /* input: max size of output buffer */ +{ + TSS_RESULT rc = 0; + uint32_t headerSize; /* minimum required bytes in command through paramSize */ + uint32_t paramSize; /* from command stream */ + uint32_t commandTypeNbo; /* MS simulator format preamble */ + uint32_t commandType; /* MS simulator format preamble */ + uint8_t locality; /* MS simulator format preamble */ + uint32_t lengthNbo; /* MS simulator format preamble */ + + /* if the MS simulator packet format */ + if (serverType == SERVER_TYPE_MSSIM) { + /* read and check the command */ + if (rc == 0) { + rc = socketReadBytes(accept_fd, (char *)&commandTypeNbo, sizeof(uint32_t)); + } + if (rc == 0) { + commandType = LOAD32(&commandTypeNbo, 0); + if (commandType != TPM_SEND_COMMAND) { + printf("socketRead: Error, -mssim preamble is %08x not %08x\n", + commandType,TPM_SEND_COMMAND); + rc = ERROR_CODE; + } + } + /* read and discard the locality */ + if (rc == 0) { + rc = socketReadBytes(accept_fd, &locality, sizeof(uint8_t)); + } + /* read and discard the redundant length */ + if (rc == 0) { + rc = socketReadBytes(accept_fd, (char *)&lengthNbo, sizeof(uint32_t)); + } + } + /* check that the buffer can at least fit the command through the paramSize */ + if (rc == 0) { + headerSize = sizeof(TPM_TAG) + sizeof(uint32_t); + if (bufferSize < headerSize) { + printf("socketRead: Error, buffer size %u less than minimum %u\n", + bufferSize, headerSize); + rc = ERROR_CODE; + } + } + /* read the command through the paramSize from the socket stream */ + if (rc == 0) { + rc = socketReadBytes(accept_fd, buffer, headerSize); + } + if (rc == 0) { + /* extract the paramSize value, last field in header */ + paramSize = LOAD32(buffer, headerSize - sizeof(uint32_t)); + *bufferLength = headerSize + paramSize - (sizeof(TPM_TAG) + sizeof(uint32_t)); + if (bufferSize < *bufferLength) { + printf("socketRead: Error, buffer size %u is less than required %u\n", + bufferSize, *bufferLength); + rc = ERROR_CODE; + } + } + /* read the rest of the command (already read tag and paramSize) */ + if (rc == 0) { + rc = socketReadBytes(accept_fd, + buffer + headerSize, + paramSize - (sizeof(TPM_TAG) + sizeof(uint32_t))); + } + return rc; +} + +/* socketReadBytes() reads nbytes from accept_fd and puts them in buffer. + + The buffer has already been checked for sufficient size. +*/ + +TSS_RESULT socketReadBytes(SOCKET accept_fd, /* read/write file descriptor */ + char *buffer, + size_t nbytes) +{ + TSS_RESULT rc = 0; + int nread = 0; + size_t nleft = nbytes; + + /* read() is unspecified with nbytes too large */ + if (rc == 0) { + if (nleft > SSIZE_MAX) { + rc = ERROR_CODE; + } + } + while ((rc == 0) && (nleft > 0)) { + nread = recv(accept_fd, buffer, nleft, 0); + if ((nread == SOCKET_ERROR) || + (nread < 0)) { /* error */ + printf("socketReadBytes: Error, read() error\n"); + TPM_HandleWsaError("socketReadBytes:"); + socketDisconnect(accept_fd); + rc = ERROR_CODE; + } + else if (nread > 0) { + nleft -= nread; + buffer += nread; + } + else if (nread == 0) { /* EOF */ + printf("socketReadBytes: Error, read EOF, read %u bytes\n", nbytes - nleft); + rc = ERROR_CODE; + } + } + return rc; +} + +/* socketWrite() writes buffer_length bytes from buffer to accept_fd. + + In mmssim mode, it prepends the size and appends the acknowledgement. + */ + +TSS_RESULT socketWrite(SOCKET accept_fd, /* read/write file descriptor */ + const char *buffer, + size_t buffer_length) +{ + TSS_RESULT rc = 0; + int nwritten = 0; + + /* write() is unspecified with buffer_length too large */ + if (rc == 0) { + if (buffer_length > SSIZE_MAX) { + rc = ERROR_CODE; + } + } + /* if the MS simulator packet format */ + if (serverType == SERVER_TYPE_MSSIM) { + /* prepend the leading size */ + if (rc == 0) { + uint32_t bufferLengthNbo = htonl(buffer_length); + send(accept_fd, (const char *)&bufferLengthNbo, sizeof(uint32_t), 0); + } + } + /* test that connection is open to write */ + if (rc == 0) { + if (accept_fd == SOCKET_ERROR) { + printf("socketWrite: Error, connection not open, fd %d\n", + accept_fd); + rc = ERROR_CODE; + } + } + while ((rc == 0) && (buffer_length > 0)) { + nwritten = send(accept_fd, buffer, buffer_length, 0); + if ((nwritten == SOCKET_ERROR) || + (nwritten < 0)) { + printf("socketWrite: Error, send()\n"); + TPM_HandleWsaError("socketWrite:"); /* report the error */ + socketDisconnect(accept_fd); + rc = ERROR_CODE; + } + else { + buffer_length -= nwritten; + buffer += nwritten; + } + } + /* if the MS simulator packet format */ + if (serverType == SERVER_TYPE_MSSIM) { + /* append the trailing acknowledgement */ + if (rc == 0) { + uint32_t acknowledgement = 0; + send(accept_fd, (const char *)&acknowledgement, sizeof(uint32_t), 0); + } + } + return rc; +} + +/* socketDisconnect() breaks the connection between the TPM server and the host client + + This is the Windows platform dependent socket version. +*/ + +TSS_RESULT socketDisconnect(SOCKET accept_fd) +{ + TSS_RESULT rc = 0; + int irc; + + /* close the connection to the client */ + if (verbose) printf("Closing socket\n"); + if (rc == 0) { + irc = closesocket(accept_fd); + accept_fd = SOCKET_ERROR; /* mark the connection closed */ + if (irc == SOCKET_ERROR) { + printf("socketDisconnect: Error, closesocket()\n"); + rc = ERROR_CODE; + } + } + return rc; +} + +void TPM_HandleWsaStartupError(const char *prefix, + int irc) +{ + const char *error_string; + + TPM_GetWsaStartupError(irc, &error_string); + printf("%s %s\n", prefix, error_string); + return; +} + +void TPM_HandleWsaError(const char *prefix) +{ + const char *error_string; + + TPM_GetWsaError(&error_string); + printf("%s %s\n", prefix, error_string); + return; +} + +void TPM_GetWsaStartupError(int status, + const char **error_string) +{ + /* convert WSAStartup status to more useful text. Copy the text to error_string */ + + switch(status) { + case WSASYSNOTREADY: + *error_string = "WSAStartup error: WSASYSNOTREADY underlying network subsystem not ready for " + "network communication"; + break; + case WSAVERNOTSUPPORTED: + *error_string = "WSAStartup error: WSAVERNOTSUPPORTED version requested not provided by WinSock " + "implementation"; + break; + case WSAEINPROGRESS: + *error_string = "WSAStartup error: WSAEINPROGRESS blocking WinSock 1.1 operation in progress"; + break; + case WSAEPROCLIM: + *error_string = "WSAStartup error: WSAEPROCLIM Limit on number of tasks supported by WinSock " + "implementation has been reached"; + break; + case WSAEFAULT: + *error_string = "WSAStartup error: WSAEFAULT lpWSAData is not a valid pointer"; + break; + default: + *error_string = "WSAStartup error: return code unknown"; + break; + } + return; +} + +void TPM_GetWsaError(const char **error_string) +{ + /* Use WSAGetLastError, and convert the resulting number + to more useful text. Copy the text to error_string */ + + int error; + + error = WSAGetLastError(); + switch(error) { + + case WSANOTINITIALISED : + *error_string = "A successful WSAStartup must occur before using this function"; + break; + case WSAENETDOWN : + *error_string = "The network subsystem or the associated service provider has failed"; + break; + case WSAEAFNOSUPPORT : + *error_string = "The specified address family is not supported"; + break; + case WSAEINPROGRESS : + *error_string = "A blocking Windows Sockets 1.1 call is in progress, " + "or the service provider is still processing a callback function"; + break; + case WSAEMFILE: + *error_string = "No more socket descriptors are available"; + break; + case WSAENOBUFS: + *error_string = "No buffer space is available"; + break; + case WSAEPROTONOSUPPORT: + *error_string = "The specified protocol is not supported"; + break; + case WSAEPROTOTYPE: + *error_string = "The specified protocol is the wrong type for this socket"; + break; + case WSAESOCKTNOSUPPORT : + *error_string = "The specified socket type is not supported in this address family"; + break; + case WSAEFAULT: + *error_string = "A parameter is too small, bad format, or bad value"; + break; + case WSAEINVAL: + *error_string = "The socket has not been bound with bind, or listen not called"; + break; + case WSAENETRESET: + *error_string = "The connection has been broken due to the remote host resetting"; + break; + case WSAENOPROTOOPT: + *error_string = "The option is unknown or unsupported for the specified provider"; + break; + case WSAENOTCONN: + *error_string = "Connection has been reset when SO_KEEPALIVE is set"; + break; + case WSAENOTSOCK: + *error_string = "The descriptor is not a socket"; + break; + case WSAEADDRINUSE: + *error_string = "The specified address is already in use"; + break; + case WSAEISCONN: + *error_string = "The socket is already connected"; + break; + case WSAEOPNOTSUPP: + *error_string = "The referenced socket is not of a type that supports the operation"; + break; + case WSAEINTR: + *error_string = "The (blocking) call was canceled through WSACancelBlockingCall"; + case WSAEWOULDBLOCK: + *error_string = "The socket is marked as nonblocking and no connections are present to be accepted"; + break; + case WSAESHUTDOWN: + *error_string = "The socket has been shut down; it is not possible to recv or send on a socket " + "after shutdown has been invoked with how set to SD_RECEIVE or SD_BOTH"; + break; + case WSAEMSGSIZE: + *error_string = "The message was too large to fit into the specified buffer and was truncated"; + break; + case WSAECONNABORTED: + *error_string = "The virtual circuit was terminated due to a time-out or other failure. " + "The application should close the socket as it is no longer usable"; + break; + case WSAETIMEDOUT: + *error_string = "The connection has been dropped because of a network failure or because " + "the peer system failed to respond"; + break; + case WSAECONNRESET: + *error_string = "The virtual circuit was reset by the remote side executing a hard or abortive close. " + "The application should close the socket as it is no longer usable. On a UDP datagram " + "socket this error would indicate that a previous send operation resulted in an ICMP " + "Port Unreachable message"; + break; + case WSAEACCES: + *error_string = "The requested address is a broadcast address, but the appropriate flag was not set"; + break; + case WSAEHOSTUNREACH: + *error_string = "The remote host cannot be reached from this host at this time"; + break; + + default: + *error_string = "unknown error type\n"; + break; + } + return; +} + +void TPM_GetTBSError(const char *prefix, + TBS_RESULT rc) +{ + const char *error_string; + + switch (rc) { + + /* error codes from the TBS html docs */ + case TBS_SUCCESS: + error_string = "The function succeeded."; + break; + case TBS_E_INTERNAL_ERROR: + error_string = "An internal software error occurred."; + break; + case TBS_E_BAD_PARAMETER: + error_string = "One or more parameter values are not valid."; + break; + case TBS_E_INVALID_OUTPUT_POINTER: + error_string = "A specified output pointer is bad."; + break; + case TBS_E_INVALID_CONTEXT: + error_string = "The specified context handle does not refer to a valid context."; + break; + case TBS_E_INSUFFICIENT_BUFFER: + error_string = "The specified output buffer is too small."; + break; + case TBS_E_IOERROR: + error_string = "An error occurred while communicating with the TPM."; + break; + case TBS_E_INVALID_CONTEXT_PARAM: + error_string = "A context parameter that is not valid was passed when attempting to create a " + "TBS context."; + break; + case TBS_E_SERVICE_NOT_RUNNING: + error_string = "The TBS service is not running and could not be started."; + break; + case TBS_E_TOO_MANY_TBS_CONTEXTS: + error_string = "A new context could not be created because there are too many open contexts."; + break; + case TBS_E_TOO_MANY_RESOURCES: + error_string = "A new virtual resource could not be created because there are too many open " + "virtual resources."; + break; + case TBS_E_SERVICE_START_PENDING: + error_string = "The TBS service has been started but is not yet running."; + break; + case TBS_E_PPI_NOT_SUPPORTED: + error_string = "The physical presence interface is not supported."; + break; + case TBS_E_COMMAND_CANCELED: + error_string = "The command was canceled."; + break; + case TBS_E_BUFFER_TOO_LARGE: + error_string = "The input or output buffer is too large."; + break; + case TBS_E_TPM_NOT_FOUND: + error_string = "A compatible Trusted Platform Module (TPM) Security Device cannot be found " + "on this computer."; + break; + case TBS_E_SERVICE_DISABLED: + error_string = "The TBS service has been disabled."; + break; + case TBS_E_NO_EVENT_LOG: + error_string = "The TBS event log is not available."; + break; + case TBS_E_ACCESS_DENIED: + error_string = "The caller does not have the appropriate rights to perform the requested operation."; + break; + case TBS_E_PROVISIONING_NOT_ALLOWED: + error_string = "The TPM provisioning action is not allowed by the specified flags."; + break; + case TBS_E_PPI_FUNCTION_UNSUPPORTED: + error_string = "The Physical Presence Interface of this firmware does not support the " + "requested method."; + break; + case TBS_E_OWNERAUTH_NOT_FOUND: + error_string = "The requested TPM OwnerAuth value was not found."; + break; + + /* a few error codes from WinError.h */ + case TPM_E_COMMAND_BLOCKED: + error_string = "The command was blocked."; + break; + + default: + error_string = "unknown error type\n"; + break; + + + } + printf("%s %s\n", prefix, error_string); + return; +} + +void CheckTPMError(const char *prefix, + unsigned char *response) +{ + const char *error_string; + uint32_t tpmError = htonl(*(uint32_t *)(response+6)); + + if (tpmError != 0) { + + switch (tpmError) { + /* a few error codes from WinError.h */ + case TPM_E_COMMAND_BLOCKED: + error_string = "The command was blocked."; + break; + default: + error_string = "unknown error type\n"; + printf("TPM error %08x\n", tpmError); + break; + } + printf("%s %s\n", prefix, error_string); + } + return; +} + +/* logging, tracing */ + +void logAll(const char *message, unsigned long length, const unsigned char* buff) +{ + unsigned long i; + size_t nextChar = 0; + FILE *logFile; /* trace log file descriptor */ + + /* construct the log message, keep appending to the character string */ + if (buff != NULL) { + nextChar += sprintf(logMsg + nextChar, "%s length %lu\n ", message, length); + for (i = 0 ; i < length ; i++) { + if (i && !( i % 16 )) { + nextChar += sprintf(logMsg + nextChar, "\n "); + } + nextChar += sprintf(logMsg + nextChar, "%.2X ",buff[i]); + } + nextChar += sprintf(logMsg + nextChar, "\n"); + } + else { + nextChar += sprintf(logMsg + nextChar, "%s null\n", message); + } + if (verbose) printf("%s", logMsg); + if (logFilename != NULL) { + /* Open the log file if specified. It's a hack to keep opening and closing the file for + each append, but it's easier that trying to catch a signal to close the file. Windows + evidently doesn't automatically close the file when the program exits. */ + logFile = fopen(logFilename, "a"); + if (logFile == NULL) { + printf("Error, opening %s for write failed, %s\n", + logFilename, strerror(errno)); + } + /* if success, print and close */ + else { + fprintf(logFile, "%s", logMsg); + fclose(logFile); + } + } + return; +} + +/* parse the command line arguments */ + +long getArgs(short *port, + int *verbose, + char **logFilename, + int argc, + char **argv) +{ + long rc = 0; + int irc; + int i; + FILE *logFile; /* trace log file descriptor */ + + /* get the command line arguments */ + for (i=1 ; (i TCPIP server port (default 2321)\n"); + printf("\t-mssim use MS TPM 2.0 socket simulator packet format (default)\n"); + printf("\t\twith TSS env variable TPM_SERVER_TYPE=mssim (default)\n"); + printf("\t-raw use TPM 2.0 packet format\n"); + printf("\t\twith TSS env variable TPM_SERVER_TYPE=raw\n"); + printf("\t--verbose,-v verbose mode (default false)\n"); + printf("\t--log,-l log transactions into given file (default none)\n"); + printf("\t \n"); + return; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tpmpublic2eccpoint.c b/libstb/tss2/ibmtpm20tss/utils/tpmpublic2eccpoint.c new file mode 100644 index 000000000000..6c310da7b42f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tpmpublic2eccpoint.c @@ -0,0 +1,155 @@ +/********************************************************************************/ +/* */ +/* TPM public key TPM2B_PUBLIC to TPM2B_ECC_POINT */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2017 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + const char *publicKeyFilename = NULL; + const char *pointFilename = NULL; + TPM2B_PUBLIC public; + TPM2B_ECC_POINT eccPoint2b; + + tssUtilsVerbose = FALSE; + for (i=1 ; (i +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include "tssproperties.h" +#include +#include +#include +#include +#include +#ifndef TPM_TSS_NOCRYPTO +#include +#include +#endif +#include +#ifdef TPM_TPM20 +#include "tss20.h" +#endif +#ifdef TPM_TPM12 +#include "tss12.h" +#endif + +/* local prototypes */ + +static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext); + +extern int tssVerbose; +extern int tssVverbose; +extern int tssFirstCall; + +/* TSS_Create() creates and initializes the TSS Context. It does NOT open a connection to the + TPM.*/ + +TPM_RC TSS_Create(TSS_CONTEXT **tssContext) +{ + TPM_RC rc = 0; + + /* allocate the high level TSS structure */ + if (rc == 0) { + /* set to NULL for backward compatibility, caller may not have set tssContext to NULL before + the call */ + *tssContext = NULL; + rc = TSS_Malloc((unsigned char **)tssContext, sizeof(TSS_CONTEXT)); + } + /* initialize the high level TSS structure */ + if (rc == 0) { + rc = TSS_Context_Init(*tssContext); + /* the likely cause of a failure is a bad environment variable */ + if (rc != 0) { + if (tssVerbose) printf("TSS_Create: TSS_Context_Init() failed\n"); + free(*tssContext); + *tssContext = NULL; + } + } + /* allocate and initialize the lower layer TSS context */ + if (rc == 0) { + rc = TSS_AuthCreate(&((*tssContext)->tssAuthContext)); + } + return rc; +} + +/* TSS_Context_Init() on first call is used for any global library initialization. + + On every call, it initializes the TSS context. +*/ + +static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NOFILE + size_t tssSessionEncKeySize; + size_t tssSessionDecKeySize; +#endif +#endif + /* at the first call to the TSS, initialize global variables */ + if (tssFirstCall) { /* tssFirstCall is a library global */ +#ifndef TPM_TSS_NOCRYPTO + /* crypto module initializations, crypto library specific */ + if (rc == 0) { + rc = TSS_Crypto_Init(); + } +#endif + /* TSS properties that are global, not per TSS context */ + if (rc == 0) { + rc = TSS_GlobalProperties_Init(); + } + tssFirstCall = FALSE; + } + /* TSS properties that are per context */ + if (rc == 0) { + rc = TSS_Properties_Init(tssContext); + } +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NOFILE + /* crypto library dependent code to allocate the session state encryption and decryption keys. + They are probably always the same size, but it's safer not to assume that. */ + if (rc == 0) { + rc = TSS_AES_GetEncKeySize(&tssSessionEncKeySize); + } + if (rc == 0) { + rc = TSS_AES_GetDecKeySize(&tssSessionDecKeySize); + } + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionEncKey, tssSessionEncKeySize); + } + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionDecKey, tssSessionDecKeySize); + } + /* build the session encryption and decryption keys */ + if (rc == 0) { + rc = TSS_AES_KeyGenerate(tssContext->tssSessionEncKey, + tssContext->tssSessionDecKey); + } +#endif +#endif + return rc; +} + +/* TSS_Delete() closes an open TPM connection, then free the TSS context memory. + */ + +TPM_RC TSS_Delete(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; + + if (tssContext != NULL) { + TSS_AuthDelete(tssContext->tssAuthContext); +#ifdef TPM_TSS_NOFILE + { + size_t i; + for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { + tssContext->sessions[i].sessionHandle = TPM_RH_NULL; + /* erase any secrets */ + memset(tssContext->sessions[i].sessionData, + 0, tssContext->sessions[i].sessionDataLength); + free(tssContext->sessions[i].sessionData); + tssContext->sessions[i].sessionData = NULL; + tssContext->sessions[i].sessionDataLength = 0; + } + } +#endif +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NOFILE + free(tssContext->tssSessionEncKey); + free(tssContext->tssSessionDecKey); +#endif +#endif + rc = TSS_Close(tssContext); + free(tssContext); + } + return rc; +} + +/* TSS_Execute() performs the complete command / response process. + + It sends the command specified by commandCode and the parameters 'in', returning the response + parameters 'out'. + + ... varargs are + + TPMI_SH_AUTH_SESSION sessionHandle, + const char *password, + unsigned int sessionAttributes + + Terminates with TPM_RH_NULL, NULL, 0 + + Processes up to MAX_SESSION_NUM sessions. +*/ + +TPM_RC TSS_Execute(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra, + TPM_CC commandCode, + ...) +{ + TPM_RC rc = 0; + va_list ap; + int tpm20Command; + int tpm12Command; + + if (rc == 0) { + tpm20Command = (((commandCode >= TPM_CC_FIRST) && (commandCode <=TPM_CC_LAST)) || /* base */ + ((commandCode >= 0x20000000) && (commandCode <= 0x2000ffff))); /* vendor */ + tpm12Command = ((commandCode <= 0x000000ff) || /* base */ + ((commandCode >= 0x40000000) && (commandCode <= 0x4000ffff))); /* TSC */ + if (!tpm20Command && !tpm12Command) { + if (tssVerbose) printf("TSS_Execute: commandCode %08x unsupported\n", + commandCode); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; + + } + if (tpm20Command && tpm12Command) { + if (tssVerbose) printf("TSS_Execute: commandCode %08x is both TPM 1.2 and TPM 2.0\n", + commandCode); + rc = TSS_RC_FAIL; + } + } + if (rc == 0) { + va_start(ap, commandCode); + if (tpm20Command) { +#ifdef TPM_TPM20 + tssContext->tpm12Command = FALSE; + rc = TSS_Execute20(tssContext, + out, + in, + (EXTRA_PARAMETERS *)extra, + commandCode, + ap); +#else + if (tssVerbose) printf("TSS_Execute: commandCode is TPM 1.2, TSS is TPM 2.0 only\n"); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; +#endif + } + if (tpm12Command) { +#ifdef TPM_TPM12 + tssContext->tpm12Command = TRUE; + rc = TSS_Execute12(tssContext, + out, + in, + (EXTRA12_PARAMETERS *)extra, + commandCode, + ap); +#else + if (tssVerbose) printf("TSS_Execute: commandCode is TPM 2.0, TSS is TPM 1.2 only\n"); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; +#endif + } + va_end(ap); + } + return rc; +} + + diff --git a/libstb/tss2/ibmtpm20tss/utils/tss12.c b/libstb/tss2/ibmtpm20tss/utils/tss12.c new file mode 100644 index 000000000000..623193362c2f --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tss12.c @@ -0,0 +1,1423 @@ +/********************************************************************************/ +/* */ +/* TSS Primary API for TPM 1.2 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include "tssauth.h" +#include +#include "tssproperties.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "tss12.h" +#include "tssauth12.h" + +/* Files: + + hxxxxxxxx.bin - session context +*/ + +/* NOTE Synchronize with + + TSS_HmacSession12_InitContext + TSS_HmacSession12_Unmarshal + TSS_HmacSession12_Marshal +*/ + +typedef struct TSS_HMAC12_CONTEXT { + TPM_AUTHHANDLE authHandle; /* the authorization session handle */ + TPM_NONCE nonceEven; /* from the TPM in response */ + TPM_NONCE nonceEvenOSAP; /* from the TPM for OSAP in response */ + TPMT_HA sharedSecret; /* from KDF at OSAP session creation */ + /* uint16 */ + /* LSB is type of entityValue */ + /* MSB is ADIP encryption scheme */ + TPM_ENTITY_TYPE entityType; /* The type of entity in use */ + UINT32 entityValue; /* The selection value based on entityType, + e.g. a keyHandle #, TPM_RH_NULL for OIAP + session */ + /* Items below this line are for the lifetime of one command. They are not saved and loaded. */ + TPM_NONCE nonceOdd; /* from the TSS in command */ + TPM_NONCE nonceOddOSAP; /* from the TSS for OSAP in command */ + /* for TPM 1.2, OIAP SHA-1 of password, OSAP sharedSecret */ + TPMT_HA hmacKey; +} TSS_HMAC12_CONTEXT; + + +/* functions for command pre- and post- processing */ + +typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + EXTRA12_PARAMETERS *extra); +typedef TPM_RC (*TSS_ChangeAuthFunction_t)(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session, + size_t handleNumber, + COMMAND_PARAMETERS *in); +typedef TPM_RC (*TSS_PostProcessFunction_t)(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA12_PARAMETERS *extra); + +static TPM_RC TSS_PR_CreateWrapKey(TSS_CONTEXT *tssContext, + CreateWrapKey_In *in, + void *extra); +static TPM_RC TSS_PR_MakeIdentity(TSS_CONTEXT *tssContext, + MakeIdentity_In *in, + void *extra); +static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *extra); +#if 0 +static TPM_RC TSS_PR_Seal(TSS_CONTEXT *tssContext, + Seal_in *In, + void *extra); +static TPM_RC TSS_PR_Sealx(TSS_CONTEXT *tssContext, + Sealx_in *In, + void *extra); + +#endif +static TPM_RC TSS_PO_FlushSpecific(TSS_CONTEXT *tssContext, + FlushSpecific_In *in, + void *out, + void *extra); +static TPM_RC TSS_PR_OSAP(TSS_CONTEXT *tssContext, + OSAP_In *in, + OSAP_Extra *extra); +static TPM_RC TSS_PO_OIAP(TSS_CONTEXT *tssContext, + void *in, + OIAP_Out *out, + void *extra); +static TPM_RC TSS_PO_OSAP(TSS_CONTEXT *tssContext, + OSAP_In *in, + OSAP_Out *out, + OSAP_Extra *extra); + +typedef struct TSS_TABLE { + TPM_CC commandCode; + TSS_PreProcessFunction_t preProcessFunction; + TSS_ChangeAuthFunction_t changeAuthFunction; + TSS_PostProcessFunction_t postProcessFunction; +} TSS_TABLE; + +/* FIXME offsets + changeauth +16, createownerdel, createkeydel -45 + createwrapkey +14, +34 + cmkcreatekey, changeauthowner +14 + changeauth 16 +*/ + +/* session handles numbers + #0 of 1 seal, sealx, createwrapkey, cmk_create, changeauthowner, del_ckd, del_cod, nv_define, createctr + #1 of 2 changeauth +*/ + + +static const TSS_TABLE tssTable [] = { + + {TPM_ORD_Init, NULL, NULL, NULL}, + {TPM_ORD_ActivateIdentity, NULL, NULL, NULL}, + {TPM_ORD_ContinueSelfTest, NULL, NULL, NULL}, + {TPM_ORD_CreateWrapKey, (TSS_PreProcessFunction_t)TSS_PR_CreateWrapKey, NULL, NULL}, + {TPM_ORD_CreateEndorsementKeyPair, NULL, NULL, NULL}, + {TPM_ORD_Extend, NULL, NULL, NULL}, + {TPM_ORD_FlushSpecific, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushSpecific}, + {TPM_ORD_GetCapability, NULL, NULL, NULL}, + {TPM_ORD_MakeIdentity, (TSS_PreProcessFunction_t)TSS_PR_MakeIdentity, NULL, NULL}, + {TPM_ORD_OIAP, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_OIAP}, + {TPM_ORD_OSAP, (TSS_PreProcessFunction_t)TSS_PR_OSAP, NULL, (TSS_PostProcessFunction_t)TSS_PO_OSAP}, + {TPM_ORD_OwnerReadInternalPub, NULL, NULL, NULL}, + {TPM_ORD_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, NULL}, + {TPM_ORD_NV_ReadValue, NULL, NULL, NULL}, + {TPM_ORD_NV_ReadValueAuth, NULL, NULL, NULL}, + {TPM_ORD_NV_WriteValue, NULL, NULL, NULL}, + {TPM_ORD_NV_WriteValueAuth, NULL, NULL, NULL}, + {TPM_ORD_PcrRead, NULL, NULL, NULL}, + {TPM_ORD_PCR_Reset, NULL, NULL, NULL}, +#if 0 + {TPM_ORD_Seal, (TSS_PreProcessFunction_t)TSS_PR_Seal, NULL, NULL}, + {TPM_ORD_Sealx, (TSS_PreProcessFunction_t)TSS_PR_Sealx, NULL, NULL}, +#endif + {TPM_ORD_Startup, NULL, NULL, NULL}, +}; + +/* local prototypes */ + + +static TPM_RC TSS_Execute12_valist(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + va_list ap); + +static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, + TPM_CC commandCode, + COMMAND_PARAMETERS *in, + EXTRA12_PARAMETERS *extra); +static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA12_PARAMETERS *extra); + +static TPM_RC TSS_HmacSession12_GetContext(TSS_HMAC12_CONTEXT **session); +static void TSS_HmacSession12_InitContext(TSS_HMAC12_CONTEXT *session); +static void TSS_HmacSession12_FreeContext(TSS_HMAC12_CONTEXT *session); +static TPM_RC TSS_HmacSession12_SaveSession(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session); +static TPM_RC TSS_HmacSession12_LoadSession(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session, + TPM_AUTHHANDLE authHandle); +static TPM_RC TSS_HmacSession12_Marshal(TSS_HMAC12_CONTEXT *source, + uint16_t *written, + uint8_t **buffer, + uint32_t *size); +static TPM_RC TSS_HmacSession12_DeleteSession(TSS_CONTEXT *tssContext, + TPM_AUTHHANDLE handle); +static TPM_RC TSS_HmacSession12_Unmarshal(TSS_HMAC12_CONTEXT *target, + uint8_t **buffer, uint32_t *size); +static TPM_RC TSS_HmacSession12_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TSS_HMAC12_CONTEXT *session[], + TPMS_AUTH12_COMMAND *authCommand[], + TPM_AUTHHANDLE sessionHandle[], + unsigned int sessionAttributes[]); +static TPM_RC TSS_HmacSession12_Verify(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TSS_HMAC12_CONTEXT *session[], + TPMS_AUTH12_RESPONSE *authResponse[]); +static TPM_RC TSS_HmacSession12_Continue(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session, + TPMS_AUTH12_RESPONSE *authR); +static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC12_CONTEXT *session[], + TPM_AUTHHANDLE sessionHandle[]); +static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + TSS_HMAC12_CONTEXT *session, + uint8_t *encAuth, + int parameterNumber); + +extern int tssVerbose; +extern int tssVverbose; + +/* TSS_Execute12() performs the complete command / response process. + + It sends the command specified by commandCode and the parameters 'in', returning the response + parameters 'out'. + + ... varargs are + + TPM_AUTHHANDLE authHandle, + const char *password, + unsigned int sessionAttributes + + Terminates with TPM_RH_NULL, NULL, 0 + + Processes up to MAX_SESSION_NUM sessions. +*/ + +TPM_RC TSS_Execute12(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA12_PARAMETERS *extra, + TPM_CC commandCode, + va_list ap) +{ + TPM_RC rc = 0; + + /* create a TSS authorization context */ + if (rc == 0) { + TSS_InitAuthContext(tssContext->tssAuthContext); + } + /* handle any command specific command pre-processing */ + if (rc == 0) { + rc = TSS_Command_PreProcessor(tssContext, + commandCode, + in, + extra); + } + /* marshal input parameters */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12: Command %08x marshal\n", commandCode); + rc = TSS_Marshal12(tssContext->tssAuthContext, + in, + commandCode); + } + /* execute the command */ + if (rc == 0) { + rc = TSS_Execute12_valist(tssContext, in, ap); + } + /* unmarshal the response parameters */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12: Command %08x unmarshal\n", commandCode); + rc = TSS_Unmarshal12(tssContext->tssAuthContext, out); + } + /* handle any command specific response post-processing */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12: Command %08x post processor\n", commandCode); + rc = TSS_Response_PostProcessor(tssContext, + in, + out, + extra); + } + return rc; +} + +/* TSS_Execute12_valist() transmits the marshaled command and receives the marshaled response. + + varargs are TPM_AUTHHANDLE sessionHandle, const char *password, unsigned int sessionAttributes + + Terminates with sessionHandle TPM_RH_NULL + + Processes up to MAX_SESSION_NUM sessions. It handles HMAC generation and command and response + parameter encryption. It loads each session context, rolls nonces, and saves or deletes the + session context. +*/ + +static TPM_RC TSS_Execute12_valist(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + va_list ap) +{ + TPM_RC rc = 0; + size_t i = 0; + size_t numSessions = 0; + + /* the vararg parameters */ + TPM_AUTHHANDLE sessionHandle[MAX_SESSION_NUM]; + const char *password[MAX_SESSION_NUM]; + unsigned int sessionAttributes[MAX_SESSION_NUM]; + + /* structures filled in */ + TPMS_AUTH12_COMMAND authCommand[MAX_SESSION_NUM]; + TPMS_AUTH12_RESPONSE authResponse[MAX_SESSION_NUM]; + + /* pointer to the above structures as used */ + TPMS_AUTH12_COMMAND *authC[MAX_SESSION_NUM]; + TPMS_AUTH12_RESPONSE *authR[MAX_SESSION_NUM]; + + /* TSS sessions */ + TSS_HMAC12_CONTEXT *session[MAX_SESSION_NUM]; + + in = in; + ap = ap; + + /* Step 1: initialization */ + if (tssVverbose) printf("TSS_Execute12_valist: Step 1: initialization\n"); + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) { + authC[i] = NULL; /* array of TPMS_AUTH12_COMMAND structures, NULL for + TSS_SetCmdAuths */ + authR[i] = NULL; /* array of TPMS_AUTH12_RESPONSE structures, NULL for + TSS_GetRspAuths */ + session[i] = NULL; /* for free, used for HMAC and encrypt/decrypt sessions */ + /* the varargs list inputs */ + sessionHandle[i] = TPM_RH_NULL; + password[i] = NULL; + sessionAttributes[i] = 0; + } + /* Step 2: gather the command authorizations */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) { + sessionHandle[i] = va_arg(ap, TPM_AUTHHANDLE); /* first vararg is the session + handle */ + password[i] = va_arg(ap, const char *); /* second vararg is the password */ + sessionAttributes[i] = va_arg(ap, unsigned int); /* third argument is + sessionAttributes */ + sessionAttributes[i] &= 0xff; /* is uint8_t */ + + if (sessionHandle[i] != TPM_RH_NULL) { /* varargs termination value */ + + if (tssVverbose) printf("TSS_Execute12_valist: Step 2: authorization %u\n", + (unsigned int)i); + if (tssVverbose) printf("TSS_Execute12_valist: session %u handle %08x\n", + (unsigned int)i, sessionHandle[i]); + /* make used, non-NULL for command and response varargs */ + authC[i] = &authCommand[i]; + authR[i] = &authResponse[i]; + + /* initialize a TSS HMAC session */ + if (rc == 0) { + rc = TSS_HmacSession12_GetContext(&session[i]); + } + /* load the session created by either OIAP or OSAP */ + if (rc == 0) { + rc = TSS_HmacSession12_LoadSession(tssContext, session[i], sessionHandle[i]); + } + if (rc == 0) { + if (session[i]->entityValue == TPM_RH_NULL) { /* if OIAP, use password */ + if (password[i] != NULL) { /* if a password was specified, hash it */ + /* hash the password, algorithm set to SHA-1 at initialization */ + rc = TSS_Hash_Generate(&session[i]->hmacKey, + strlen(password[i]), (unsigned char *)password[i], + 0, NULL); + } + /* TPM 1.2 convention seems to use all zeros as a well known auth */ + else { + memset((uint8_t *)&session[i]->hmacKey.digest, 0, SHA1_DIGEST_SIZE); + } + } + else { /* use shared secret from OSAP setup */ + memcpy((uint8_t *)&session[i]->hmacKey.digest, + (uint8_t *)&session[i]->sharedSecret.digest, SHA1_DIGEST_SIZE); + } + } + } + else { + numSessions = i; /* record the number of auth sessions */ + break; + } + } + /* Step 3: Roll nonceOdd, save in the session context for the response */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (tssVverbose) + printf("TSS_Execute12_valist: Step 3: nonceOdd for session %08x\n", sessionHandle[i]); + if (rc == 0) { + rc = TSS_RandBytes(session[i]->nonceOdd, SHA1_DIGEST_SIZE); + memcpy(authC[i]->nonce, session[i]->nonceOdd, SHA1_DIGEST_SIZE); + } + } + /* Step 4: Calculate the HMAC key */ + /* not needed for TPM 1.2, HMAC key is either hash of password or OSAP shared secret, calculated + in previous step */ + /* Step 5: TPM_ENCAUTH encryption */ + if ((rc == 0) && (numSessions > 0)) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 5: command ADIP encrypt\n"); + rc = TSS_Command_Decrypt(tssContext->tssAuthContext, + session, + sessionHandle); + } + /* Step 6: for each HMAC session, calculate cpHash, calculate the HMAC, and set it in + TPMS_AUTH12_COMMAND */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 6: calculate HMACs\n"); + rc = TSS_HmacSession12_SetHMAC(tssContext->tssAuthContext, /* TSS auth context */ + numSessions, + session, /* TSS session contexts */ + authC, /* output: command authorizations */ + sessionHandle, /* list of session handles for the command */ + sessionAttributes /* attributes for this command */ + ); + } + /* Step 7: set the command authorizations in the TSS command stream */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 7: set command authorizations\n"); + rc = TSS_SetCmdAuths12(tssContext->tssAuthContext, + numSessions, + authC); + } + /* Step 8: process the command. Normally returns the TPM response code. */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 8: process the command\n"); + rc = TSS_AuthExecute(tssContext); + } + /* Step 9: get the response authorizations from the TSS response stream */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 9: get response authorizations\n"); + rc = TSS_GetRspAuths12(tssContext->tssAuthContext, + numSessions, + authR); + } + /* Step 10: process the response authorizations, validate the HMAC */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 10: verify HMAC\n"); +#if 0 + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + rc = TSS_Command_ChangeAuthProcessor(tssContext, session[i], i, in); + } +#endif + if (rc == 0) { + rc = TSS_HmacSession12_Verify(tssContext->tssAuthContext, /* authorization + context */ + numSessions, + session, /* TSS session context */ + authR); /* input: response authorization */ + } + } + /* Step 12: process the response continue flag */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (tssVverbose) printf("TSS_Execute12_valist: Step 12: process continue flag %08x\n", + sessionHandle[i]); + rc = TSS_HmacSession12_Continue(tssContext, session[i], authR[i]); + } + /* cleanup */ + for (i = 0 ; i < MAX_SESSION_NUM ; i++) { + TSS_HmacSession12_FreeContext(session[i]); + } + return rc; +} + +/* + HMAC Session +*/ + +/* TSS_HmacSession12_GetContext() allocates and initializes a TSS_HMAC12_CONTEXT structure */ + +static TPM_RC TSS_HmacSession12_GetContext(TSS_HMAC12_CONTEXT **session) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)session, sizeof(TSS_HMAC12_CONTEXT)); + } + if (rc == 0) { + TSS_HmacSession12_InitContext(*session); + } + return rc; +} + +/* TSS_HmacSession12_InitContext() initializes a TSS_HMAC12_CONTEXT structure */ + +static void TSS_HmacSession12_InitContext(TSS_HMAC12_CONTEXT *session) +{ + session->authHandle = TPM_RH_NULL; + memset(session->nonceEven, 0, SHA1_DIGEST_SIZE); + memset(session->nonceEvenOSAP, 0, SHA1_DIGEST_SIZE); + memset(&session->sharedSecret.digest, 0, SHA1_DIGEST_SIZE); + memset(session->nonceOdd, 0, SHA1_DIGEST_SIZE); + memset(session->nonceOddOSAP, 0, SHA1_DIGEST_SIZE); + session->hmacKey.hashAlg = TPM_ALG_SHA1; + memset((uint8_t *)&session->hmacKey.digest, 0, SHA1_DIGEST_SIZE); + return; +} + +/* TSS_HmacSession12_FreeContext() initializes (to erase secrets) and frees a TSS_HMAC12_CONTEXT + structure */ + +static void TSS_HmacSession12_FreeContext(TSS_HMAC12_CONTEXT *session) +{ + if (session != NULL) { + TSS_HmacSession12_InitContext(session); + free(session); + } + return; +} + +/* TSS_HmacSession12_SaveSession() marshals, optionally encrypts, and saves a TSS_HMAC12_CONTEXT + structure */ + +static TPM_RC TSS_HmacSession12_SaveSession(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; /* marshaled TSS_HMAC12_CONTEXT */ + uint16_t written = 0; + char sessionFilename[TPM_DATA_DIR_PATH_LENGTH]; + uint8_t *outBuffer = NULL; + uint32_t outLength; + + if (tssVverbose) printf("TSS_HmacSession12_SaveSession: handle %08x\n", session->authHandle); + if (rc == 0) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + session, + (MarshalFunction_t)TSS_HmacSession12_Marshal); + } + if (rc == 0) { + /* if the flag is set, encrypt the session state before store */ + if (tssContext->tssEncryptSessions) { + rc = TSS_AES_Encrypt(tssContext->tssSessionEncKey, + &outBuffer, /* output, freed @2 */ + &outLength, /* output */ + buffer, /* input */ + written); /* input */ + } + /* else store the session state in plaintext */ + else { + outBuffer = buffer; + outLength = written; + } + } + /* save the session in a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session + handle */ + if (rc == 0) { + sprintf(sessionFilename, "%s/h%08x.bin", + tssContext->tssDataDirectory, session->authHandle); + } + if (rc == 0) { + rc = TSS_File_WriteBinaryFile(outBuffer, + outLength, + sessionFilename); + } + if (tssContext->tssEncryptSessions) { + free(outBuffer); /* @2 */ + } + free(buffer); /* @1 */ + return rc; +} + +/* TSS_HmacSession12_LoadSession() loads and decrypts an HMAC existing session saved by: + + OIAP and OSAP + an update after a TPM response +*/ + +static TPM_RC TSS_HmacSession12_LoadSession(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session, + TPM_AUTHHANDLE authHandle) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; + uint8_t *buffer1 = NULL; + size_t length = 0; + char sessionFilename[TPM_DATA_DIR_PATH_LENGTH]; + unsigned char *inData = NULL; /* output */ + uint32_t inLength; /* output */ + + if (tssVverbose) printf("TSS_HmacSession12_LoadSession: handle %08x\n", authHandle); + /* load the session from a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session + handle */ + if (rc == 0) { + sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, authHandle); + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + sessionFilename); + } + if (rc == 0) { + /* if the flag is set, decrypt the session state before unmarshal */ + if (tssContext->tssEncryptSessions) { + rc = TSS_AES_Decrypt(tssContext->tssSessionDecKey, + &inData, /* output, freed @2 */ + &inLength, /* output */ + buffer, /* input */ + length); /* input */ + } + /* else the session was loaded in plaintext */ + else { + inData = buffer; + inLength = length; + } + } + if (rc == 0) { + uint32_t ilength = inLength; + buffer1 = inData; + rc = TSS_HmacSession12_Unmarshal(session, &buffer1, &ilength); + } + if (tssContext->tssEncryptSessions) { + free(inData); /* @2 */ + } + free(buffer); /* @1 */ + return rc; +} + +/* TSS_HmacSession12_DeleteSession() deletes the file corresponding to the HMAC session */ + +static TPM_RC TSS_HmacSession12_DeleteSession(TSS_CONTEXT *tssContext, + TPM_AUTHHANDLE handle) +{ + TPM_RC rc = 0; + char filename[TPM_DATA_DIR_PATH_LENGTH]; + + /* delete the Name */ + if (rc == 0) { + sprintf(filename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); + if (tssVverbose) printf("TSS_HmacSession12_DeleteSession: delete session file %s\n", filename); + rc = TSS_File_DeleteFile(filename); + } + return rc; +} + +/* TSS_HmacSession12_Marshal() serializes a TSS_HMAC12_CONTEXT + */ + +static TPM_RC TSS_HmacSession12_Marshal(TSS_HMAC12_CONTEXT *source, + uint16_t *written, + uint8_t **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->nonceEven, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->nonceEvenOSAP, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu((uint8_t *)&source->sharedSecret.digest, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->entityType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->entityValue, written, buffer, size); + } + return rc; +} + +/* TSS_HmacSession12_Unmarshal() deserializes a TSS_HMAC12_CONTEXT */ + +static TPM_RC TSS_HmacSession12_Unmarshal(TSS_HMAC12_CONTEXT *target, + uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceEvenOSAP, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu((uint8_t *)&target->sharedSecret.digest, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Unmarshalu(&target->entityType, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->entityValue, buffer, size); + } + return rc; +} + +/* TSS_HmacSession12_SetHMAC() is used for a command. It sets all the values in one + TPMS_AUTH12_COMMAND, ready for marshaling into the command packet. + + - gets cpBuffer + - generates cpHash + - generates the HMAC + - copies the result into authCommand + + The HMAC key is already in the session structure. +*/ + +static TPM_RC TSS_HmacSession12_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization context */ + size_t numSessions, + TSS_HMAC12_CONTEXT *session[], + + TPMS_AUTH12_COMMAND *authCommand[], /* output: command + authorization */ + TPM_AUTHHANDLE sessionHandle[], /* session handles in + command */ + unsigned int sessionAttributes[]) /* attributes for this + command */ +{ + TPM_RC rc = 0; + unsigned int i = 0; + TPMT_HA cpHash; + TPMT_HA hmac; + + /* Step 6: calculate cpHash. For TPM 1.2, it is the same for all sessions. Name is not used */ + if ((rc == 0) && (numSessions > 0)) { + uint32_t cpBufferSize; + uint8_t *cpBuffer; + TPM_CC commandCode = TSS_GetCommandCode(tssAuthContext); + TPM_CC commandCodeNbo = htonl(commandCode); + + rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); + if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpBuffer", + cpBuffer, cpBufferSize); + /* Create cpHash - digest of inputs above the double line. */ + cpHash.hashAlg = TPM_ALG_SHA1; + rc = TSS_Hash_Generate(&cpHash, + sizeof(TPM_CC), &commandCodeNbo, /* 1S */ + cpBufferSize, cpBuffer, /* 2S - ... */ + 0, NULL); + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpHash", + (uint8_t *)&cpHash.digest, + SHA1_DIGEST_SIZE); + } + } + for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) { + uint8_t sessionAttr8; + TPM2B_KEY hmacKey; + + if (tssVverbose) printf("TSS_HmacSession12_SetHMAC: Step 6 session %08x\n", + sessionHandle[i]); + /* sessionHandle */ + authCommand[i]->sessionHandle = session[i]->authHandle; + /* attributes come from command */ + sessionAttr8 = (uint8_t)sessionAttributes[i]; + authCommand[i]->sessionAttributes.val = sessionAttr8; + + if (tssVverbose) printf("TSS_HmacSession12_SetHMAC: calculate HMAC\n"); + /* auth HMAC = HMAC(cpHash | nonceEven, nonceOdd, attributes */ + + /* convert the TPMT_HA hmacKey to a TPM2B_KEY hmac key */ + if (rc == 0) { + rc = TSS_TPM2B_Create(&hmacKey.b, + (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE, + sizeof(hmacKey.t.buffer)); + } + if (rc == 0) { + hmac.hashAlg = TPM_ALG_SHA1; + rc = TSS_HMAC_Generate(&hmac, /* output hmac */ + &hmacKey, /* input key */ + SHA1_DIGEST_SIZE, (uint8_t *)&cpHash.digest, + SHA1_DIGEST_SIZE, session[i]->nonceEven, + SHA1_DIGEST_SIZE, session[i]->nonceOdd, + sizeof(uint8_t), &sessionAttr8, + 0, NULL); + } + if (rc == 0) { + if (tssVverbose) { + TSS_PrintAll("TSS_HmacSession12_SetHMAC: HMAC key", + (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpHash", + (uint8_t *)&cpHash.digest, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_Set: nonceEven", + session[i]->nonceEven, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_SetHMAC: nonceOdd", + session[i]->nonceOdd, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_SetHMAC: sessionAttributes", + &sessionAttr8, sizeof(uint8_t)); + TSS_PrintAll("TSS_HmacSession12_SetHMAC: HMAC", + (uint8_t *)&hmac.digest, SHA1_DIGEST_SIZE); + } + } + /* copy HMAC into authCommand TPM2B_AUTH hmac */ + if (rc == 0) { + memcpy(authCommand[i]->hmac, (uint8_t *)&hmac.digest, SHA1_DIGEST_SIZE); + } + } + return rc; +} + +/* TSS_HmacSession12_Verify() is used for a response. It uses the values in TPMS_AUTH12_RESPONSE to + validate the response HMAC */ + +static TPM_RC TSS_HmacSession12_Verify(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization + context */ + size_t numSessions, + TSS_HMAC12_CONTEXT *session[], /* TSS session + context */ + TPMS_AUTH12_RESPONSE *authResponse[]) /* input: response + authorization */ +{ + TPM_RC rc = 0; + unsigned int i = 0; + TPMT_HA rpHash; + TPMT_HA actualHmac; + + /* Step 10: calculate rpHash. For TPM 1.2, it is the same for all sessions. Name is not used */ + if ((rc == 0) && (numSessions > 0)) { + uint32_t rpBufferSize; + uint8_t *rpBuffer; + TPM_CC commandCode = TSS_GetCommandCode(tssAuthContext); + TPM_CC commandCodeNbo = htonl(commandCode); + + rc = TSS_GetRpBuffer12(tssAuthContext, &rpBufferSize, &rpBuffer, numSessions); + if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_Verify: rpBuffer", + rpBuffer, rpBufferSize); + /* Create rpHash - digest of inputs above the double line. */ + rpHash.hashAlg = TPM_ALG_SHA1; + rc = TSS_Hash_Generate(&rpHash, + sizeof(TPM_RC), &rc, /* 1S */ + sizeof(TPM_CC), &commandCodeNbo, /* 2S */ + rpBufferSize, rpBuffer, /* 3S - ... */ + 0, NULL); + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_Verify: rpHash", + (uint8_t *)&rpHash.digest, + SHA1_DIGEST_SIZE); + } + } + for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) { + uint8_t sessionAttr8; + TPM2B_KEY hmacKey; + if (tssVverbose) printf("TSS_HmacSession12_Verify: Step 10 session %u handle %08x\n", + i, session[i]->authHandle); + /* attributes come from response */ + sessionAttr8 = (uint8_t)authResponse[i]->sessionAttributes.val; + /* save nonceEven in the session context */ + if (rc == 0) { + memcpy(session[i]->nonceEven, authResponse[i]->nonce, SHA1_DIGEST_SIZE); + } + if (rc == 0) { + memcpy((uint8_t *)&actualHmac.digest, &authResponse[i]->hmac, + SHA1_DIGEST_SIZE); + } + /* convert the TPMT_HA hmacKey to a TPM2B_KEY hmac key */ + if (rc == 0) { + rc = TSS_TPM2B_Create(&hmacKey.b, + (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE, + sizeof(hmacKey.t.buffer)); + } + /* verify the HMAC */ + if (rc == 0) { + if (tssVverbose) { + TSS_PrintAll("TSS_HmacSession12_Verify: HMAC key", + (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_Verify: rpHash", + (uint8_t *)&rpHash.digest, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_Verify: nonceEven", + session[i]->nonceEven, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_Verify: nonceOdd", + session[i]->nonceOdd, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_HmacSession12_Verify: sessionAttributes", + &sessionAttr8, sizeof(uint8_t)); + TSS_PrintAll("TSS_HmacSession12_Verify: response HMAC", + (uint8_t *)&authResponse[i]->hmac, SHA1_DIGEST_SIZE); + } + actualHmac.hashAlg = TPM_ALG_SHA1; + rc = TSS_HMAC_Verify(&actualHmac, /* input response hmac */ + &hmacKey, /* input HMAC key */ + SHA1_DIGEST_SIZE, + /* rpHash */ + SHA1_DIGEST_SIZE, (uint8_t *)&rpHash.digest, + /* new is nonceEven */ + SHA1_DIGEST_SIZE, session[i]->nonceEven, + /* old is nonceOdd */ + SHA1_DIGEST_SIZE, session[i]->nonceOdd, + /* 1 byte, no endian conversion */ + sizeof(uint8_t), &authResponse[i]->sessionAttributes.val, + 0, NULL); + if (rc == 0) { + if (tssVverbose) printf("TSS_HmacSession12_Verify: session %u verified\n", i); + } + else { + if (tssVerbose) TSS_PrintAll("TSS_HmacSession12_Verify: HMAC verify failed, actual", + (uint8_t *)&actualHmac.digest, SHA1_DIGEST_SIZE); + } + } + } + return rc; +} + +/* TSS_HmacSession12_Continue() handles the response continueSession flag. It either saves the + updated session or deletes the session state. */ + +static TPM_RC TSS_HmacSession12_Continue(TSS_CONTEXT *tssContext, + TSS_HMAC12_CONTEXT *session, + TPMS_AUTH12_RESPONSE *authR) +{ + TPM_RC rc = 0; + + if (rc == 0) { + /* if continue set */ + if (authR->sessionAttributes.val & TPMA_SESSION_CONTINUESESSION) { + /* save the session */ + rc = TSS_HmacSession12_SaveSession(tssContext, session); + } + else { /* continue clear */ + /* delete the session state */ + rc = TSS_HmacSession12_DeleteSession(tssContext, session->authHandle); + } + } + return rc; +} + +/* TSS_Command_Decrypt() does the command ADIP encryption (the TPM does the decrypt). + + It does common error checking, then calls algorithm specific functions. Currently, only XOR is + implemented. + +*/ + +static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, + TSS_HMAC12_CONTEXT *session[], + TPM_AUTHHANDLE sessionHandle[]) +{ + TPM_RC rc = 0; + uint16_t sessionNumber; + uint8_t *encAuth0; + uint8_t *encAuth1; + TSS_HMAC12_CONTEXT *decryptSession; + int done = FALSE; + int isXor; /* true for XOR, false for AES */ + + /* which session is the OSAP session used for the encryption */ + if (rc == 0) { + rc = TSS_GetSessionNumber(tssAuthContext, + &sessionNumber); + } + if (rc == 0) { + if (sessionNumber == 0xffff) { + done = TRUE; + } + } + /* get the session used for the encryption */ + if ((rc == 0) && !done) { + decryptSession = session[sessionNumber]; + isXor = (session[sessionNumber]->entityType & 0xff00) == (TPM_ET_XOR << 8); + if (!isXor) { + if (tssVerbose) printf("TSS_Command_Decrypt: bad entityType %04x for session %08x\n", + session[sessionNumber]->entityType, + sessionHandle[sessionNumber]); + rc = TSS_RC_BAD_DECRYPT_ALGORITHM; + } + else { + if (tssVverbose) printf("TSS_Command_Decrypt: using session %08x\n", + sessionHandle[sessionNumber]); + } + + } + /* get pointers to the parameters to be encrypted */ + if ((rc == 0) && !done) { + rc = TSS_GetEncAuths(tssAuthContext, + &encAuth0, + &encAuth1); + } + if ((rc == 0) && !done) { + if (tssVverbose) printf("TSS_Command_Decrypt: TPM_ENC_AUTH's at %p, %p\n", + encAuth0, encAuth1); + } + if ((rc == 0) && !done && (encAuth0 != NULL)) { + rc = TSS_Command_DecryptXor(tssAuthContext, decryptSession, encAuth0, 0); + } + if ((rc == 0) && !done && (encAuth1 != NULL)) { + rc = TSS_Command_DecryptXor(tssAuthContext, decryptSession, encAuth1, 1); + } + return rc; +} + +/* + pad = sha1(shared secret || lastnonceeven) + enc = xor (auth, pad) +*/ + +static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + TSS_HMAC12_CONTEXT *session, + uint8_t *encAuth, + int parameterNumber) +{ + TPM_RC rc = 0; + TPMT_HA padHash; + unsigned int i; + + tssAuthContext = tssAuthContext; + /* generate the pad */ + if (rc == 0) { + padHash.hashAlg = TPM_ALG_SHA1; + if (parameterNumber == 0) { + rc = TSS_Hash_Generate(&padHash, + SHA1_DIGEST_SIZE, (uint8_t *)&session->sharedSecret.digest, + SHA1_DIGEST_SIZE, session->nonceEven, + 0, NULL); + } + else { + rc = TSS_Hash_Generate(&padHash, + SHA1_DIGEST_SIZE, (uint8_t *)&session->sharedSecret.digest, + SHA1_DIGEST_SIZE, session->nonceOdd, + 0, NULL); + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: pad", + (uint8_t *)&padHash.digest, + SHA1_DIGEST_SIZE); + if (tssVverbose) printf("TSS_Command_DecryptXor: parameter %u\n", + parameterNumber); + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: plaintext", + encAuth, SHA1_DIGEST_SIZE); + } + /* do the XOR */ + if (rc == 0) { + for (i = 0 ; i < SHA1_DIGEST_SIZE ; i++) { + *(encAuth + i) = *(encAuth + i) ^ padHash.digest.sha1[i]; + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: ciphertext", + encAuth, SHA1_DIGEST_SIZE); + } + return rc; +} + +/* + Command Pre-Processor +*/ + +static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, + TPM_CC commandCode, + COMMAND_PARAMETERS *in, + EXTRA12_PARAMETERS *extra) +{ + TPM_RC rc = 0; + size_t index; + int found; + TSS_PreProcessFunction_t preProcessFunction = NULL; + + /* search the table for a pre-processing function */ + if (rc == 0) { + found = FALSE; + for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { + if (tssTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no pre-processing function. This permits the table to be smaller + if desired. */ + if ((rc == 0) && found) { + preProcessFunction = tssTable[index].preProcessFunction; + /* there could also be an entry that is currently NULL, nothing to do */ + if (preProcessFunction == NULL) { + found = FALSE; + } + } + /* call the pre processing function */ + if ((rc == 0) && found) { + rc = preProcessFunction(tssContext, in, extra); + } + return rc; +} + +/* + Command specific pre processing functions +*/ + +static TPM_RC TSS_PR_CreateWrapKey(TSS_CONTEXT *tssContext, + CreateWrapKey_In *in, + void *extra) +{ + TPM_RC rc = 0; + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PR_CreateWrapKey\n"); + /* TPM_ENCAUTH is predictable distance from start */ + if (rc == 0) { + rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext, + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)); + } + if (rc == 0) { + rc = TSS_SetEncAuthOffset1(tssContext->tssAuthContext, + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE) + + SHA1_DIGEST_SIZE); + } + if (rc == 0) { + rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_PR_CreateWrapKey: ADIP offset at %lu and %lu\n", + (unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)), + (unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE) + + SHA1_DIGEST_SIZE)); + } + return rc; +} + +static TPM_RC TSS_PR_MakeIdentity(TSS_CONTEXT *tssContext, + MakeIdentity_In *in, + void *extra) +{ + TPM_RC rc = 0; + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PR_MakeIdentity\n"); + /* TPM_ENCAUTH is predictable distance from start */ + if (rc == 0) { + rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext, + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT)); + } + if (rc == 0) { + rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 1); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_PR_MakeIdentity: ADIP offset at %lu\n", + (unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT))); + } + return rc; +} + +static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *extra) +{ + TPM_RC rc = 0; + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PR_NV_DefineSpace\n"); + /* TPM_ENCAUTH is predictable distance from end */ + if (rc == 0) { + rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext, + -SHA1_DIGEST_SIZE); /* encauth */ + + } + if (rc == 0) { + rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_PR_NV_DefineSpace: ADIP offset at %d\n", + -SHA1_DIGEST_SIZE); + } + return rc; +} + +static TPM_RC TSS_PR_OSAP(TSS_CONTEXT *tssContext, + OSAP_In *in, + OSAP_Extra *extra) +{ + TPM_RC rc = 0; + tssContext = tssContext; + extra = extra; + + if (tssVverbose) printf("TSS_PR_OSAP\n"); + /* generate nonceOddOSAP */ + if (rc == 0) { + rc = TSS_RandBytes((unsigned char *)in->nonceOddOSAP, SHA1_DIGEST_SIZE); + } + return rc; +} + +#if 0 +static TPM_RC TSS_PR_Seal(TSS_CONTEXT *tssContext, + Seal_in *In, + void *extra) +{ + TPM_RC rc = 0; + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PR_Seal\n"); + /* TPM_ENCAUTH is predictable distance from start */ + if (rc == 0) { + rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext, + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)); + } + if (rc == 0) { + rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_PR_Seal: ADIP offset at %u\n", + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)); + } + return rc; +} + +static TPM_RC TSS_PR_Sealx(TSS_CONTEXT *tssContext, + Sealx_in *In, + void *extra) +{ + TPM_RC rc = 0; + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PR_Sealx\n"); + /* TPM_ENCAUTH is predictable distance from start */ + if (rc == 0) { + rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext, + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)); + rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_PR_Seal: ADIP offset at %u\n", + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) + + sizeof(TPM_KEY_HANDLE)); + } + return rc; +} + +#endif + +/* + Response Post Processor +*/ + +/* TSS_Response_PostProcessor() handles any response specific post processing + */ + +static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA12_PARAMETERS *extra) +{ + TPM_RC rc = 0; + size_t index; + int found; + TSS_PostProcessFunction_t postProcessFunction = NULL; + + /* search the table for a post processing function */ + if (rc == 0) { + TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext); + found = FALSE; + for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { + if (tssTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no post processing function. This permits the table to be smaller + if desired. */ + if ((rc == 0) && found) { + postProcessFunction = tssTable[index].postProcessFunction; + /* there could also be an entry that it currently NULL, nothing to do */ + if (postProcessFunction == NULL) { + found = FALSE; + } + } + /* call the function */ + if ((rc == 0) && found) { + rc = postProcessFunction(tssContext, in, out, extra); + } + return rc; +} + +/* + Command specific post processing functions +*/ + +static TPM_RC TSS_PO_FlushSpecific(TSS_CONTEXT *tssContext, + FlushSpecific_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_FlushSpecific: handle %08x\n", in->handle); + if ((rc == 0) && (in->resourceType == TPM_RT_AUTH)) { + rc = TSS_HmacSession12_DeleteSession(tssContext, in->handle); + } + return rc; +} + +static TPM_RC TSS_PO_OIAP(TSS_CONTEXT *tssContext, + void *in, + OIAP_Out *out, + void *extra) +{ + TPM_RC rc = 0; + TSS_HMAC12_CONTEXT *session = NULL; + + in = in; + extra = extra; + /* allocate a TSS_HMAC_CONTEXT session context */ + if (rc == 0) { + rc = TSS_HmacSession12_GetContext(&session); + } + if (rc == 0) { + /* store OIAP ordinal outputs */ + session->authHandle = out->authHandle; + session->entityValue = TPM_RH_NULL; /* distinguish OIAP form OSAP */ + memcpy(session->nonceEven, out->nonceEven, SHA1_DIGEST_SIZE); + } + /* persist the session */ + if (rc == 0) { + rc = TSS_HmacSession12_SaveSession(tssContext, session); + } + TSS_HmacSession12_FreeContext(session); + return rc; +} + +static TPM_RC TSS_PO_OSAP(TSS_CONTEXT *tssContext, + OSAP_In *in, + OSAP_Out *out, + OSAP_Extra *extra) +{ + TPM_RC rc = 0; + TSS_HMAC12_CONTEXT *session = NULL; + TPM2B_KEY hmacKey; + TPMT_HA usageAuth; /* digest of the OSAP password */ + + /* allocate a TSS_HMAC_CONTEXT session context */ + if (rc == 0) { + rc = TSS_HmacSession12_GetContext(&session); + } + if (rc == 0) { + session->entityType = in->entityType; + session->entityValue = in->entityValue; /* mark OSAP session */ + memcpy(session->nonceOddOSAP, in->nonceOddOSAP, SHA1_DIGEST_SIZE); + /* store OSAP ordinal outputs */ + session->authHandle = out->authHandle; + memcpy(session->nonceEven, out->nonceEven, SHA1_DIGEST_SIZE); + memcpy(session->nonceEvenOSAP, out->nonceEvenOSAP, SHA1_DIGEST_SIZE); + } + /* SHA1 hash the usageAuth */ + if (rc == 0) { + if (extra->usagePassword != NULL) { /* if a password was specified, hash it */ + usageAuth.hashAlg = TPM_ALG_SHA1; + rc = TSS_Hash_Generate(&usageAuth, + strlen(extra->usagePassword), + (unsigned char *)extra->usagePassword, + 0, NULL); + } + /* TPM 1.2 convention seems to use all zeros as a well known auth */ + else { + memset((uint8_t *)&usageAuth.digest, 0, SHA1_DIGEST_SIZE); + } + } + /* convert the TPMT_HA hash to a TPM2B_KEY hmac key */ + if (rc == 0) { + rc = TSS_TPM2B_Create(&hmacKey.b, (uint8_t *)&usageAuth.digest, SHA1_DIGEST_SIZE, + sizeof(hmacKey.t.buffer)); + } + /* calculate the sharedSecret */ + if (rc == 0) { + session->sharedSecret.hashAlg = TPM_ALG_SHA1; + rc = TSS_HMAC_Generate(&session->sharedSecret, /* output hmac */ + &hmacKey, /* input key */ + SHA1_DIGEST_SIZE, session->nonceEvenOSAP, + SHA1_DIGEST_SIZE, in->nonceOddOSAP, + 0, NULL); + } + if ((rc == 0) && tssVverbose) { + printf("TSS_PO_OSAP: out->authHandle %08x\n",out->authHandle); + printf("TSS_PO_OSAP: in->entityType %08x\n", in->entityType); + printf("TSS_PO_OSAP: in->entityValue %08x\n", in->entityValue); + TSS_PrintAll("TSS_PO_OSAP: session->nonceEven", + session->nonceEven, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_PO_OSAP: session->nonceEvenOSAP", + session->nonceEvenOSAP, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_PO_OSAP: session->nonceOddOSAP", + session->nonceOddOSAP, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_PO_OSAP: usageAuth", + (uint8_t *)&usageAuth.digest, SHA1_DIGEST_SIZE); + TSS_PrintAll("TSS_PO_OSAP: sharedSecret", + (uint8_t *)&session->sharedSecret.digest, SHA1_DIGEST_SIZE); + } + /* persist the session */ + if (rc == 0) { + rc = TSS_HmacSession12_SaveSession(tssContext, session); + } + TSS_HmacSession12_FreeContext(session); + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tss12.h b/libstb/tss2/ibmtpm20tss/utils/tss12.h new file mode 100644 index 000000000000..9d64398f3ece --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tss12.h @@ -0,0 +1,58 @@ +/********************************************************************************/ +/* */ +/* TSS TPM 1.2 API */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id:tss.h 656 2016-06-28 16:49:29Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSS12_H +#define TSS12_H + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC TSS_Execute12(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA12_PARAMETERS *extra, + TPM_CC commandCode, + va_list ap); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tss20.c b/libstb/tss2/ibmtpm20tss/utils/tss20.c new file mode 100644 index 000000000000..c38d1ec210bf --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tss20.c @@ -0,0 +1,4900 @@ +/********************************************************************************/ +/* */ +/* TSS Primary API for TPM 2.0 */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018 - 2020 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include "tssauth.h" +#include "tssauth20.h" +#include +#include "tssproperties.h" +#include +#include +#include +#include +#include +#include "tssccattributes.h" +#ifndef TPM_TSS_NOCRYPTO +#include +#include +#endif +#include +#include "tss20.h" + +/* Files: + + h01xxxxxx.bin - NV index name + h02xxxxxx.bin - hmac session context + h03xxxxxx.bin - policy session context + h80xxxxxx.bin - transient object name + + cxxxx...xxxx.bin - context blob name +*/ + +/* NOTE Synchronize with + + TSS_HmacSession_InitContext + TSS_HmacSession_Unmarshal + TSS_HmacSession_Marshal +*/ + +struct TSS_HMAC_CONTEXT { + TPMI_SH_AUTH_SESSION sessionHandle; /* the session handle */ + TPMI_ALG_HASH authHashAlg; /* hash algorithm to use for the session */ +#ifndef TPM_TSS_NOCRYPTO + uint32_t sizeInBytes; /* hash algorithm mapped to size */ +#endif /* TPM_TSS_NOCRYPTO */ + TPMT_SYM_DEF symmetric; /* the algorithm and key size for parameter + encryption */ + TPMI_DH_ENTITY bind; /* bind handle */ + TPM2B_NAME bindName; /* Name corresponding to the the bind + handle */ + TPM2B_AUTH bindAuthValue; /* password corresponding to the bind + handle */ +#ifndef TPM_TSS_NOCRYPTO + TPM2B_NONCE nonceTPM; /* from TPM in response */ + TPM2B_NONCE nonceCaller; /* from caller in command */ + TPM2B_DIGEST sessionKey; /* from KDFa at session creation */ +#endif /* TPM_TSS_NOCRYPTO */ + TPM_SE sessionType; /* HMAC (0), policy (1), or trial policy */ + uint8_t isPasswordNeeded; /* flag set by policy password */ + uint8_t isAuthValueNeeded; /* flag set by policy authvalue */ + /* Items below this line are for the lifetime of one command. They are not saved and loaded. */ + TPM2B_KEY hmacKey; /* HMAC key calculated for each command */ +#ifndef TPM_TSS_NOCRYPTO + TPM2B_KEY sessionValue; /* KDFa secret for parameter encryption */ +#endif /* TPM_TSS_NOCRYPTO */ +} TSS_HMAC_CONTEXT; + +/* functions for command pre- and post- processing */ + +typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra); +typedef TPM_RC (*TSS_ChangeAuthFunction_t)(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + COMMAND_PARAMETERS *in); +typedef TPM_RC (*TSS_PostProcessFunction_t)(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA_PARAMETERS *extra); + +static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext, + StartAuthSession_In *in, + StartAuthSession_Extra *extra); +static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *extra); + +static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + HierarchyChangeAuth_In *in); +static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + NV_UndefineSpaceSpecial_In *in); +static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + NV_ChangeAuth_In *in); + + +static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext, + StartAuthSession_In *in, + StartAuthSession_Out *out, + StartAuthSession_Extra *extra); +static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext, + ContextSave_In *in, + ContextSave_Out *out, + void *extra); +static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext, + ContextLoad_In *in, + ContextLoad_Out *out, + void *extra); +static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext, + FlushContext_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext, + EvictControl_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext, + Load_In *in, + Load_Out *out, + void *extra); +static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext, + LoadExternal_In *in, + LoadExternal_Out *out, + void *extra); +static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext, + ReadPublic_In *in, + ReadPublic_Out *out, + void *extra); +static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext, + CreateLoaded_In *in, + CreateLoaded_Out *out, + void *extra); +static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext, + HMAC_Start_In *in, + HMAC_Start_Out *out, + void *extra); +static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext, + HashSequenceStart_In *in, + HashSequenceStart_Out *out, + void *extra); +static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext, + SequenceComplete_In *in, + SequenceComplete_Out *out, + void *extra); +static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext, + EventSequenceComplete_In *in, + EventSequenceComplete_Out *out, + void *extra); +static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext, + PolicyAuthValue_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext, + PolicyPassword_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext, + CreatePrimary_In *in, + CreatePrimary_Out *out, + void *extra); +static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext, + NV_ReadPublic_In *in, + NV_ReadPublic_Out *out, + void *extra); +static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext, + NV_UndefineSpace_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, + NV_UndefineSpaceSpecial_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext, + NV_Write_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext, + NV_WriteLock_In *in, + void *out, + void *extra); +static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext, + NV_ReadLock_In *in, + void *out, + void *extra); + +typedef struct TSS_TABLE { + TPM_CC commandCode; + TSS_PreProcessFunction_t preProcessFunction; + TSS_ChangeAuthFunction_t changeAuthFunction; + TSS_PostProcessFunction_t postProcessFunction; +} TSS_TABLE; + +/* This table indexes from the command to pre- and post- processing functions. A missing entry is + not an error, and indicates a command with no functions. */ + +static const TSS_TABLE tssTable [] = { + + {TPM_CC_Startup, NULL, NULL, NULL}, + {TPM_CC_Shutdown, NULL, NULL, NULL}, + {TPM_CC_SelfTest, NULL, NULL, NULL}, + {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL}, + {TPM_CC_GetTestResult, NULL, NULL, NULL}, + {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession}, + {TPM_CC_PolicyRestart, NULL, NULL, NULL}, + {TPM_CC_Create, NULL, NULL, NULL}, + {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load}, + {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal}, + {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic}, + {TPM_CC_ActivateCredential, NULL, NULL, NULL}, + {TPM_CC_MakeCredential, NULL, NULL, NULL}, + {TPM_CC_Unseal, NULL, NULL, NULL}, + {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL}, + {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded}, + {TPM_CC_Duplicate, NULL, NULL, NULL}, + {TPM_CC_Rewrap, NULL, NULL, NULL}, + {TPM_CC_Import, NULL, NULL, NULL}, + {TPM_CC_RSA_Encrypt, NULL, NULL, NULL}, + {TPM_CC_RSA_Decrypt, NULL, NULL, NULL}, + {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL}, + {TPM_CC_ECDH_ZGen, NULL, NULL, NULL}, + {TPM_CC_ECC_Parameters, NULL, NULL, NULL}, + {TPM_CC_ZGen_2Phase, NULL, NULL, NULL}, + {TPM_CC_EncryptDecrypt, NULL, NULL, NULL}, + {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL}, + {TPM_CC_Hash, NULL, NULL, NULL}, + {TPM_CC_HMAC, NULL, NULL, NULL}, + {TPM_CC_GetRandom, NULL, NULL, NULL}, + {TPM_CC_StirRandom, NULL, NULL, NULL}, + {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start}, + {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart}, + {TPM_CC_SequenceUpdate, NULL, NULL, NULL}, + {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete}, + {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete}, + {TPM_CC_Certify, NULL, NULL, NULL}, + {TPM_CC_CertifyX509, NULL, NULL, NULL}, + {TPM_CC_CertifyCreation, NULL, NULL, NULL}, + {TPM_CC_Quote, NULL, NULL, NULL}, + {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL}, + {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL}, + {TPM_CC_GetTime, NULL, NULL, NULL}, + {TPM_CC_Commit, NULL, NULL, NULL}, + {TPM_CC_EC_Ephemeral, NULL, NULL, NULL}, + {TPM_CC_VerifySignature, NULL, NULL, NULL}, + {TPM_CC_Sign, NULL, NULL, NULL}, + {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL}, + {TPM_CC_PCR_Extend, NULL, NULL, NULL}, + {TPM_CC_PCR_Event, NULL, NULL, NULL}, + {TPM_CC_PCR_Read, NULL, NULL, NULL}, + {TPM_CC_PCR_Allocate, NULL, NULL, NULL}, + {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL}, + {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL}, + {TPM_CC_PCR_Reset, NULL, NULL, NULL}, + {TPM_CC_PolicySigned, NULL, NULL, NULL}, + {TPM_CC_PolicySecret, NULL, NULL, NULL}, + {TPM_CC_PolicyTicket, NULL, NULL, NULL}, + {TPM_CC_PolicyOR, NULL, NULL, NULL}, + {TPM_CC_PolicyPCR, NULL, NULL, NULL}, + {TPM_CC_PolicyLocality, NULL, NULL, NULL}, + {TPM_CC_PolicyNV, NULL, NULL, NULL}, + {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL}, + {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL}, + {TPM_CC_PolicyCommandCode, NULL, NULL, NULL}, + {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL}, + {TPM_CC_PolicyCpHash, NULL, NULL, NULL}, + {TPM_CC_PolicyNameHash, NULL, NULL, NULL}, + {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL}, + {TPM_CC_PolicyAuthorize, NULL, NULL, NULL}, + {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue}, + {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword}, + {TPM_CC_PolicyGetDigest, NULL, NULL, NULL}, + {TPM_CC_PolicyNvWritten, NULL, NULL, NULL}, + {TPM_CC_PolicyTemplate, NULL, NULL, NULL}, + {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary}, + {TPM_CC_HierarchyControl, NULL, NULL, NULL}, + {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL}, + {TPM_CC_ChangePPS, NULL, NULL, NULL}, + {TPM_CC_ChangeEPS, NULL, NULL, NULL}, + {TPM_CC_Clear, NULL, NULL, NULL}, + {TPM_CC_ClearControl, NULL, NULL, NULL}, + {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL}, + {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL}, + {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL}, + {TPM_CC_PP_Commands, NULL, NULL, NULL}, + {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL}, + {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave}, + {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad}, + {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext}, + {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl}, + {TPM_CC_ReadClock, NULL, NULL, NULL}, + {TPM_CC_ClockSet, NULL, NULL, NULL}, + {TPM_CC_ClockRateAdjust, NULL, NULL, NULL}, + {TPM_CC_GetCapability, NULL, NULL, NULL}, + {TPM_CC_TestParms, NULL, NULL, NULL}, + {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace}, + {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace}, + {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial}, + {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic}, + {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, + {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, + {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, + {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, + {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock}, + {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL}, + {TPM_CC_NV_Read, NULL, NULL, NULL}, + {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock}, + {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL}, + {TPM_CC_NV_Certify, NULL, NULL, NULL} +}; + +#ifndef TPM_TSS_NO_PRINT + +typedef void (*TSS_InPrintFunction_t)(COMMAND_PARAMETERS *in, unsigned int indent); + +typedef struct TSS_PRINT_TABLE { + TPM_CC commandCode; + TSS_InPrintFunction_t inPrintFunction; +} TSS_PRINT_TABLE; + +/* This table indexes from the command to print functions. A missing entry is + not an error, and indicates a command with no function. */ + +static const TSS_PRINT_TABLE tssPrintTable [] = { + + {TPM_CC_Startup, (TSS_InPrintFunction_t)Startup_In_Print}, + {TPM_CC_Shutdown, (TSS_InPrintFunction_t)Shutdown_In_Print}, + {TPM_CC_SelfTest, (TSS_InPrintFunction_t)SelfTest_In_Print}, + {TPM_CC_IncrementalSelfTest, (TSS_InPrintFunction_t)IncrementalSelfTest_In_Print}, + {TPM_CC_GetTestResult, NULL}, + {TPM_CC_StartAuthSession, (TSS_InPrintFunction_t)StartAuthSession_In_Print}, + {TPM_CC_PolicyRestart, (TSS_InPrintFunction_t)PolicyRestart_In_Print}, + {TPM_CC_Create,(TSS_InPrintFunction_t)Create_In_Print}, + {TPM_CC_Load, (TSS_InPrintFunction_t)Load_In_Print}, + {TPM_CC_LoadExternal, (TSS_InPrintFunction_t)LoadExternal_In_Print}, + {TPM_CC_ReadPublic, (TSS_InPrintFunction_t)ReadPublic_In_Print}, + {TPM_CC_ActivateCredential, (TSS_InPrintFunction_t)ActivateCredential_In_Print}, + {TPM_CC_MakeCredential, (TSS_InPrintFunction_t)MakeCredential_In_Print}, + {TPM_CC_Unseal, (TSS_InPrintFunction_t)Unseal_In_Print}, + {TPM_CC_ObjectChangeAuth, (TSS_InPrintFunction_t)ObjectChangeAuth_In_Print}, + {TPM_CC_CreateLoaded, (TSS_InPrintFunction_t)CreateLoaded_In_Print}, + {TPM_CC_Duplicate, (TSS_InPrintFunction_t)Duplicate_In_Print}, + {TPM_CC_Rewrap, (TSS_InPrintFunction_t)Rewrap_In_Print}, + {TPM_CC_Import, (TSS_InPrintFunction_t)Import_In_Print}, + {TPM_CC_RSA_Encrypt, (TSS_InPrintFunction_t)RSA_Encrypt_In_Print}, + {TPM_CC_RSA_Decrypt, (TSS_InPrintFunction_t)RSA_Decrypt_In_Print}, + {TPM_CC_ECDH_KeyGen, (TSS_InPrintFunction_t)ECDH_KeyGen_In_Print}, + {TPM_CC_ECDH_ZGen, (TSS_InPrintFunction_t)ECDH_ZGen_In_Print}, + {TPM_CC_ECC_Parameters, (TSS_InPrintFunction_t)ECC_Parameters_In_Print}, + {TPM_CC_ZGen_2Phase, (TSS_InPrintFunction_t)ZGen_2Phase_In_Print}, + {TPM_CC_EncryptDecrypt, (TSS_InPrintFunction_t)EncryptDecrypt_In_Print}, + {TPM_CC_EncryptDecrypt2, (TSS_InPrintFunction_t)EncryptDecrypt2_In_Print}, + {TPM_CC_Hash, (TSS_InPrintFunction_t)Hash_In_Print}, + {TPM_CC_HMAC, (TSS_InPrintFunction_t)HMAC_In_Print}, + {TPM_CC_GetRandom, (TSS_InPrintFunction_t)GetRandom_In_Print}, + {TPM_CC_StirRandom, (TSS_InPrintFunction_t)StirRandom_In_Print}, + {TPM_CC_HMAC_Start, (TSS_InPrintFunction_t)HMAC_Start_In_Print}, + {TPM_CC_HashSequenceStart, (TSS_InPrintFunction_t)HashSequenceStart_In_Print}, + {TPM_CC_SequenceUpdate, (TSS_InPrintFunction_t)SequenceUpdate_In_Print}, + {TPM_CC_SequenceComplete, (TSS_InPrintFunction_t)SequenceComplete_In_Print}, + {TPM_CC_EventSequenceComplete, (TSS_InPrintFunction_t)EventSequenceComplete_In_Print}, + {TPM_CC_Certify, (TSS_InPrintFunction_t)Certify_In_Print}, + {TPM_CC_CertifyX509, (TSS_InPrintFunction_t)CertifyX509_In_Print}, + {TPM_CC_CertifyCreation, (TSS_InPrintFunction_t)CertifyCreation_In_Print}, + {TPM_CC_Quote, (TSS_InPrintFunction_t)Quote_In_Print}, + {TPM_CC_GetSessionAuditDigest, (TSS_InPrintFunction_t)GetSessionAuditDigest_In_Print}, + {TPM_CC_GetCommandAuditDigest, (TSS_InPrintFunction_t)GetCommandAuditDigest_In_Print}, + {TPM_CC_GetTime, (TSS_InPrintFunction_t)GetTime_In_Print}, + {TPM_CC_Commit, (TSS_InPrintFunction_t)Commit_In_Print}, + {TPM_CC_EC_Ephemeral, (TSS_InPrintFunction_t)EC_Ephemeral_In_Print}, + {TPM_CC_VerifySignature, (TSS_InPrintFunction_t)VerifySignature_In_Print}, + {TPM_CC_Sign, (TSS_InPrintFunction_t)Sign_In_Print}, + {TPM_CC_SetCommandCodeAuditStatus, (TSS_InPrintFunction_t)SetCommandCodeAuditStatus_In_Print}, + {TPM_CC_PCR_Extend, (TSS_InPrintFunction_t)PCR_Extend_In_Print}, + {TPM_CC_PCR_Event, (TSS_InPrintFunction_t)PCR_Event_In_Print}, + {TPM_CC_PCR_Read, (TSS_InPrintFunction_t)PCR_Read_In_Print}, + {TPM_CC_PCR_Allocate, (TSS_InPrintFunction_t)PCR_Allocate_In_Print}, + {TPM_CC_PCR_SetAuthPolicy, (TSS_InPrintFunction_t)PCR_SetAuthPolicy_In_Print}, + {TPM_CC_PCR_SetAuthValue, (TSS_InPrintFunction_t)PCR_SetAuthValue_In_Print}, + {TPM_CC_PCR_Reset, (TSS_InPrintFunction_t)PCR_Reset_In_Print}, + {TPM_CC_PolicySigned, (TSS_InPrintFunction_t)PolicySigned_In_Print}, + {TPM_CC_PolicySecret, (TSS_InPrintFunction_t)PolicySecret_In_Print}, + {TPM_CC_PolicyTicket, (TSS_InPrintFunction_t)PolicyTicket_In_Print}, + {TPM_CC_PolicyOR, (TSS_InPrintFunction_t)PolicyOR_In_Print}, + {TPM_CC_PolicyPCR, (TSS_InPrintFunction_t)PolicyPCR_In_Print}, + {TPM_CC_PolicyLocality, (TSS_InPrintFunction_t)PolicyLocality_In_Print}, + {TPM_CC_PolicyNV, (TSS_InPrintFunction_t)PolicyNV_In_Print}, + {TPM_CC_PolicyAuthorizeNV, (TSS_InPrintFunction_t)PolicyAuthorizeNV_In_Print}, + {TPM_CC_PolicyCounterTimer, (TSS_InPrintFunction_t)PolicyCounterTimer_In_Print}, + {TPM_CC_PolicyCommandCode, (TSS_InPrintFunction_t)PolicyCommandCode_In_Print}, + {TPM_CC_PolicyPhysicalPresence, (TSS_InPrintFunction_t)PolicyPhysicalPresence_In_Print}, + {TPM_CC_PolicyCpHash, (TSS_InPrintFunction_t)PolicyCpHash_In_Print}, + {TPM_CC_PolicyNameHash, (TSS_InPrintFunction_t)PolicyNameHash_In_Print}, + {TPM_CC_PolicyDuplicationSelect, (TSS_InPrintFunction_t)PolicyDuplicationSelect_In_Print}, + {TPM_CC_PolicyAuthorize, (TSS_InPrintFunction_t)PolicyAuthorize_In_Print}, + {TPM_CC_PolicyAuthValue, (TSS_InPrintFunction_t)PolicyAuthValue_In_Print}, + {TPM_CC_PolicyPassword, (TSS_InPrintFunction_t)PolicyPassword_In_Print}, + {TPM_CC_PolicyGetDigest, (TSS_InPrintFunction_t)PolicyGetDigest_In_Print}, + {TPM_CC_PolicyNvWritten, (TSS_InPrintFunction_t)PolicyNvWritten_In_Print}, + {TPM_CC_PolicyTemplate, (TSS_InPrintFunction_t)PolicyTemplate_In_Print}, + {TPM_CC_CreatePrimary, (TSS_InPrintFunction_t)CreatePrimary_In_Print}, + {TPM_CC_HierarchyControl, (TSS_InPrintFunction_t)HierarchyControl_In_Print}, + {TPM_CC_SetPrimaryPolicy, (TSS_InPrintFunction_t)SetPrimaryPolicy_In_Print}, + {TPM_CC_ChangePPS, (TSS_InPrintFunction_t)ChangePPS_In_Print}, + {TPM_CC_ChangeEPS, (TSS_InPrintFunction_t)ChangeEPS_In_Print}, + {TPM_CC_Clear, (TSS_InPrintFunction_t)Clear_In_Print}, + {TPM_CC_ClearControl, (TSS_InPrintFunction_t)ClearControl_In_Print}, + {TPM_CC_HierarchyChangeAuth, (TSS_InPrintFunction_t)HierarchyChangeAuth_In_Print}, + {TPM_CC_DictionaryAttackLockReset, (TSS_InPrintFunction_t)DictionaryAttackLockReset_In_Print}, + {TPM_CC_DictionaryAttackParameters, (TSS_InPrintFunction_t)DictionaryAttackParameters_In_Print}, + {TPM_CC_PP_Commands, (TSS_InPrintFunction_t)PP_Commands_In_Print}, + {TPM_CC_SetAlgorithmSet, (TSS_InPrintFunction_t)SetAlgorithmSet_In_Print}, + {TPM_CC_ContextSave, (TSS_InPrintFunction_t)ContextSave_In_Print}, + {TPM_CC_ContextLoad, (TSS_InPrintFunction_t)ContextLoad_In_Print}, + {TPM_CC_FlushContext, (TSS_InPrintFunction_t)FlushContext_In_Print}, + {TPM_CC_EvictControl, (TSS_InPrintFunction_t)EvictControl_In_Print}, + {TPM_CC_ReadClock, (TSS_InPrintFunction_t)NULL}, + {TPM_CC_ClockSet, (TSS_InPrintFunction_t)ClockSet_In_Print}, + {TPM_CC_ClockRateAdjust, (TSS_InPrintFunction_t)ClockRateAdjust_In_Print}, + {TPM_CC_GetCapability, (TSS_InPrintFunction_t)GetCapability_In_Print}, + {TPM_CC_TestParms, (TSS_InPrintFunction_t)TestParms_In_Print}, + {TPM_CC_NV_DefineSpace, (TSS_InPrintFunction_t)NV_DefineSpace_In_Print}, + {TPM_CC_NV_UndefineSpace, (TSS_InPrintFunction_t)NV_UndefineSpace_In_Print}, + {TPM_CC_NV_UndefineSpaceSpecial, (TSS_InPrintFunction_t)NV_UndefineSpaceSpecial_In_Print}, + {TPM_CC_NV_ReadPublic, (TSS_InPrintFunction_t)NV_ReadPublic_In_Print}, + {TPM_CC_NV_Write, (TSS_InPrintFunction_t)NV_Write_In_Print}, + {TPM_CC_NV_Increment, (TSS_InPrintFunction_t)NV_Increment_In_Print}, + {TPM_CC_NV_Extend, (TSS_InPrintFunction_t)NV_Extend_In_Print}, + {TPM_CC_NV_SetBits, (TSS_InPrintFunction_t)NV_SetBits_In_Print}, + {TPM_CC_NV_WriteLock, (TSS_InPrintFunction_t)NV_WriteLock_In_Print}, + {TPM_CC_NV_GlobalWriteLock, (TSS_InPrintFunction_t)NV_GlobalWriteLock_In_Print}, + {TPM_CC_NV_Read, (TSS_InPrintFunction_t)NV_Read_In_Print}, + {TPM_CC_NV_ReadLock, (TSS_InPrintFunction_t)NV_ReadLock_In_Print}, + {TPM_CC_NV_ChangeAuth, (TSS_InPrintFunction_t)NV_ChangeAuth_In_Print}, + {TPM_CC_NV_Certify, (TSS_InPrintFunction_t)NV_Certify_In_Print} +}; + +#endif /* TPM_TSS_NO_PRINT */ + +/* local prototypes */ + +static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + va_list ap); + + +static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand, + const char *password); +static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse); + +static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session); +static void TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session); +static void TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session); + +#ifndef TPM_TSS_NOCRYPTO +static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPM2B_DIGEST *salt, + TPMI_DH_ENTITY bind, + TPM2B_AUTH *bindAuthValue); +static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session, + TPMS_AUTH_COMMAND *authC); +static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + const char *password); +#endif /* TPM_TSS_NOCRYPTO */ +static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session[], + TPMS_AUTH_COMMAND *authCommand[], + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[], + const char *password[], + TPM2B_NAME *name0, + TPM2B_NAME *name1, + TPM2B_NAME *name2); +#ifndef TPM_TSS_NOCRYPTO +static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session, + TPMS_AUTH_RESPONSE *authResponse); +#endif /* TPM_TSS_NOCRYPTO */ +static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPMS_AUTH_RESPONSE *authR); + + +static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session); +static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPMI_SH_AUTH_SESSION sessionHandle); +#ifdef TPM_TSS_NOFILE +static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle, + uint32_t outLength, + uint8_t *outBuffer); +static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext, + uint32_t *inLength, uint8_t **inData, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPMI_SH_AUTH_SESSION sessionHandle); +#endif +static TPM_RC TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source, + uint16_t *written, uint8_t **buffer, uint32_t *size); +static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target, + uint8_t **buffer, uint32_t *size); + +static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext, + TPM2B_NAME **names); +static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle); +static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string); +static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string); +static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext, + TPM_HANDLE outHandle, + const char *outString, + TPM_HANDLE inHandle, + const char *inString); +static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string); +static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string); +static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext, + TPM_HANDLE outHandle, + const char *outString, + TPM_HANDLE inHandle, + const char *inString); +#ifdef TPM_TSS_NOFILE +static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPM_HANDLE handle); +static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle); +#endif +static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext, + TPM_HANDLE handle); +#ifndef TPM_TSS_NOCRYPTO +static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name, + TPMT_PUBLIC *tpmtPublic); + +static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX handle); +static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX handle); +#endif +static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, + TPMI_RH_NV_INDEX nvIndex); +#ifdef TPM_TSS_NOFILE +static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPMI_RH_NV_INDEX nvIndex); +#endif + +static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session[], + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]); +#ifndef TPM_TSS_NOCRYPTO +static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session); +static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session); + +#endif /* TPM_TSS_NOCRYPTO */ +static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session[], + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]); +#ifndef TPM_TSS_NOCRYPTO +static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session); +static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session); + +static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + COMMAND_PARAMETERS *in); +#endif /* TPM_TSS_NOCRYPTO */ + +static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, + TPM_CC commandCode, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra); +static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA_PARAMETERS *extra); + +static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt, + unsigned int *decryptSession, + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]); +static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt, + unsigned int *encryptSession, + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]); + +#ifndef TPM_TSS_NOFILE +static TPM_RC TSS_HashToString(char *str, uint8_t *digest); +#endif +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NORSA +static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST *salt, + TPM2B_ENCRYPTED_SECRET *encryptedSalt, + TPMT_PUBLIC *publicArea); +#endif /* TPM_TSS_NORSA */ +#endif /* TPM_TSS_NOCRYPTO */ +extern int tssVerbose; +extern int tssVverbose; +extern int tssFirstCall; + + +TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra, + TPM_CC commandCode, + va_list ap) +{ + TPM_RC rc = 0; + + /* create a TSS authorization context */ + if (rc == 0) { + TSS_InitAuthContext(tssContext->tssAuthContext); + } + /* handle any command specific command pre-processing */ + if (rc == 0) { + rc = TSS_Command_PreProcessor(tssContext, + commandCode, + in, + extra); + } + /* marshal input parameters */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute20: Command %08x marshal\n", commandCode); + rc = TSS_Marshal(tssContext->tssAuthContext, + in, + commandCode); + } + /* execute the command */ + if (rc == 0) { + rc = TSS_Execute_valist(tssContext, in, ap); + } + /* unmarshal the response parameters */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute20: Command %08x unmarshal\n", commandCode); + rc = TSS_Unmarshal(tssContext->tssAuthContext, out); + } + /* handle any command specific response post-processing */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute20: Command %08x post processor\n", commandCode); + rc = TSS_Response_PostProcessor(tssContext, + in, + out, + extra); + } + return rc; +} + +/* TSS_Execute_valist() transmits the marshaled command and receives the marshaled response. + + varargs are TPMI_SH_AUTH_SESSION sessionHandle, const char *password, unsigned int + sessionAttributes + + Terminates with sessionHandle TPM_RH_NULL + + Processes up to MAX_SESSION_NUM sessions. It handles HMAC generation and command and response + parameter encryption. It loads each session context, rolls nonces, and saves or deletes the + session context. +*/ + +static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + va_list ap) +{ + TPM_RC rc = 0; + int done; + int haveNames = FALSE; /* names are common to all HMAC sessions */ + size_t i = 0; + + /* the vararg parameters */ + TPMI_SH_AUTH_SESSION sessionHandle[MAX_SESSION_NUM]; + const char *password[MAX_SESSION_NUM]; + unsigned int sessionAttributes[MAX_SESSION_NUM]; + + /* structures filled in */ + TPMS_AUTH_COMMAND *authCommand[MAX_SESSION_NUM]; + TPMS_AUTH_RESPONSE *authResponse[MAX_SESSION_NUM]; + + /* pointer to the above structures as used */ + TPMS_AUTH_COMMAND *authC[MAX_SESSION_NUM]; + TPMS_AUTH_RESPONSE *authR[MAX_SESSION_NUM]; + + /* TSS sessions */ + struct TSS_HMAC_CONTEXT *session[MAX_SESSION_NUM]; + TPM2B_NAME *names[MAX_SESSION_NUM]; + + + for (i = 0 ; i < MAX_SESSION_NUM ; i++) { + authCommand[i] = NULL; /* for safe free */ + authResponse[i] = NULL; /* for safe free */ + names[i] = NULL; /* for safe free */ + authC[i] = NULL; /* array of TPMS_AUTH_COMMAND structures, NULL for + TSS_SetCmdAuths */ + authR[i] = NULL; /* array of TPMS_AUTH_RESPONSE structures, NULL for + TSS_GetRspAuths */ + session[i] = NULL; /* for free, used for HMAC and encrypt/decrypt sessions */ + /* the varargs list inputs */ + sessionHandle[i] = TPM_RH_NULL; + password[i] = NULL; + sessionAttributes[i] = 0; + } + /* Step 1: initialization */ + if (tssVverbose) printf("TSS_Execute_valist: Step 1: initialization\n"); + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) { + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&authCommand[i], /* freed @1 */ + sizeof(TPMS_AUTH_COMMAND)); + } + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&authResponse[i], /* freed @2 */ + sizeof(TPMS_AUTH_RESPONSE)); + } + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&names[i], /* freed @3 */ + sizeof(TPM2B_NAME)); + } + if (rc == 0) { + names[i]->b.size = 0; /* to ignore unused names in cpHash calculation */ + } + } + /* Step 2: gather the command authorizations + + Process PWAP immediately + For HMAC, get the session context + */ + done = FALSE; + for (i = 0 ; (rc == 0) && !done && (i < MAX_SESSION_NUM) ; i++) { + sessionHandle[i] = va_arg(ap, TPMI_SH_AUTH_SESSION); /* first vararg is the session + handle */ + password[i]= va_arg(ap, const char *); /* second vararg is the password */ + sessionAttributes[i] = va_arg(ap, unsigned int); /* third argument is + sessionAttributes */ + sessionAttributes[i] &= 0xff; /* is uint8_t */ + + if (sessionHandle[i] != TPM_RH_NULL) { /* varargs termination value */ + + if (tssVverbose) printf("TSS_Execute_valist: Step 2: authorization %u\n", + (unsigned int)i); + if (tssVverbose) printf("TSS_Execute_valist: session %u handle %08x\n", + (unsigned int)i, sessionHandle[i]); + /* make used, non-NULL for command and response varargs */ + authC[i] = authCommand[i]; + authR[i] = authResponse[i]; + + /* if password session, populate authC with password, etc. immediately */ + if (sessionHandle[i] == TPM_RS_PW) { + rc = TSS_PwapSession_Set(authC[i], password[i]); + } + /* if HMAC or encrypt/decrypt session */ + else { + /* initialize a TSS HMAC session */ + if (rc == 0) { + rc = TSS_HmacSession_GetContext(&session[i]); + } + /* load the session created by startauthsession */ + if (rc == 0) { + rc = TSS_HmacSession_LoadSession(tssContext, session[i], sessionHandle[i]); + } + /* if there is at least one HMAC session, get the names corresponding to the + handles */ + if ((session[i]->sessionType == TPM_SE_HMAC) || /* HMAC session. OR */ + ((session[i]->sessionType == TPM_SE_POLICY) && /* Policy session AND */ + +#ifndef TPM_TSS_NOCRYPTO + ((session[i]->isAuthValueNeeded) || /* PolicyAuthValue ran, OR */ + (session[i]->sessionKey.b.size != 0))) /* Already session key (bind or salt) */ +#else + (session[i]->isAuthValueNeeded)) /* PolicyAuthValue ran, OR */ +#endif /* TPM_TSS_NOCRYPTO */ + ) { + if ((rc == 0) && !haveNames) { + rc = TSS_Name_GetAllNames(tssContext, names); + haveNames = TRUE; /* get only once, minor optimization */ + } + } + } + } + else { + done = TRUE; + } + } + /* Step 3: Roll nonceCaller, save in the session context for the response */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (sessionHandle[i] != TPM_RS_PW) { /* no nonce for password sessions */ + if (tssVverbose) + printf("TSS_Execute_valist: Step 3: nonceCaller %08x\n", sessionHandle[i]); +#ifndef TPM_TSS_NOCRYPTO + rc = TSS_HmacSession_SetNonceCaller(session[i], authC[i]); +#else + authC[i]->nonce.b.size = 16; + memset(&authC[i]->nonce.b.buffer, 0, 16); +#endif /* TPM_TSS_NOCRYPTO */ + } + } + +#ifndef TPM_TSS_NOCRYPTO + /* Step 4: Calculate the HMAC key */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (sessionHandle[i] != TPM_RS_PW) { /* no HMAC key for password sessions */ + if (tssVverbose) printf("TSS_Execute_valist: Step 4: Session %u HMAC key for %08x\n", + (unsigned int)i, sessionHandle[i]); + rc = TSS_HmacSession_SetHmacKey(tssContext, session[i], i, password[i]); + } + } +#endif /* TPM_TSS_NOCRYPTO */ + /* Step 5: command parameter encryption */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 5: command encrypt\n"); + rc = TSS_Command_Decrypt(tssContext->tssAuthContext, + session, + sessionHandle, + sessionAttributes); + } + /* Step 6: for each HMAC session, calculate cpHash, calculate the HMAC, and set it in + TPMS_AUTH_COMMAND */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 6 calculate HMACs\n"); + rc = TSS_HmacSession_SetHMAC(tssContext->tssAuthContext, /* TSS auth context */ + session, /* TSS session contexts */ + authC, /* output: command authorizations */ + sessionHandle, /* list of session handles for the command */ + sessionAttributes, /* attributes for this command */ + password, /* for plaintext password sessions */ + names[0], /* Name */ + names[1], /* Name */ + names[2]); /* Name */ + } + /* Step 7: set the command authorizations in the TSS command stream */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 7 set command authorizations\n"); + rc = TSS_SetCmdAuths(tssContext->tssAuthContext, + authC[0], + authC[1], + authC[2], + NULL); + } + /* Step 8: process the command. Normally returns the TPM response code. */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 8: process the command\n"); + rc = TSS_AuthExecute(tssContext); + } + /* Step 9: get the response authorizations from the TSS response stream */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 9 get response authorizations\n"); + rc = TSS_GetRspAuths(tssContext->tssAuthContext, + authR[0], + authR[1], + authR[2], + NULL); + } + /* Step 10: process the response authorizations, validate the HMAC */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (tssVverbose) + printf("TSS_Execute_valist: Step 10: process response authorization %08x\n", + sessionHandle[i]); + if (sessionHandle[i] == TPM_RS_PW) { + rc = TSS_PwapSession_Verify(authR[i]); + } + /* HMAC session */ + else { +#ifndef TPM_TSS_NOCRYPTO + /* save nonceTPM in the session context */ + if (rc == 0) { + rc = TSS_TPM2B_Copy(&session[i]->nonceTPM.b, &authR[i]->nonce.b, sizeof(TPMU_HA)); + } +#endif /* TPM_TSS_NOCRYPTO */ + /* the HMAC key is already part of the TSS session context. For policy sessions with + policy password, the response hmac is empty. */ + if ((session[i]->sessionType == TPM_SE_HMAC) || + ((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded))) { +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_Command_ChangeAuthProcessor(tssContext, session[i], i, in); + } + if (rc == 0) { + rc = TSS_HmacSession_Verify(tssContext->tssAuthContext, /* authorization + context */ + session[i], /* TSS session context */ + authR[i]); /* input: response authorization */ + } +#else + in = in; + if (tssVerbose) + printf("TSS_Execute_valist: " + "Error, HMAC verify with no crypto not implemented\n"); + rc = TSS_RC_NOT_IMPLEMENTED; +#endif /* TPM_TSS_NOCRYPTO */ + } + } + } + /* Step 11: process the audit flag */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if ((sessionHandle[i] != TPM_RS_PW) && + (session[i]->bind != TPM_RH_NULL) && + (authR[i]->sessionAttributes.val & TPMA_SESSION_AUDIT)) { + if (tssVverbose) printf("TSS_Execute_valist: Step 11: process bind audit flag %08x\n", + sessionHandle[i]); + /* if bind audit session, bind value is lost and further use requires authValue */ + session[i]->bind = TPM_RH_NULL; + } + } + /* Step 12: process the response continue flag */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + if (sessionHandle[i] != TPM_RS_PW) { + if (tssVverbose) printf("TSS_Execute_valist: Step 12: process continue flag %08x\n", + sessionHandle[i]); + rc = TSS_HmacSession_Continue(tssContext, session[i], authR[i]); + } + } + /* Step 13: response parameter decryption */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Execute_valist: Step 13: response decryption\n"); + rc = TSS_Response_Encrypt(tssContext->tssAuthContext, + session, + sessionHandle, + sessionAttributes); + } + /* cleanup */ + for (i = 0 ; i < MAX_SESSION_NUM ; i++) { + TSS_HmacSession_FreeContext(session[i]); + free(authCommand[i]); /* @1 */ + free(authResponse[i]); /* @2 */ + free(names[i]); /* @3 */ + } + return rc; +} + +/* + PWAP - Password Session +*/ + +/* TSS_PwapSession_Set() sets all members of the TPMS_AUTH_COMMAND structure for a PWAP session. + */ + +static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand, + const char *password) +{ + TPM_RC rc = 0; + + if (rc == 0) { + authCommand->sessionHandle = TPM_RS_PW; + authCommand->nonce.t.size = 0; + authCommand->sessionAttributes.val = 0; + } + if (password != NULL) { + rc = TSS_TPM2B_StringCopy(&authCommand->hmac.b, + password, sizeof(authCommand->hmac.t.buffer)); + } + else { + authCommand->hmac.t.size = 0; + } + return rc; +} + +/* TSS_PwapSession_Verify() verifies the PWAP session response. */ + +static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (authResponse->nonce.t.size != 0) { + if (tssVerbose) printf("TSS_PwapSession_Verify: nonce size %u not zero\n", + authResponse->nonce.t.size); + rc = TSS_RC_BAD_PWAP_NONCE; + } + } + if (rc == 0) { + if (authResponse->sessionAttributes.val != TPMA_SESSION_CONTINUESESSION) { + if (tssVerbose) printf("TSS_PwapSession_Verify: continue %02x not set\n", + authResponse->sessionAttributes.val); + rc = TSS_RC_BAD_PWAP_ATTRIBUTES; + } + } + if (rc == 0) { + if (authResponse->hmac.t.size != 0) { + if (tssVerbose) printf("TSS_PwapSession_Verify: HMAC size %u not zero\n", + authResponse->hmac.t.size); + rc = TSS_RC_BAD_PWAP_HMAC; + } + } + return rc; +} + +/* + HMAC Session +*/ + +static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)session, sizeof(TSS_HMAC_CONTEXT)); + } + if (rc == 0) { + TSS_HmacSession_InitContext(*session); + } + return rc; +} + +static void TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session) +{ + session->sessionHandle = TPM_RH_NULL; + session->authHashAlg = TPM_ALG_NULL; +#ifndef TPM_TSS_NOCRYPTO + session->sizeInBytes = 0; +#endif + session->symmetric.algorithm = TPM_ALG_NULL; + session->bind = TPM_RH_NULL; + session->bindName.b.size = 0; + session->bindAuthValue.t.size = 0; +#ifndef TPM_TSS_NOCRYPTO + memset(session->nonceTPM.t.buffer, 0, sizeof(TPMU_HA)); + session->nonceTPM.b.size = 0; + memset(session->nonceCaller.t.buffer, 0, sizeof(TPMU_HA)); + session->nonceCaller.b.size = 0; + memset(session->sessionKey.t.buffer, 0, sizeof(TPMU_HA)); + session->sessionKey.b.size = 0; +#endif + session->sessionType = 0; + session->isPasswordNeeded = FALSE; + session->isAuthValueNeeded = FALSE; + memset(session->hmacKey.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA)); + session->hmacKey.b.size = 0; +#ifndef TPM_TSS_NOCRYPTO + memset(session->sessionValue.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA)); + session->sessionValue.b.size = 0; +#endif +} + +void TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session) +{ + if (session != NULL) { + TSS_HmacSession_InitContext(session); + free(session); + } + return; +} + +/* TSS_HmacSession_SetSessionKey() is called by the StartAuthSession post processor to calculate and + store the session key + + 19.6.8 sessionKey Creation +*/ + +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPM2B_DIGEST *salt, + TPMI_DH_ENTITY bind, + TPM2B_AUTH *bindAuthValue) +{ + TPM_RC rc = 0; + TPM2B_KEY key; /* HMAC key for the KDFa */ + + if (rc == 0) { + /* save the bind handle, non-null indicates a bound session */ + session->bind = bind; + /* if bind, save the bind Name in the session context. The handle might change, but the + name will not */ + if ((rc == 0) && (bind != TPM_RH_NULL)) { + rc = TSS_Name_GetName(tssContext, &session->bindName, bind); + } + } + if (rc == 0) { + if ((bind != TPM_RH_NULL) || + (salt->b.size != 0)) { + + /* session key is bindAuthValue || salt */ + /* copy bindAuthValue. This is set during the post processor to either the supplied + bind password or Empty */ + if (rc == 0) { + rc = TSS_TPM2B_Copy(&key.b, &bindAuthValue->b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + /* copy salt. This is set during the postprocessor to either the salt from the + preprocessor or empty. */ + if (rc == 0) { + rc = TSS_TPM2B_Append(&key.b, &salt->b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetSessionKey: KDFa HMAC key", + key.b.buffer, key.b.size); + } + /* KDFa for the session key */ + if (rc == 0) { + rc = TSS_KDFA(session->sessionKey.b.buffer, + session->authHashAlg, + &key.b, + "ATH", + &session->nonceTPM.b, + &session->nonceCaller.b, + session->sizeInBytes * 8); + } + if (rc == 0) { + session->sessionKey.b.size = session->sizeInBytes; + if (tssVverbose) + TSS_PrintAll("TSS_HmacSession_SetSessionKey: Session key", + session->sessionKey.b.buffer, session->sessionKey.b.size); + } + } + else { + session->sessionKey.b.size = 0; + } + } + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +/* TSS_HmacSession_SaveSession() saves a session in two cases: + + The initial session from startauthsession + The updated session a TPM response +*/ + + +static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; /* marshaled TSS_HMAC_CONTEXT */ + uint16_t written = 0; +#ifndef TPM_TSS_NOFILE + char sessionFilename[TPM_DATA_DIR_PATH_LENGTH]; + uint8_t *outBuffer = NULL; + uint32_t outLength; +#endif + + if (tssVverbose) printf("TSS_HmacSession_SaveSession: handle %08x\n", session->sessionHandle); + if (rc == 0) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + session, + (MarshalFunction_t)TSS_HmacSession_Marshal); + } +#ifndef TPM_TSS_NOFILE + if (rc == 0) { +#ifndef TPM_TSS_NOCRYPTO + /* if the flag is set, encrypt the session state before store */ + if (tssContext->tssEncryptSessions) { + rc = TSS_AES_Encrypt(tssContext->tssSessionEncKey, + &outBuffer, /* output, freed @2 */ + &outLength, /* output */ + buffer, /* input */ + written); /* input */ + } + /* else store the session state in plaintext */ + else { +#endif /* TPM_TSS_NOCRYPTO */ + outBuffer = buffer; + outLength = written; +#ifndef TPM_TSS_NOCRYPTO + } +#endif /* TPM_TSS_NOCRYPTO */ + } + /* save the session in a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session + handle */ + if (rc == 0) { + sprintf(sessionFilename, "%s/h%08x.bin", + tssContext->tssDataDirectory, session->sessionHandle); + } + if (rc == 0) { + rc = TSS_File_WriteBinaryFile(outBuffer, + outLength, + sessionFilename); + } + if (tssContext->tssEncryptSessions) { + free(outBuffer); /* @2 */ + } +#else /* no file support, save to context */ + if (rc == 0) { + rc = TSS_HmacSession_SaveData(tssContext, + session->sessionHandle, + written, buffer); + } +#endif + free(buffer); /* @1 */ + return rc; +} + +/* TSS_HmacSession_LoadSession() loads an existing HMAC session context saved by: + + startauthsession + an update after a TPM response +*/ + +static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPMI_SH_AUTH_SESSION sessionHandle) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; + uint8_t *buffer1 = NULL; +#ifndef TPM_TSS_NOFILE + size_t length = 0; + char sessionFilename[TPM_DATA_DIR_PATH_LENGTH]; +#endif + unsigned char *inData = NULL; /* output */ + uint32_t inLength; /* output */ + + if (tssVverbose) printf("TSS_HmacSession_LoadSession: handle %08x\n", sessionHandle); +#ifndef TPM_TSS_NOFILE + /* load the session from a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session + handle */ + if (rc == 0) { + sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, sessionHandle); + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + sessionFilename); + } + if (rc == 0) { +#ifndef TPM_TSS_NOCRYPTO + /* if the flag is set, decrypt the session state before unmarshal */ + if (tssContext->tssEncryptSessions) { + rc = TSS_AES_Decrypt(tssContext->tssSessionDecKey, + &inData, /* output, freed @2 */ + &inLength, /* output */ + buffer, /* input */ + length); /* input */ + } + /* else the session was loaded in plaintext */ + else { +#endif /* TPM_TSS_NOCRYPTO */ + inData = buffer; + inLength = length; +#ifndef TPM_TSS_NOCRYPTO + } +#endif /* TPM_TSS_NOCRYPTO */ + } +#else /* no file support, load from context */ + if (rc == 0) { + rc = TSS_HmacSession_LoadData(tssContext, + &inLength, &inData, + sessionHandle); + } +#endif + if (rc == 0) { + uint32_t ilength = inLength; + buffer1 = inData; + rc = TSS_HmacSession_Unmarshal(session, &buffer1, &ilength); + } +#ifndef TPM_TSS_NOFILE + if (tssContext->tssEncryptSessions) { + free(inData); /* @2 */ + } +#endif + free(buffer); /* @1 */ + return rc; +} + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle, + uint32_t outLength, + uint8_t *outBuffer) +{ + TPM_RC rc = 0; + size_t slotIndex; + + /* if this handle is already used, overwrite the slot */ + if (rc == 0) { + rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); + if (rc != 0) { + rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); + if (rc == 0) { + tssContext->sessions[slotIndex].sessionHandle = sessionHandle; + } + else { + if (tssVerbose) + printf("TSS_HmacSession_SaveData: Error, no slot available for handle %08x\n", + sessionHandle); + } + } + } + /* reallocate memory and adjust the size */ + if (rc == 0) { + rc = TSS_Realloc(&tssContext->sessions[slotIndex].sessionData, outLength); + } + if (rc == 0) { + tssContext->sessions[slotIndex].sessionDataLength = outLength; + memcpy(tssContext->sessions[slotIndex].sessionData, outBuffer, outLength); + } + return rc; +} + +static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext, + uint32_t *inLength, uint8_t **inData, + TPMI_SH_AUTH_SESSION sessionHandle) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_HmacSession_LoadData: Error, no slot found for handle %08x\n", + sessionHandle); + } + } + if (rc == 0) { + *inLength = tssContext->sessions[slotIndex].sessionDataLength; + *inData = tssContext->sessions[slotIndex].sessionData; + } + return rc; +} + +static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_HmacSession_DeleteData: Error, no slot found for handle %08x\n", + sessionHandle); + } + } + if (rc == 0) { + tssContext->sessions[slotIndex].sessionHandle = TPM_RH_NULL; + /* erase any secrets */ + memset(tssContext->sessions[slotIndex].sessionData, 0, + tssContext->sessions[slotIndex].sessionDataLength); + free(tssContext->sessions[slotIndex].sessionData); + tssContext->sessions[slotIndex].sessionData = NULL; + tssContext->sessions[slotIndex].sessionDataLength = 0; + } + return rc; +} + +/* TSS_HmacSession_GetSlotForHandle() finds the session slot corresponding to the session handle. + + Returns non-zero if no slot is found. +*/ + +static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPMI_SH_AUTH_SESSION sessionHandle) +{ + size_t i; + + /* search all slots for handle */ + for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { + if (tssContext->sessions[i].sessionHandle == sessionHandle) { + *slotIndex = i; + return 0; + } + } + return TSS_RC_NO_SESSION_SLOT; +} + +#endif + +static TPM_RC TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source, + uint16_t *written, + uint8_t **buffer, + uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_TPMI_SH_AUTH_SESSION_Marshalu(&source->sessionHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->authHashAlg, written, buffer, size); + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->sizeInBytes, written, buffer, size); + } +#endif + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_Marshalu(&source->symmetric, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->bind, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->bindName, written, buffer, size); + } +#ifdef TPM_WINDOWS + /* FIXME Why does a VS release build need a printf here? */ + if (tssVverbose) printf(""); +#endif + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->bindAuthValue, written, buffer, size); + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceCaller, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->sessionKey, written, buffer, size); + } +#endif + if (rc == 0) { + rc = TSS_TPM_SE_Marshalu(&source->sessionType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->isPasswordNeeded, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->isAuthValueNeeded, written, buffer, size); + } + return rc; +} + +static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target, + uint8_t **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(&target->sessionHandle, buffer, size, NO); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->authHashAlg, buffer, size, NO); + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->sizeInBytes, buffer, size); + } +#endif + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_Unmarshalu(&target->symmetric, buffer, size, YES); + } + if (rc == 0) { + rc = TSS_TPMI_DH_ENTITY_Unmarshalu(&target->bind, buffer, size, YES); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->bindName, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Unmarshalu(&target->bindAuthValue, buffer, size); + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceCaller, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sessionKey, buffer, size); + } +#endif + if (rc == 0) { + rc = TSS_TPM_SE_Unmarshalu(&target->sessionType, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->isPasswordNeeded, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&target->isAuthValueNeeded, buffer, size); + } + return rc; +} + +/* + Name handling +*/ + +/* TSS_Name_GetAllNames() files in the names array based on the handles marshaled into the TSS + context command stream. */ + +static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext, + TPM2B_NAME **names) +{ + TPM_RC rc = 0; + size_t i; + size_t commandHandleCount; /* number of handles in the command stream */ + TPM_HANDLE commandHandle; + + /* get the number of handles in the command stream */ + if (rc == 0) { + rc = TSS_GetCommandHandleCount(tssContext->tssAuthContext, &commandHandleCount); + if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandleCount %u\n", + (unsigned int)commandHandleCount); + } + for (i = 0 ; (rc == 0) && (i < commandHandleCount) ; i++) { + /* get a handle from the command stream */ + if (rc == 0) { + rc = TSS_GetCommandHandle(tssContext->tssAuthContext, + &commandHandle, + i); + } + /* get the Name corresponding to the handle */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandle %u %08x\n", + (unsigned int)i, commandHandle); + rc = TSS_Name_GetName(tssContext, names[i], commandHandle); + } + } + return rc; +} + +/* TSS_Name_GetName() gets the Name associated with the handle */ + +static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle) +{ + TPM_RC rc = 0; + TPM_HT handleType; + + if (tssVverbose) printf("TSS_Name_GetName: Handle %08x\n", handle); + handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); + + /* Table 3 - Equations for Computing Entity Names */ + switch (handleType) { + /* for these, the Name is simply the handle value */ + case TPM_HT_PCR: + case TPM_HT_HMAC_SESSION: + case TPM_HT_POLICY_SESSION: + case TPM_HT_PERMANENT: + rc = TSS_TPM2B_CreateUint32(&name->b, handle, sizeof(name->t.name)); + break; + /* for NV, the Names was calculated at NV read public */ + case TPM_HT_NV_INDEX: + /* for objects, the Name was returned at creation or load */ + case TPM_HT_TRANSIENT: + case TPM_HT_PERSISTENT: + rc = TSS_Name_Load(tssContext, name, handle, NULL); + break; + default: + if (tssVerbose) printf("TSS_Name_GetName: not implemented for handle %08x\n", handle); + rc = TSS_RC_NAME_NOT_IMPLEMENTED; + break; + } + if (rc == 0) { + if (tssVverbose) + TSS_PrintAll("TSS_Name_GetName: ", + name->t.name, name->t.size); + } + + return rc; +} + +/* TSS_Name_Store() stores the 'name' parameter in a file. + + If handle is not 0, the handle is used as the file name. + + If 'string' is not NULL, the string is used as the file name. +*/ + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + char nameFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); + } + else { + if (tssVerbose) printf("TSS_Name_Store: handle and string are both null"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string); + } + else { + if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_Name_Store: File %s\n", nameFilename); + rc = TSS_File_WriteBinaryFile(name->b.buffer, name->b.size, nameFilename); + } + return rc; +} + +#endif + +/* TSS_Name_Load() loads the 'name' from a file. + + If handle is not 0, the handle is used as the file name. + + If 'string' is not NULL, the string is used as the file name. +*/ + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + char nameFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); + } + else { + if (tssVerbose) printf("TSS_Name_Load: handle and string are both null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string); + } + else { + if (tssVerbose) printf("TSS_Name_Load: handle and string are both not null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_Name_Load: File %s\n", nameFilename); + rc = TSS_File_Read2B(&name->b, + sizeof(name->t.name), + nameFilename); + } + return rc; +} + +#endif + +/* TSS_Name_Store() stores the 'name' parameter the TSS context. + +*/ + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + TPM_HT handleType; + size_t slotIndex; + + if (tssVverbose) printf("TSS_Name_Store: Handle %08x\n", handle); + handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); + + switch (handleType) { + case TPM_HT_NV_INDEX: + /* for NV, the Name was returned at creation */ + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); + if (rc == 0) { + tssContext->nvPublic[slotIndex].nvIndex = handle; + } + else { + if (tssVerbose) + printf("TSS_Name_Store: Error, no slot available for handle %08x\n", handle); + } + } + if (rc == 0) { + tssContext->nvPublic[slotIndex].name = *name; + } + break; + case TPM_HT_TRANSIENT: + case TPM_HT_PERSISTENT: + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + /* if this handle is already used, overwrite the slot */ + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); + if (rc == 0) { + tssContext->objectPublic[slotIndex].objectHandle = handle; + } + else { + if (tssVerbose) + printf("TSS_Name_Store: " + "Error, no slot available for handle %08x\n", + handle); + } + } + } + else { + if (tssVerbose) printf("TSS_Name_Store: handle and string are both null"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + if (tssVerbose) printf("TSS_Name_Store: string unimplemented"); + rc = TSS_RC_NAME_FILENAME; + } + else { + if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + tssContext->objectPublic[slotIndex].name = *name; + } + break; + default: + if (tssVerbose) printf("TSS_Name_Store: handle type %02x unimplemented", handleType); + rc = TSS_RC_NAME_FILENAME; + } + return rc; +} + +#endif + +/* TSS_Name_Load() loads the 'name' from the TSS context. + +*/ + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, + TPM2B_NAME *name, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + TPM_HT handleType; + size_t slotIndex; + + string = string; + + if (tssVverbose) printf("TSS_Name_Load: Handle %08x\n", handle); + handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); + + switch (handleType) { + case TPM_HT_NV_INDEX: + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle); + } + if (rc == 0) { + *name = tssContext->nvPublic[slotIndex].name; + } + break; + case TPM_HT_TRANSIENT: + case TPM_HT_PERSISTENT: + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle); + } + if (rc == 0) { + *name = tssContext->objectPublic[slotIndex].name; + } + break; + default: + if (tssVerbose) printf("TSS_Name_Load: handle type %02x unimplemented", handleType); + rc = TSS_RC_NAME_FILENAME; + + } + return rc; +} + +#endif + +/* TSS_Name_Copy() copies the name from either inHandle or inString to either outHandle or + outString */ + +static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext, + TPM_HANDLE outHandle, + const char *outString, + TPM_HANDLE inHandle, + const char *inString) +{ + TPM_RC rc = 0; + TPM2B_NAME name; + + if (rc == 0) { + rc = TSS_Name_Load(tssContext, &name, inHandle, inString); + } + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &name, outHandle, outString); + } + return rc; +} + +/* TSS_Public_Store() stores the 'public' parameter in a file. + + If handle is not 0, the handle is used as the file name. + + If 'string' is not NULL, the string is used as the file name. +*/ + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + char publicFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { /* store by handle */ + sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); + } + else { + if (tssVerbose) printf("TSS_Public_Store: handle and string are both null"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { /* store by string */ + sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string); + } + else { + if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_Public_Store: File %s\n", publicFilename); + rc = TSS_File_WriteStructure(public, + (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshalu, + publicFilename); + } + return rc; +} + +#endif + +/* TSS_Public_Load() loads the 'public' parameter from a file. + + If handle is not 0, the handle is used as the file name. + + If 'string' is not NULL, the string is used as the file name. +*/ + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + char publicFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); + } + else { + if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string); + } + else { + if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_Public_Load: File %s\n", publicFilename); + rc = TSS_File_ReadStructureFlag(public, + (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu, + TRUE, /* NULL permitted */ + publicFilename); + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +/* TSS_Public_Copy() copies the TPM2B_PUBLIC from either inHandle or inString to either outHandle or + outString */ + +static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext, + TPM_HANDLE outHandle, + const char *outString, + TPM_HANDLE inHandle, + const char *inString) +{ + TPM_RC rc = 0; + TPM2B_PUBLIC public; + + if (rc == 0) { + rc = TSS_Public_Load(tssContext, &public, inHandle, inString); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &public, outHandle, outString); + } + return rc; +} + +/* TSS_Public_Store() stores the 'public' parameter in the TSS context. + */ + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + /* if this handle is already used, overwrite the slot */ + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); + if (rc == 0) { + tssContext->objectPublic[slotIndex].objectHandle = handle; + } + else { + if (tssVerbose) + printf("TSS_Public_Store: Error, no slot available for handle %08x\n", + handle); + } + } + } + else { + if (tssVerbose) printf("TSS_Public_Store: handle and string are both null"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + if (tssVerbose) printf("TSS_Public_Store: string not implemented yet"); + rc = TSS_RC_NAME_FILENAME; + } + else { + if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + tssContext->objectPublic[slotIndex].objectPublic = *public; + } + return rc; +} + +#endif + +/* TSS_Public_Load() loaded the object public from the TSS context. + + */ + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, + TPM2B_PUBLIC *public, + TPM_HANDLE handle, + const char *string) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + if (string == NULL) { + if (handle != 0) { + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_Public_Load: Error, no slot found for handle %08x\n", + handle); + } + } + else { + if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + else { + if (handle == 0) { + if (tssVerbose) printf("TSS_Public_Load: string not implemented yet"); + rc = TSS_RC_NAME_FILENAME; + } + else { + if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n"); + rc = TSS_RC_NAME_FILENAME; + } + } + } + if (rc == 0) { + *public = tssContext->objectPublic[slotIndex].objectPublic; + } + return rc; +} + +#endif /* TPM_TSS_NOFILE */ + +#ifdef TPM_TSS_NOFILE + +/* TSS_ObjectPublic_GetSlotForHandle() finds the object public slot corresponding to the handle. + + Returns non-zero if no slot is found. +*/ + +static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPM_HANDLE handle) +{ + size_t i; + + /* search all slots for handle */ + for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { + if (tssContext->objectPublic[i].objectHandle == handle) { + *slotIndex = i; + return 0; + } + } + return TSS_RC_NO_OBJECTPUBLIC_SLOT; +} + +#endif + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); + if (rc != 0) { + if (tssVerbose) + printf("TSS_ObjectPublic_DeleteData: Error, no slot found for handle %08x\n", + handle); + } + } + if (rc == 0) { + tssContext->objectPublic[slotIndex].objectHandle = TPM_RH_NULL; + } + return rc; +} + +#endif + + +/* TSS_DeleteHandle() removes retained state stored by the TSS for a handle + */ + +static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext, + TPM_HANDLE handle) +{ + TPM_RC rc = 0; + TPM_HT handleType; +#ifndef TPM_TSS_NOFILE + char filename[TPM_DATA_DIR_PATH_LENGTH]; +#endif + + handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); +#ifndef TPM_TSS_NOFILE + /* delete the Name */ + if (rc == 0) { + sprintf(filename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); + if (tssVverbose) printf("TSS_DeleteHandle: delete Name file %s\n", filename); + rc = TSS_File_DeleteFile(filename); + } + /* delete the public if it exists */ + if (rc == 0) { + if ((handleType == TPM_HT_TRANSIENT) || + (handleType == TPM_HT_PERSISTENT)) { + sprintf(filename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); + if (tssVverbose) printf("TSS_DeleteHandle: delete public file %s\n", filename); + TSS_File_DeleteFile(filename); + } + } +#else + /* sessions persist in the context and can be deleted */ + if (rc == 0) { + switch (handleType) { + case TPM_HT_NV_INDEX: + rc = TSS_RC_NOT_IMPLEMENTED; + break; + case TPM_HT_HMAC_SESSION: + case TPM_HT_POLICY_SESSION: + if (tssVverbose) printf("TSS_DeleteHandle: delete session state %08x\n", handle); + rc = TSS_HmacSession_DeleteData(tssContext, handle); + break; + case TPM_HT_TRANSIENT: + case TPM_HT_PERSISTENT: + rc = TSS_ObjectPublic_DeleteData(tssContext, handle); + break; + } + } +#endif + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO + +/* TSS_ObjectPublic_GetName() calculates the Name from the TPMT_PUBLIC. The Name provides security, + because the Name returned from the TPM2_ReadPublic cannot be trusted. +*/ + +static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name, + TPMT_PUBLIC *tpmtPublic) +{ + TPM_RC rc = 0; + + uint16_t written = 0; + TPMT_HA digest; + uint32_t sizeInBytes = 0; + uint8_t *buffer = NULL; + + if (rc == 0) { + rc = TSS_Malloc(&buffer, MAX_RESPONSE_SIZE); /* freed @1 */ + } + /* marshal the TPMT_PUBLIC */ + if (rc == 0) { + uint32_t size = MAX_RESPONSE_SIZE; + uint8_t *buffer1 = buffer; + rc = TSS_TPMT_PUBLIC_Marshalu(tpmtPublic, &written, &buffer1, &size); + } + /* hash the public area */ + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg); + digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */ + /* generate the TPMT_HA */ + rc = TSS_Hash_Generate(&digest, + written, buffer, + 0, NULL); + } + if (rc == 0) { + TPMI_ALG_HASH nameAlgNbo; + /* copy the digest */ + memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes); + /* copy the hash algorithm */ + nameAlgNbo = htons(tpmtPublic->nameAlg); + memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH)); + /* set the size */ + name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH); + } + free(buffer); /* @1 */ + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + + +/* TSS_NVPublic_Store() stores the NV public data in a file. + + */ + +#ifndef TPM_TSS_NOFILE +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + char nvpFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); + rc = TSS_File_WriteStructure(nvPublic, + (MarshalFunction_t)TSS_TPMS_NV_PUBLIC_Marshalu, + nvpFilename); + } + return rc; +} + +#endif +#endif + +/* TSS_NVPublic_Load() loads the NV public from a file. + + */ + +#ifndef TPM_TSS_NOFILE +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + char nvpFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); + rc = TSS_File_ReadStructure(nvPublic, + (UnmarshalFunction_t)TSS_TPMS_NV_PUBLIC_Unmarshalu, + nvpFilename); + } + return rc; +} + +#endif +#endif + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + char nvpFilename[TPM_DATA_DIR_PATH_LENGTH]; + + if (rc == 0) { + sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); + rc = TSS_File_DeleteFile(nvpFilename); + } + return rc; +} + +#endif + +#ifdef TPM_TSS_NOFILE +#ifndef TPM_TSS_NOCRYPTO + +/* TSS_NVPublic_Store() stores the NV public data in a file. + + */ + +static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); + if (rc != 0) { + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); + if (rc == 0) { + tssContext->nvPublic[slotIndex].nvIndex = nvIndex; + } + else { + if (tssVerbose) + printf("TSS_NVPublic_Store: Error, no slot available for handle %08x\n", + nvIndex); + } + } + } + if (rc == 0) { + tssContext->nvPublic[slotIndex].nvPublic = *nvPublic; + } + return rc; +} + +#endif +#endif + +#ifdef TPM_TSS_NOFILE +#ifndef TPM_TSS_NOCRYPTO + +/* TSS_NVPublic_Load() loads the NV public from a file. + + */ + +static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, + TPMS_NV_PUBLIC *nvPublic, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); + if (rc != 0) { + if (tssVerbose) + printf("TSS_NVPublic_Load: Error, no slot found for handle %08x\n", + nvIndex); + } + } + if (rc == 0) { + *nvPublic = tssContext->nvPublic[slotIndex].nvPublic; + } + return rc; +} + +#endif +#endif + +#ifdef TPM_TSS_NOFILE + +static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, + TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc = 0; + size_t slotIndex; + + if (rc == 0) { + rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); + if (rc != 0) { + if (tssVerbose) + printf("TSS_NVPublic_Delete: Error, no slot found for handle %08x\n", + nvIndex); + } + } + if (rc == 0) { + tssContext->nvPublic[slotIndex].nvIndex = TPM_RH_NULL; + } + return rc; +} + +#endif + +#ifdef TPM_TSS_NOFILE + +/* TSS_NvPublic_GetSlotForHandle() finds the object public slot corresponding to the handle. + + Returns non-zero if no slot is found. +*/ + +static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, + size_t *slotIndex, + TPMI_RH_NV_INDEX nvIndex) +{ + size_t i; + + /* search all slots for handle */ + for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) { + if (tssContext->nvPublic[i].nvIndex == nvIndex) { + *slotIndex = i; + return 0; + } + } + return TSS_RC_NO_NVPUBLIC_SLOT; +} + +#endif + +/* TSS_NVPublic_GetName() calculates the Name from the TPMS_NV_PUBLIC. The Name provides security, + because the Name returned from the TPM2_NV_ReadPublic cannot be trusted. +*/ + +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_NVPublic_GetName(TPM2B_NAME *name, + TPMS_NV_PUBLIC *nvPublic) +{ + TPM_RC rc = 0; + + uint16_t written = 0; + TPMT_HA digest; + uint32_t sizeInBytes = 0; + uint8_t *buffer = NULL; + + if (rc == 0) { + rc = TSS_Malloc(&buffer, MAX_RESPONSE_SIZE); /* freed @1 */ + } + /* marshal the TPMS_NV_PUBLIC */ + if (rc == 0) { + uint32_t size = MAX_RESPONSE_SIZE; + uint8_t *buffer1 = buffer; + rc = TSS_TPMS_NV_PUBLIC_Marshalu(nvPublic, &written, &buffer1, &size); + } + /* hash the public area */ + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(nvPublic->nameAlg); + digest.hashAlg = nvPublic->nameAlg; /* Name digest algorithm */ + /* generate the TPMT_HA */ + rc = TSS_Hash_Generate(&digest, + written, buffer, + 0, NULL); + } + if (rc == 0) { + TPMI_ALG_HASH nameAlgNbo; + /* copy the digest */ + memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes); + /* copy the hash algorithm */ + nameAlgNbo = htons(nvPublic->nameAlg); + memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH)); + /* set the size */ + name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH); + } + free(buffer); /* @1 */ + return rc; +} + +#endif + +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session, + TPMS_AUTH_COMMAND *authC) +{ + TPM_RC rc = 0; + + /* generate a new nonceCaller */ + if (rc == 0) { + session->nonceCaller.b.size = session->sizeInBytes; + rc = TSS_RandBytes(session->nonceCaller.t.buffer, session->sizeInBytes); + } + /* nonceCaller for the command */ + if (rc == 0) { + rc = TSS_TPM2B_Copy(&authC->nonce.b, &session->nonceCaller.b, sizeof(TPMU_HA)); + } + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +#ifndef TPM_TSS_NOCRYPTO + +/* TSS_HmacSession_SetHmacKey() calculates the session HMAC key. + + handleNumber is index into the session area. The first sessions, the authorization sessions, + have a corresponding handle in the command handle. +*/ + +static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, /* index into the handle area */ + const char *password) +{ + TPM_RC rc = 0; + TPM_HANDLE commandHandle; /* from handle area, for bound session */ + TPM2B_NAME name; + TPM2B_AUTH authValue; + int bindMatch = FALSE; + int done = FALSE; /* done with authorization sessions */ + + /* + authHMAC = HMAC sessionAlg ((sessionKey || authValue), + (pHash || nonceNewer || nonceOlder + { || nonceTPMdecrypt } { || nonceTPMencrypt } + || sessionAttributes)) + */ + /* HMAC key is sessionKey || authValue */ + /* copy the session key to HMAC key */ + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionKey", + session->sessionKey.b.buffer, session->sessionKey.b.size); + rc = TSS_TPM2B_Copy(&session->hmacKey.b, + &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + /* copy the session key to sessionValue */ + if (rc == 0) { + rc = TSS_TPM2B_Copy(&session->sessionValue.b, + &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + if (rc == 0) { + if (tssVverbose) + TSS_PrintAll("TSS_HmacSession_SetHmacKey: preliminary sessionValue", + session->sessionValue.b.buffer, session->sessionValue.b.size); + } + /* This value is an EmptyAuth if the HMAC is being computed to authorize an action on the + object to which the session is bound. + */ + /* The first sessions are authorization sessions. They can have a bind entity. All others can + be encrypt or decrypt sessions, but the authValue is not included in the session key. + */ + if (rc == 0) { + AUTH_ROLE authRole = TSS_GetAuthRole(tssContext->tssAuthContext, handleNumber); + if (authRole == AUTH_NONE) { + if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: Done, not auth session\n"); + done = TRUE; /* not an authorization session, could be audit or + encrypt/decrypt */ + } + } + /* If not an authorization session, there is no authValue to append to the HMAC key or encrypt + sessionValue, regardless of the binding. Below is for auth sessions. */ + if (!done) { + /* First, if there was a bind handle, check if the name matches. Else bindMatch remains + FALSE. */ + if (session->bind != TPM_RH_NULL) { + /* get the handle for this session */ + if (tssVverbose) + printf("TSS_HmacSession_SetHmacKey: Processing bind handle %08x\n", session->bind); + if (rc == 0) { + rc = TSS_GetCommandHandle(tssContext->tssAuthContext, + &commandHandle, + handleNumber); + } + /* get the Name corresponding to the handle */ + if (rc == 0) { + if (tssVverbose) + printf("TSS_HmacSession_SetHmacKey: commandHandle %08x bindHandle %08x\n", + commandHandle, session->bind); + rc = TSS_Name_GetName(tssContext, &name, commandHandle); + } + /* compare the authorized object name to the bind object name */ + if (rc == 0) { + bindMatch = TSS_TPM2B_Compare(&name.b, &session->bindName.b); + if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: bind match %u\n", bindMatch); + } + } + /* Second, append password to session key for HMAC key if required */ + + /* When performing an HMAC for authorization, the HMAC key is normally the concatenation of + the entity's authValue to the sessions sessionKey (created at + TPM2_StartAuthSession(). However, if the authorization is for the entity to + which the session is bound, the authValue is not included in the HMAC key. When + a policy requires that an HMAC be computed, it is always concatenated. + */ + if ((rc == 0) && + /* append if HMAC session and not bind match */ + (((session->sessionType == TPM_SE_HMAC) && !bindMatch) || + /* append if policy and policy authvalue */ + ((session->sessionType == TPM_SE_POLICY) && session->isAuthValueNeeded)) && + (password != NULL) /* if password is NULL, nothing to append. */ + + ) { + + if (tssVverbose) + printf("TSS_HmacSession_SetHmacKey: Appending authValue to HMAC key\n"); + /* convert the password to an authvalue */ + if (rc == 0) { + rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(authValue.t.buffer)); + } + /* append the authvalue to the session key to create the hmac key */ + if (rc == 0) { + rc = TSS_TPM2B_Append(&session->hmacKey.b, &authValue.b, + sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + } + /* Third, append password to session key for sessionValue + + If a session is also being used for authorization, sessionValue (see 21.2 and 21.3) is + sessionKey || authValue. The binding of the session is ignored. If the session is not + being used for authorization, sessionValue is sessionKey. + */ + /* NOTE This step occurs even if there is a bind match. That is, the password is effectively + appended twice. */ + if (rc == 0) { + /* if not bind, sessionValue is sessionKey || authValue (same as HMAC key) */ + if (!bindMatch) { + if (tssVverbose) + printf("TSS_HmacSession_SetHmacKey: " + "No bind, appending authValue to sessionValue\n"); + /* convert the password to an authvalue */ + if (rc == 0) { + rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(authValue.t.buffer)); + } + if (rc == 0) { + rc = TSS_TPM2B_Append(&session->sessionValue.b, &authValue.b, + sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + } + /* if bind, sessionValue is sessionKey || bindAuthValue */ + else { + if (tssVverbose) + printf("TSS_HmacSession_SetHmacKey: " + "Bind, appending bind authValue to sessionValue\n"); + if (rc == 0) { + rc = TSS_TPM2B_Append(&session->sessionValue.b, &session->bindAuthValue.b, + sizeof(TPMU_HA) + sizeof(TPMT_HA)); + } + } + if (rc == 0) { + if (tssVverbose) + TSS_PrintAll("TSS_HmacSession_SetHmacKey: bindAuthValue", + session->bindAuthValue.b.buffer, session->bindAuthValue.b.size); + } + } + } + if (rc == 0) { + if (tssVverbose) + TSS_PrintAll("TSS_HmacSession_SetHmacKey: hmacKey", + session->hmacKey.b.buffer, session->hmacKey.b.size); + if (tssVverbose) + TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionValue", + session->sessionValue.b.buffer, session->sessionValue.b.size); + } + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +/* TSS_HmacSession_SetHMAC() is used for a command. It sets all the values in one + TPMS_AUTH_COMMAND, ready for marshaling into the command packet. + + - gets cpBuffer + - generates cpHash + - generates the HMAC + - copies the result into authCommand + + Unused names must have size 0. + + The HMAC key is already in the session structure. +*/ + +static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization context */ + struct TSS_HMAC_CONTEXT *session[], + TPMS_AUTH_COMMAND *authCommand[], /* output: command + authorization */ + TPMI_SH_AUTH_SESSION sessionHandle[], /* session handles in + command */ + unsigned int sessionAttributes[], /* attributes for this + command */ + const char *password[], + TPM2B_NAME *name0, /* up to 3 names */ + TPM2B_NAME *name1, /* unused names have length 0 */ + TPM2B_NAME *name2) +{ + TPM_RC rc = 0; + unsigned int i = 0; +#ifndef TPM_TSS_NOCRYPTO + TPMT_HA cpHash; + TPMT_HA hmac; + TPM2B_NONCE nonceTPMDecrypt; + TPM2B_NONCE nonceTPMEncrypt; + cpHash.hashAlg = TPM_ALG_NULL; /* for cpHash calculation optimization */ +#endif /* TPM_TSS_NOCRYPTO */ + + + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { + uint8_t sessionAttr8; + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: Step 6 session %08x\n", sessionHandle[i]); + /* password sessions were serviced in step 2. */ + if (sessionHandle[i] == TPM_RS_PW) { + continue; + } + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: sessionType %02x\n", + session[i]->sessionType); + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isPasswordNeeded %02x\n", + session[i]->isPasswordNeeded); + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isAuthValueNeeded %02x\n", + session[i]->isAuthValueNeeded); + /* sessionHandle */ + authCommand[i]->sessionHandle = session[i]->sessionHandle; + /* attributes come from command */ + sessionAttr8 = (uint8_t)sessionAttributes[i]; + authCommand[i]->sessionAttributes.val = sessionAttr8; + + /* policy session with policy password handled below, no hmac. isPasswordNeeded is never + true for an HMAC session, so don't need to test session type here. */ + if (!(session[i]->isPasswordNeeded)) { + /* HMAC session */ + if ((session[i]->sessionType == TPM_SE_HMAC) || + /* policy session with TPM2_PolicyAuthValue */ + ((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded)) || + /* salted session */ + (session[i]->hmacKey.t.size != 0) + ) { + /* needs HMAC */ +#ifndef TPM_TSS_NOCRYPTO + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: calculate HMAC\n"); + /* calculate cpHash. Performance optimization: If there is more than one session, + and the hash algorithm is the same, use the previously calculated version. */ + if ((rc == 0) && (cpHash.hashAlg != session[i]->authHashAlg)) { + uint32_t cpBufferSize; + uint8_t *cpBuffer; + TPM_CC commandCode; + TPM_CC commandCodeNbo; + + rc = TSS_GetCpBuffer(tssAuthContext, + &cpBufferSize, + &cpBuffer); + if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHMAC: cpBuffer", + cpBuffer, cpBufferSize); + cpHash.hashAlg = session[i]->authHashAlg; + + /* cpHash = hash(commandCode [ || authName1 */ + /* [ || authName2 */ + /* [ || authName3 ]]] */ + /* [ || parameters]) */ + /* A cpHash can contain just a commandCode only if the lone session is */ + /* an audit session. */ + + commandCode = TSS_GetCommandCode(tssAuthContext); + commandCodeNbo = htonl(commandCode); + rc = TSS_Hash_Generate(&cpHash, /* largest size of a digest */ + sizeof(TPM_CC), &commandCodeNbo, + name0->b.size, &name0->b.buffer, + name1->b.size, &name1->b.buffer, + name2->b.size, &name2->b.buffer, + cpBufferSize, cpBuffer, + 0, NULL); + } + if (i == 0) { + unsigned int isDecrypt = 0; /* count number of sessions with decrypt + set */ + unsigned int decryptSession = 0; /* which one is decrypt */ + unsigned int isEncrypt = 0; /* count number of sessions with decrypt + set */ + unsigned int encryptSession = 0; /* which one is decrypt */ + nonceTPMDecrypt.t.size = 0; + nonceTPMEncrypt.t.size = 0; + /* if a different session is being used for parameter decryption, then the + nonceTPM for that session is included in the HMAC of the first authorization + session */ + if (rc == 0) { + rc = TSS_Sessions_GetDecryptSession(&isDecrypt, + &decryptSession, + sessionHandle, + sessionAttributes); + } + if ((rc == 0) && isDecrypt && (decryptSession != 0)) { + rc = TSS_TPM2B_Copy(&nonceTPMDecrypt.b, + &session[decryptSession]->nonceTPM.b, sizeof(TPMU_HA)); + } + /* if a different session is being used for parameter encryption, then the + nonceTPM for that session is included in the HMAC of the first authorization + session */ + if (rc == 0) { + rc = TSS_Sessions_GetEncryptSession(&isEncrypt, + &encryptSession, + sessionHandle, + sessionAttributes); + } + /* Don't include the same nonce twice */ + if ((rc == 0) && isEncrypt && (encryptSession != 0)) { + if (!isDecrypt || (encryptSession != decryptSession)) { + rc = TSS_TPM2B_Copy(&nonceTPMEncrypt.b, + &session[encryptSession]->nonceTPM.b, + sizeof(TPMU_HA)); + } + } + } + /* for other than the first session, those nonces are not used */ + else { + nonceTPMDecrypt.t.size = 0; + nonceTPMEncrypt.t.size = 0; + } + /* */ + if (rc == 0) { + hmac.hashAlg = session[i]->authHashAlg; + rc = TSS_HMAC_Generate(&hmac, /* output hmac */ + &session[i]->hmacKey, /* input key */ + session[i]->sizeInBytes, (uint8_t *)&cpHash.digest, + /* new is nonceCaller */ + session[i]->nonceCaller.b.size, + &session[i]->nonceCaller.b.buffer, + /* old is previous nonceTPM */ + session[i]->nonceTPM.b.size, + &session[i]->nonceTPM.b.buffer, + /* nonceTPMDecrypt */ + nonceTPMDecrypt.b.size, nonceTPMDecrypt.b.buffer, + /* nonceTPMEncrypt */ + nonceTPMEncrypt.b.size, nonceTPMEncrypt.b.buffer, + /* 1 byte, no endian conversion */ + sizeof(uint8_t), &sessionAttr8, + 0, NULL); + if (tssVverbose) { + TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC key", + session[i]->hmacKey.t.buffer, session[i]->hmacKey.t.size); + TSS_PrintAll("TSS_HmacSession_SetHMAC: cpHash", + (uint8_t *)&cpHash.digest, session[i]->sizeInBytes); + TSS_PrintAll("TSS_HmacSession_Set: nonceCaller", + session[i]->nonceCaller.b.buffer, + session[i]->nonceCaller.b.size); + TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPM", + session[i]->nonceTPM.b.buffer, session[i]->nonceTPM.b.size); + TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMDecrypt", + nonceTPMDecrypt.b.buffer, nonceTPMDecrypt.b.size); + TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMEncrypt", + nonceTPMEncrypt.b.buffer, nonceTPMEncrypt.b.size); + TSS_PrintAll("TSS_HmacSession_SetHMAC: sessionAttributes", + &sessionAttr8, sizeof(uint8_t)); + TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC", + (uint8_t *)&hmac.digest, session[i]->sizeInBytes); + } + } + /* copy HMAC into authCommand TPM2B_AUTH hmac */ + if (rc == 0) { + rc = TSS_TPM2B_Create(&authCommand[i]->hmac.b, + (uint8_t *)&hmac.digest, + session[i]->sizeInBytes, + sizeof(authCommand[i]->hmac.t.buffer)); + } +#else + tssAuthContext = tssAuthContext; + name0 = name0; + name1 = name1; + name2 = name2; + if (tssVerbose) + printf("TSS_HmacSession_SetHMAC: Error, with no crypto not implemented\n"); + rc = TSS_RC_NOT_IMPLEMENTED; +#endif /* TPM_TSS_NOCRYPTO */ + } + /* not HMAC, not policy requiring password or hmac */ + else { + authCommand[i]->hmac.b.size = 0; + } + } + /* For a policy session that contains TPM2_PolicyPassword(), the password takes precedence + and must be present in hmac. */ + else { /* isPasswordNeeded true */ + if (tssVverbose) printf("TSS_HmacSession_SetHMAC: use password\n"); + /* nonce has already been set */ + rc = TSS_TPM2B_StringCopy(&authCommand[i]->hmac.b, + password[i], sizeof(authCommand[i]->hmac.t.buffer)); + } + } + return rc; +} + + +#ifndef TPM_TSS_NOCRYPTO + +/* TSS_HmacSession_Verify() is used for a response. It uses the values in TPMS_AUTH_RESPONSE to + validate the response HMAC +*/ + +static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization context */ + struct TSS_HMAC_CONTEXT *session, /* TSS session context */ + TPMS_AUTH_RESPONSE *authResponse) /* input: response authorization */ +{ + TPM_RC rc = 0; + uint32_t rpBufferSize; + uint8_t *rpBuffer; + TPMT_HA rpHash; + TPMT_HA actualHmac; + + /* get the rpBuffer */ + if (rc == 0) { + rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer); + if (tssVverbose) TSS_PrintAll("TSS_HmacSession_Verify: rpBuffer", + rpBuffer, rpBufferSize); + } + /* calculate rpHash */ + if (rc == 0) { + TPM_CC commandCode; + TPM_CC commandCodeNbo; + rpHash.hashAlg = session->authHashAlg; + + commandCode = TSS_GetCommandCode(tssAuthContext); + commandCodeNbo = htonl(commandCode); + + /* rpHash = HsessionAlg (responseCode || commandCode {|| parameters }) */ + rc = TSS_Hash_Generate(&rpHash, /* largest size of a digest */ + sizeof(TPM_RC), &rc, /* RC is always 0, no need to endian + convert */ + sizeof(TPM_CC), &commandCodeNbo, + rpBufferSize, rpBuffer, + 0, NULL); + } + /* construct the actual HMAC as TPMT_HA */ + if (rc == 0) { + actualHmac.hashAlg = session->authHashAlg; + if (authResponse->hmac.t.size != session->sizeInBytes) { + if (tssVerbose) + printf("TSS_HmacSession_Verify: HMAC size %u inconsistent with algorithm %u\n", + authResponse->hmac.t.size, session->sizeInBytes); + rc = TSS_RC_HMAC_SIZE; + } + } + if (rc == 0) { + memcpy((uint8_t *)&actualHmac.digest, &authResponse->hmac.t.buffer, + authResponse->hmac.t.size); + } + /* verify the HMAC */ + if (rc == 0) { + if (tssVverbose) { + TSS_PrintAll("TSS_HmacSession_Verify: HMAC key", + session->hmacKey.t.buffer, session->hmacKey.t.size); + TSS_PrintAll("TSS_HmacSession_Verify: rpHash", + (uint8_t *)&rpHash.digest, session->sizeInBytes); + TSS_PrintAll("TSS_HmacSession_Verify: nonceTPM", + session->nonceTPM.b.buffer, session->nonceTPM.b.size); + TSS_PrintAll("TSS_HmacSession_Verify: nonceCaller", + session->nonceCaller.b.buffer, session->nonceCaller.b.size); + TSS_PrintAll("TSS_HmacSession_Verify: sessionAttributes", + &authResponse->sessionAttributes.val, sizeof(uint8_t)); + TSS_PrintAll("TSS_HmacSession_Verify: response HMAC", + (uint8_t *)&authResponse->hmac.t.buffer, session->sizeInBytes); + } + rc = TSS_HMAC_Verify(&actualHmac, /* input response hmac */ + &session->hmacKey, /* input HMAC key */ + session->sizeInBytes, + /* rpHash */ + session->sizeInBytes, (uint8_t *)&rpHash.digest, + /* new is nonceTPM */ + session->nonceTPM.b.size, &session->nonceTPM.b.buffer, + /* old is nonceCaller */ + session->nonceCaller.b.size, &session->nonceCaller.b.buffer, + /* 1 byte, no endian conversion */ + sizeof(uint8_t), &authResponse->sessionAttributes.val, + 0, NULL); + } + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +/* TSS_HmacSession_Continue() handles the response continueSession flag. It either saves the + updated session or deletes the session state. */ + +static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + TPMS_AUTH_RESPONSE *authR) +{ + TPM_RC rc = 0; + + if (rc == 0) { + /* if continue set */ + if (authR->sessionAttributes.val & TPMA_SESSION_CONTINUESESSION) { + /* clear the policy flags in preparation for the next use */ + session->isPasswordNeeded = FALSE; + session->isAuthValueNeeded = FALSE; + /* save the session */ + rc = TSS_HmacSession_SaveSession(tssContext, session); + } + else { /* continue clear */ + /* delete the session state */ + rc = TSS_DeleteHandle(tssContext, session->sessionHandle); + } + } + return rc; +} + +/* TSS_Sessions_GetDecryptSession() searches for a command decrypt session. If found, returns + isDecrypt TRUE, and the session number in decryptSession. + +*/ + +static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt, + unsigned int *decryptSession, + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]) +{ + TPM_RC rc = 0; + unsigned int i = 0; + + /* count the number of command decrypt sessions */ + *isDecrypt = 0; /* number of sessions with decrypt set */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && + (sessionHandle[i] != TPM_RH_NULL) && + (sessionHandle[i] != TPM_RS_PW) ; + i++) { + if (sessionAttributes[i] & TPMA_SESSION_DECRYPT) { + (*isDecrypt)++; /* count number of decrypt sessions */ + *decryptSession = i; /* record which one it was */ + } + } + /* how many decrypt sessions were found */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Sessions_GetDecryptSession: Found %u decrypt sessions at %u\n", + *isDecrypt, *decryptSession); + if (*isDecrypt > 1) { + if (tssVerbose) + printf("TSS_Sessions_GetDecryptSession: Error, found %u decrypt sessions\n", + *isDecrypt); + rc = TSS_RC_DECRYPT_SESSIONS; + } + } + return rc; +} + +/* TSS_Sessions_GetEncryptSession() searches for a response encrypt session. If found, returns + isEncrypt TRUE, and the session number in encryptSession. + +*/ + +static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt, + unsigned int *encryptSession, + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]) +{ + TPM_RC rc = 0; + unsigned int i = 0; + + /* count the number of command encrypt sessions */ + *isEncrypt = 0; /* number of sessions with encrypt set */ + for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && + (sessionHandle[i] != TPM_RH_NULL) && + (sessionHandle[i] != TPM_RS_PW) ; + i++) { + if (sessionAttributes[i] & TPMA_SESSION_ENCRYPT) { + (*isEncrypt)++; /* count number of encrypt sessions */ + *encryptSession = i; /* record which one it was */ + } + } + /* how many encrypt sessions were found */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Sessions_GetEncryptSession: Found %u encrypt sessions at %u\n", + *isEncrypt, *encryptSession); + if (*isEncrypt > 1) { + if (tssVerbose) + printf("TSS_Sessions_GetEncryptSession: Error, found %u encrypt sessions\n", + *isEncrypt); + rc = TSS_RC_ENCRYPT_SESSIONS; + } + } + return rc; +} + +/* TSS_Command_Decrypt() determines whether any sessions are command decrypt sessions. If so, it + encrypts the first command parameter. + + It does common error checking, then calls algorithm specific functions. + +*/ + +static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session[], + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]) +{ + TPM_RC rc = 0; + unsigned int isDecrypt = 0; /* count number of sessions with decrypt set */ + unsigned int decryptSession = 0; /* which session is decrypt */ + + /* determine if there is a decrypt session */ + if (rc == 0) { + rc = TSS_Sessions_GetDecryptSession(&isDecrypt, + &decryptSession, + sessionHandle, + sessionAttributes); + } +#ifndef TPM_TSS_NOCRYPTO + { + COMMAND_INDEX tpmCommandIndex; /* index into TPM table */ + TPM_CC commandCode; + int decryptSize; /* size of TPM2B size, 2 if there is a TPM2B, 0 if + not */ + uint32_t paramSize; /* size of the parameter to encrypt */ + uint8_t *decryptParamBuffer; + /* can the command parameter be encrypted */ + if ((rc == 0) && isDecrypt) { + /* get the commandCode, stored in TSS during marshal */ + commandCode = TSS_GetCommandCode(tssAuthContext); + /* get the index into the TPM command attributes table */ + tpmCommandIndex = CommandCodeToCommandIndex(commandCode); + /* can this be a decrypt command (this is size of TPM2B size, not size of parameter) */ + decryptSize = getDecryptSize(tpmCommandIndex); + if (decryptSize != 2) { /* only handle TPM2B */ + printf("TSS_Command_Decrypt: Error, command cannot be encrypted\n"); + rc = TSS_RC_NO_DECRYPT_PARAMETER; + } + } + /* get the TPM2B parameter to encrypt */ + if ((rc == 0) && isDecrypt) { + rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); + } + /* if the size of the parameter to encrypt is zero, nothing to encrypt */ + if ((rc == 0) && isDecrypt) { + if (paramSize == 0) { + isDecrypt = FALSE; /* none, done with this function */ + } + } + /* error checking complete, do the encryption */ + if ((rc == 0) && isDecrypt) { + switch (session[decryptSession]->symmetric.algorithm) { + case TPM_ALG_XOR: + rc = TSS_Command_DecryptXor(tssAuthContext, session[decryptSession]); + break; + case TPM_ALG_AES: + rc = TSS_Command_DecryptAes(tssAuthContext, session[decryptSession]); + break; + default: + if (tssVerbose) printf("TSS_Command_Decrypt: Error, algorithm %04x not implemented\n", + session[decryptSession]->symmetric.algorithm); + rc = TSS_RC_BAD_DECRYPT_ALGORITHM; + break; + } + } + } +#else + tssAuthContext = tssAuthContext; + session = session; + if ((rc == 0) && isDecrypt) { + if (tssVerbose) + printf("TSS_Command_Decrypt: Error, with no crypto not implemented\n"); + rc = TSS_RC_NOT_IMPLEMENTED; + } +#endif + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO + +/* NOTE: if AES also works, do in place encryption */ + +static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session) +{ + TPM_RC rc = 0; + unsigned int i; + uint32_t paramSize; + uint8_t *decryptParamBuffer; + uint8_t *mask = NULL; + uint8_t *encryptParamBuffer = NULL; + + /* get the TPM2B parameter to encrypt */ + if (rc == 0) { + rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: decrypt in", + decryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_Malloc(&mask, paramSize); + } + if (rc == 0) { + rc = TSS_Malloc(&encryptParamBuffer, paramSize); + } + /* generate the XOR pad */ + /* 21.2 XOR Parameter Obfuscation + + XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder) + + parameter a variable sized buffer containing the parameter to be obfuscated + hashAlg the hash algorithm associated with the session + sessionValue the session-specific HMAC key + nonceNewer for commands, this will be nonceCaller and for responses it will be nonceTPM + nonceOlder for commands, this will be nonceTPM and for responses it will be nonceCaller + + 11.4.6.3 XOR Obfuscation + + XOR(data, hashAlg, key, contextU, contextV) + + mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8) + */ + /* KDFa for the XOR mask */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Command_DecryptXor: hashAlg %04x\n", session->authHashAlg); + if (tssVverbose) printf("TSS_Command_DecryptXor: sizeInBits %04x\n", paramSize * 8); + if (tssVverbose) + TSS_PrintAll("TSS_Command_DecryptXor: sessionKey", + session->sessionKey.b.buffer, session->sessionKey.b.size); + if (tssVverbose) + TSS_PrintAll("TSS_Command_DecryptXor: sessionValue", + session->sessionValue.b.buffer, session->sessionValue.b.size); + rc = TSS_KDFA(mask, + session->authHashAlg, + &session->sessionValue.b, + "XOR", + &session->nonceCaller.b, + &session->nonceTPM.b, + paramSize * 8); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: mask", + mask, paramSize); + } + /* XOR */ + for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++) { + encryptParamBuffer[i] = decryptParamBuffer[i] ^ mask[i]; + } + if (rc == 0) { + rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: encrypt out", + encryptParamBuffer, paramSize); + } + free(mask); + free(encryptParamBuffer); + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +#ifndef TPM_TSS_NOCRYPTO + +/* NOTE: if AES also works, do in place encryption */ + +static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session) +{ + TPM_RC rc = 0; + uint32_t paramSize; + uint8_t *decryptParamBuffer; + uint8_t *encryptParamBuffer = NULL; + TPM2B_IV iv; + uint32_t kdfaBits; + uint16_t keySizeinBytes; + uint8_t symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; /* AES key + IV */ + + /* get the TPM2B parameter to encrypt */ + if (rc == 0) { + rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: decrypt in", + decryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_Malloc(&encryptParamBuffer, paramSize); /* free @1 */ + } + /* generate the encryption key and IV */ + /* 21.3 CFB Mode Parameter Encryption + + KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits) (34) + + hashAlg the hash algorithm associated with the session + sessionValue the session-specific HMAC key + "CFB" label to differentiate use of KDFa() (see 4.2) + nonceNewer nonceCaller for a command and nonceTPM for a response + nonceOlder nonceTPM for a command and nonceCaller for a response + bits the number of bits required for the symmetric key plus an IV + */ + if (rc == 0) { + iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm, + session->symmetric.keyBits.aes); + /* generate random values for both the AES key and the IV */ + kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8); + + if (tssVverbose) printf("TSS_Command_DecryptAes: hashAlg %04x\n", + session->authHashAlg); + if (tssVverbose) printf("TSS_Command_DecryptAes: AES key bits %u\n", + session->symmetric.keyBits.aes); + if (tssVverbose) printf("TSS_Command_DecryptAes: kdfaBits %04x\n", + kdfaBits); + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: session key", + session->sessionKey.b.buffer, session->sessionKey.b.size); + + rc = TSS_KDFA(&symParmString[0], + session->authHashAlg, + &session->sessionValue.b, + "CFB", + &session->nonceCaller.b, + &session->nonceTPM.b, + kdfaBits); + } + /* copy the latter part of the kdf output to the IV */ + if (rc == 0) { + keySizeinBytes = session->symmetric.keyBits.aes / 8; + memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size); + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: IV", + iv.t.buffer, iv.t.size); + } + /* AES CFB encrypt the command */ + if (rc == 0) { + TPM_RC crc; + crc = TSS_AES_EncryptCFB(encryptParamBuffer, /* output */ + session->symmetric.keyBits.aes, /* 128 */ + symParmString, /* key */ + iv.t.buffer, /* IV */ + paramSize, /* length */ + (uint8_t *)decryptParamBuffer); /* input */ + if (crc != 0) { + if (tssVerbose) printf("TSS_Command_DecryptAes: AES encrypt failed\n"); + rc = TSS_RC_AES_ENCRYPT_FAILURE; + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: encrypt out", + encryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer); + } + free(encryptParamBuffer); /* @1 */ + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session[], + TPMI_SH_AUTH_SESSION sessionHandle[], + unsigned int sessionAttributes[]) +{ + TPM_RC rc = 0; + unsigned int isEncrypt = 0; /* count number of sessions with decrypt set */ + unsigned int encryptSession = 0; /* which one is decrypt */ + + /* determine if there is an encrypt session */ + if (rc == 0) { + rc = TSS_Sessions_GetEncryptSession(&isEncrypt, + &encryptSession, + sessionHandle, + sessionAttributes); + } +#ifndef TPM_TSS_NOCRYPTO + { + COMMAND_INDEX tpmCommandIndex; /* index into TPM table */ + TPM_CC commandCode; + int encryptSize; /* size of TPM2B size, 2 if there is a TPM2B, 0 if + not */ + uint32_t paramSize; /* size of the parameter to decrypt */ + uint8_t *encryptParamBuffer; + /* can the response parameter be decrypted */ + if ((rc == 0) && isEncrypt) { + /* get the commandCode, stored in TSS during marshal */ + commandCode = TSS_GetCommandCode(tssAuthContext); + /* get the index into the TPM command attributes table */ + tpmCommandIndex = CommandCodeToCommandIndex(commandCode); + /* can this be a decrypt command */ + encryptSize = getEncryptSize(tpmCommandIndex); + if (encryptSize == 0) { + if (tssVerbose) printf("TSS_Response_Encrypt: " + "Error, response cannot be encrypted\n"); + rc = TSS_RC_NO_ENCRYPT_PARAMETER; + } + } + /* get the TPM2B parameter to decrypt */ + if ((rc == 0) && isEncrypt) { + rc = TSS_GetResponseEncryptParam(tssAuthContext, ¶mSize, &encryptParamBuffer); + } + /* if the size of the parameter to decrypt is zero, nothing to decrypt */ + if ((rc == 0) && isEncrypt) { + if (paramSize == 0) { + isEncrypt = FALSE; /* none, done with this function */ + } + } + /* error checking complete, do the decryption */ + if ((rc == 0) && isEncrypt) { + switch (session[encryptSession]->symmetric.algorithm) { + case TPM_ALG_XOR: + rc = TSS_Response_EncryptXor(tssAuthContext, session[encryptSession]); + break; + case TPM_ALG_AES: + rc = TSS_Response_EncryptAes(tssAuthContext, session[encryptSession]); + break; + default: + if (tssVerbose) printf("TSS_Response_Encrypt: " + "Error, algorithm %04x not implemented\n", + session[encryptSession]->symmetric.algorithm); + rc = TSS_RC_BAD_ENCRYPT_ALGORITHM; + break; + } + } + } +#else + tssAuthContext = tssAuthContext; + session = session; + if ((rc == 0) && isEncrypt) { + if (tssVerbose) + printf("TSS_Response_Encrypt: Error, with no crypto not implemented\n"); + rc = TSS_RC_NOT_IMPLEMENTED; + } +#endif + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO + +/* NOTE: if CFB also works, do in place decryption */ + +static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session) +{ + TPM_RC rc = 0; + unsigned int i; + uint32_t paramSize; + uint8_t *encryptParamBuffer; + uint8_t *mask = NULL; + uint8_t *decryptParamBuffer = NULL; + + /* get the TPM2B parameter to decrypt */ + if (rc == 0) { + rc = TSS_GetResponseEncryptParam(tssAuthContext, + ¶mSize, &encryptParamBuffer); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: encrypt in", + encryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_Malloc(&mask, paramSize); /* freed @1 */ + } + if (rc == 0) { + rc = TSS_Malloc(&decryptParamBuffer, paramSize); /* freed @2 */ + } + /* generate the XOR pad */ + /* 21.2 XOR Parameter Obfuscation + + XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder) + + parameter a variable sized buffer containing the parameter to be obfuscated + hashAlg the hash algorithm associated with the session + sessionValue the session-specific HMAC key + nonceNewer for commands, this will be nonceCaller and for responses it will be nonceTPM + nonceOlder for commands, this will be nonceTPM and for responses it will be nonceCaller + + + 11.4.6.3 XOR Obfuscation + + XOR(data, hashAlg, key, contextU, contextV) + + mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8) + */ + /* KDFa for the XOR mask */ + if (rc == 0) { + if (tssVverbose) printf("TSS_Response_EncryptXor: hashAlg %04x\n", session->authHashAlg); + if (tssVverbose) printf("TSS_Response_EncryptXor: sizeInBits %04x\n", paramSize * 8); + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: session key", + session->sessionKey.b.buffer, session->sessionKey.b.size); + rc = TSS_KDFA(mask, + session->authHashAlg, + &session->sessionValue.b, + "XOR", + &session->nonceTPM.b, + &session->nonceCaller.b, + paramSize * 8); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: mask", + mask, paramSize); + } + /* XOR */ + for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++) { + decryptParamBuffer[i] = encryptParamBuffer[i] ^ mask[i]; + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: decrypt out", + decryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_SetResponseDecryptParam(tssAuthContext, + paramSize, decryptParamBuffer); + } + free(mask); /* @1 */ + free(decryptParamBuffer); /* @2 */ + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +#ifndef TPM_TSS_NOCRYPTO + +/* NOTE: if CFB also works, do in place decryption */ + +static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext, + struct TSS_HMAC_CONTEXT *session) +{ + TPM_RC rc = 0; + uint32_t paramSize; + uint8_t *encryptParamBuffer; + uint8_t *decryptParamBuffer = NULL; + TPM2B_IV iv; + uint32_t kdfaBits; + uint16_t keySizeinBytes; + uint8_t symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; /* AES key + IV */ + + /* get the TPM2B parameter to decrypt */ + if (rc == 0) { + rc = TSS_GetResponseEncryptParam(tssAuthContext, + ¶mSize, &encryptParamBuffer); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: encrypt in", + encryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_Malloc(&decryptParamBuffer, paramSize); /* freed @1 */ + } + /* generate the encryption key and IV */ + /* 21.3 CFB Mode Parameter Encryption + + KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits) (34) + */ + if (rc == 0) { + + iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm, + session->symmetric.keyBits.aes); + /* generate random values for both the AES key and the IV */ + kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8); + + if (tssVverbose) printf("TSS_Response_EncryptAes: hashAlg %04x\n", + session->authHashAlg); + if (tssVverbose) printf("TSS_Response_EncryptAes: AES key bits %u\n", + session->symmetric.keyBits.aes); + if (tssVverbose) printf("TSS_Response_EncryptAes: kdfaBits %04x\n", + kdfaBits); + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: session key", + session->sessionKey.b.buffer, session->sessionKey.b.size); + + rc = TSS_KDFA(&symParmString[0], + session->authHashAlg, + &session->sessionValue.b, + "CFB", + &session->nonceTPM.b, + &session->nonceCaller.b, + kdfaBits); + } + /* copy the latter part of the kdf output to the IV */ + if (rc == 0) { + keySizeinBytes = session->symmetric.keyBits.aes / 8; + memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size); + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: IV", + iv.t.buffer, iv.t.size); + } + /* AES CFB decrypt the response */ + if (rc == 0) { + TPM_RC crc; + crc = TSS_AES_DecryptCFB(decryptParamBuffer, /* output */ + session->symmetric.keyBits.aes, /* 128 */ + symParmString, /* key */ + iv.t.buffer, /* IV */ + paramSize, /* length */ + (uint8_t *)encryptParamBuffer); /* input */ + if (crc != 0) { + if (tssVerbose) printf("TSS_Response_EncryptAes: AES decrypt failed\n"); + rc = TSS_RC_AES_DECRYPT_FAILURE; + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: decrypt out", + decryptParamBuffer, paramSize); + } + if (rc == 0) { + rc = TSS_SetResponseDecryptParam(tssAuthContext, + paramSize, decryptParamBuffer); + } + free(decryptParamBuffer); /* @1 */ + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +/* + Command Change Authorization Processor +*/ + +#ifndef TPM_TSS_NOCRYPTO + +static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + COMMAND_PARAMETERS *in) +{ + TPM_RC rc = 0; + size_t index; + int found; + TSS_ChangeAuthFunction_t changeAuthFunction = NULL; + + TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext); + + /* search the table for a change authorization processing function */ + if (rc == 0) { + found = FALSE; + for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { + if (tssTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no change authorization function. This permits the table to be + smaller if desired. */ + if ((rc == 0) && found) { + changeAuthFunction = tssTable[index].changeAuthFunction; + /* there could also be an entry that is currently NULL, nothing to do */ + if (changeAuthFunction == NULL) { + found = FALSE; + } + } + /* call the processing function */ + if ((rc == 0) && found) { + rc = changeAuthFunction(tssContext, session, handleNumber, in); + } + return rc; +} + +#endif /* TPM_TSS_NOCRYPTO */ + +static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + HierarchyChangeAuth_In *in) +{ + TPM_RC rc = 0; + char *password = NULL; + + if (tssVverbose) printf("TSS_CA_HierarchyChangeAuth\n"); + if (in->newAuth.t.size == 0) { + password = NULL; + } + else { + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)&password, /* freed @1 */ + in->newAuth.t.size + 1); + } + if (rc == 0) { + /* copy the password */ + memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size); + password[in->newAuth.t.size] = '\0'; /* nul terminate string */ + } + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_HmacSession_SetHmacKey(tssContext, + session, + handleNumber, + password); + } +#else + tssContext = tssContext; + session = session; + handleNumber = handleNumber; +#endif /* TPM_TSS_NOCRYPTO */ + free(password); /* @1 */ + return rc; +} + +static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + NV_ChangeAuth_In *in) +{ + TPM_RC rc = 0; + char *password = NULL; + + if (tssVverbose) printf("TSS_CA_NV_ChangeAuth\n"); + if (in->newAuth.t.size == 0) { + password = NULL; + } + else { + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)&password, /* freed @1 */ + in->newAuth.t.size + 1); + } + if (rc == 0) { + /* copy the password */ + memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size); + password[in->newAuth.t.size] = '\0'; /* nul terminate string */ + } + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_HmacSession_SetHmacKey(tssContext, + session, + handleNumber, + password); + } +#else + tssContext = tssContext; + session = session; + handleNumber = handleNumber; +#endif /* TPM_TSS_NOCRYPTO */ + free(password); /* @1 */ + return rc; +} + +static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, + struct TSS_HMAC_CONTEXT *session, + size_t handleNumber, + NV_UndefineSpaceSpecial_In *in) +{ + TPM_RC rc = 0; + + in = in; + if (tssVverbose) printf("TSS_CA_NV_UndefineSpaceSpecial\n"); +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + /* the nvIndex authorization, the zeroth authorization, has special handling */ + if (handleNumber == 0) { + /* the Empty Buffer is used as the authValue when generating the response HMAC */ + rc = TSS_HmacSession_SetHmacKey(tssContext, + session, + handleNumber, + NULL); /* password */ + } + } +#else + tssContext = tssContext; + session = session; + handleNumber = handleNumber; +#endif /* TPM_TSS_NOCRYPTO */ + return rc; +} + +/* + Command Pre-Processor +*/ + +static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, + TPM_CC commandCode, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra) +{ + TPM_RC rc = 0; + size_t index; + int found; + TSS_PreProcessFunction_t preProcessFunction = NULL; + + /* search the table for a pre-processing function */ + if (rc == 0) { + found = FALSE; + for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { + if (tssTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no pre-processing function. This permits the table to be smaller + if desired. */ + if ((rc == 0) && found) { + preProcessFunction = tssTable[index].preProcessFunction; + /* call the pre processing function if there is one */ + if (preProcessFunction != NULL) { + rc = preProcessFunction(tssContext, in, extra); + } + } +#ifndef TPM_TSS_NO_PRINT + if ((rc == 0) && tssVverbose) { + found = FALSE; + for (index = 0 ; + (index < (sizeof(tssPrintTable) / sizeof(TSS_PRINT_TABLE))) && !found ; + index++) { + if (tssPrintTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no print function. This permits the table to be smaller + if desired. */ + if ((rc == 0) && tssVverbose && found) { + TSS_InPrintFunction_t inPrintFunction = tssPrintTable[index].inPrintFunction; + /* call the pre processing function if there is one */ + if (inPrintFunction != NULL) { + printf("TSS_Command_PreProcessor: Input parameters\n"); + inPrintFunction(in, 8); /* hard code indent 8 */ + } + } +#endif /* TPM_TSS_NO_PRINT */ + return rc; +} + +/* + Command specific pre processing functions +*/ + +/* TSS_PR_StartAuthSession handles StartAuthSession pre processing. + + If the salt key in->tpmKey is not NULL and an RSA key, the preprocessor supplies the encrypted + salt. It passes the unencrypted salt to the post processor for session key processing. + + An input salt (encrypted or unencrypted) is ignored. + + Returns an error if the key is not an RSA key. +*/ + +static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext, + StartAuthSession_In *in, + StartAuthSession_Extra *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PR_StartAuthSession\n"); + + /* if (tssVverbose) StartAuthSession_In_Print(in, 8); */ + +#ifndef TPM_TSS_NOCRYPTO + /* generate nonceCaller */ + if (rc == 0) { + /* the size is determined by the session hash algorithm */ + in->nonceCaller.t.size = TSS_GetDigestSize(in->authHash); + if (in->nonceCaller.t.size == 0) { + if (tssVerbose) printf("TSS_PR_StartAuthSession: hash algorithm %04x not implemented\n", + in->authHash); + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + if (rc == 0) { + rc = TSS_RandBytes((unsigned char *)&in->nonceCaller.t.buffer, in->nonceCaller.t.size); + } +#else + in->nonceCaller.t.size = 16; + memset(&in->nonceCaller.t.buffer, 0, 16); +#endif /* TPM_TSS_NOCRYPTO */ + /* initialize to handle unsalted session */ + in->encryptedSalt.t.size = 0; + if (extra != NULL) { /* extra NULL is handled at the port processor */ + extra->salt.t.size = 0; + } + /* if the caller requests a salted session */ + if (in->tpmKey != TPM_RH_NULL) { +#ifndef TPM_TSS_NOCRYPTO + TPM2B_PUBLIC bPublic; + + if (rc == 0) { + if (extra == NULL) { + if (tssVerbose) + printf("TSS_PR_StartAuthSession: salt session requires extra parameter\n"); + rc = TSS_RC_NULL_PARAMETER; + } + } + /* get the tpmKey public key */ + if (rc == 0) { + rc = TSS_Public_Load(tssContext, &bPublic, in->tpmKey, NULL); + } + /* generate the salt and encrypted salt based on the asymmetric key type */ + if (rc == 0) { + switch (bPublic.publicArea.type) { +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + rc = TSS_ECC_Salt(&extra->salt, + &in->encryptedSalt, + &bPublic.publicArea); + break; +#endif /* TPM_TSS_NOECC */ +#ifndef TPM_TSS_NORSA + case TPM_ALG_RSA: + rc = TSS_RSA_Salt(&extra->salt, + &in->encryptedSalt, + &bPublic.publicArea); + break; +#endif /* TPM_TSS_NORSA */ + default: + if (tssVerbose) + printf("TSS_PR_StartAuthSession: public key type %04x not supported\n", + bPublic.publicArea.type); + rc = TSS_RC_BAD_SALT_KEY; + } + } +#else + tssContext = tssContext; + rc = TSS_RC_NOT_IMPLEMENTED; +#endif /* TPM_TSS_NOCRYPTO */ + } + return rc; +} + +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NORSA + +/* TSS_RSA_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic. */ + +static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST *salt, + TPM2B_ENCRYPTED_SECRET *encryptedSalt, + TPMT_PUBLIC *publicArea) +{ + TPM_RC rc = 0; + + if (rc == 0) { + { + /* error conditions when true */ + int b1 = publicArea->type != TPM_ALG_RSA; + int b2 = publicArea->objectAttributes.val & TPMA_OBJECT_SIGN; + int b3 = !(publicArea->objectAttributes.val & TPMA_OBJECT_DECRYPT); + int b4 = (publicArea->parameters.rsaDetail.exponent != 0) && + /* some HW TPMs return 010001 for the RSA EK with the default IWG template */ + (publicArea->parameters.rsaDetail.exponent != RSA_DEFAULT_PUBLIC_EXPONENT); + /* TSS support checks */ + if (b1 || b2 || b3 || b4) { + if (tssVerbose) + printf("TSS_RSA_Salt: public key attributes not supported\n"); + rc = TSS_RC_BAD_SALT_KEY; + } + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: public key", + publicArea->unique.rsa.t.buffer, + publicArea->unique.rsa.t.size); + } + /* generate a salt */ + if (rc == 0) { + /* The size of the secret value is limited to the size of the digest produced by the + nameAlg of the object that is associated with the public key used for OAEP + encryption. */ + salt->t.size = TSS_GetDigestSize(publicArea->nameAlg); + if (tssVverbose) printf("TSS_RSA_Salt: " + "Hash algorithm %04x Salt size %u\n", + publicArea->nameAlg, salt->t.size); + /* place the salt in extra so that it can be retrieved by post processor */ + rc = TSS_RandBytes((uint8_t *)&salt->t.buffer, salt->t.size); + } + /* In TPM2_StartAuthSession(), when tpmKey is an RSA key, the secret value (salt) is + encrypted using OAEP as described in B.4. The string "SECRET" (see 4.5) is used as + the L value and the nameAlg of the encrypting key is used for the hash algorithm. The + data value in OAEP-encrypted blob (salt) is used to compute sessionKey. */ + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: salt", + (uint8_t *)&salt->t.buffer, + salt->t.size); + } + /* encrypt the salt */ + if (rc == 0) { + /* public exponent */ + unsigned char earr[3] = {0x01, 0x00, 0x01}; + /* encrypt the salt with the tpmKey public key */ + rc = TSS_RSAPublicEncrypt((uint8_t *)&encryptedSalt->t.secret, /* encrypted data */ + publicArea->unique.rsa.t.size, /* size of encrypted data buffer */ + (uint8_t *)&salt->t.buffer, /* decrypted data */ + salt->t.size, + publicArea->unique.rsa.t.buffer, /* public modulus */ + publicArea->unique.rsa.t.size, + earr, /* public exponent */ + sizeof(earr), + (unsigned char *)"SECRET", /* encoding parameter */ + sizeof("SECRET"), + publicArea->nameAlg); + } + if (rc == 0) { + encryptedSalt->t.size = publicArea->unique.rsa.t.size; + if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: RSA encrypted salt", + encryptedSalt->t.secret, + encryptedSalt->t.size); + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ +#endif /* TPM_TSS_NOCRYPTO */ + +static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *extra) +{ + TPM_RC rc = 0; + tssContext = tssContext; + extra = extra; + + if (tssVverbose) printf("TSS_PR_NV_DefineSpace\n"); + /* Test that TPMA_NVA_POLICY_DELETE is only set when a policy is also set. Otherwise, the index + cannot ever be deleted, even with Platform Authorization. If the application really wants to + do this, set the policy to one that cannot be satisfied, e.g., all 0xff's. */ + if (rc == 0) { + if (in->publicInfo.nvPublic.attributes.val & TPMA_NVA_POLICY_DELETE) { + if (in->publicInfo.nvPublic.authPolicy.b.size == 0) { + if (tssVverbose) printf("TSS_PR_NV_DefineSpace POLICY_DELETE requires a policy\n"); + rc = TSS_RC_IN_PARAMETER; + } + } + } + return rc; +} + +/* + Response Post Processor +*/ + +/* TSS_Response_PostProcessor() handles any response specific post processing + */ + +static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, + COMMAND_PARAMETERS *in, + RESPONSE_PARAMETERS *out, + EXTRA_PARAMETERS *extra) +{ + TPM_RC rc = 0; + size_t index; + int found; + TSS_PostProcessFunction_t postProcessFunction = NULL; + + /* search the table for a post processing function */ + if (rc == 0) { + TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext); + found = FALSE; + for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { + if (tssTable[index].commandCode == commandCode) { + found = TRUE; + break; /* don't increment index if found */ + } + } + } + /* found false means there is no post processing function. This permits the table to be smaller + if desired. */ + if ((rc == 0) && found) { + postProcessFunction = tssTable[index].postProcessFunction; + /* there could also be an entry that it currently NULL, nothing to do */ + if (postProcessFunction == NULL) { + found = FALSE; + } + } + /* call the function */ + if ((rc == 0) && found) { + rc = postProcessFunction(tssContext, in, out, extra); + } + return rc; +} + +/* + Command specific post processing functions +*/ + +/* TSS_PO_StartAuthSession handles StartAuthSession post processing. It: + + creates a TSS HMAC session + + saves the session handle, hash algorithm, and symmetric algorithm, nonceCaller and nonceTPM + + It calculates the session key and saves it + + Finally, it marshals the session and stores it +*/ + +static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext, + StartAuthSession_In *in, + StartAuthSession_Out *out, + StartAuthSession_Extra *extra) +{ + TPM_RC rc = 0; + struct TSS_HMAC_CONTEXT *session = NULL; + TPM2B_DIGEST salt; + + if (tssVverbose) printf("TSS_PO_StartAuthSession\n"); + /* allocate a TSS_HMAC_CONTEXT session context */ + if (rc == 0) { + rc = TSS_HmacSession_GetContext(&session); + } + if (rc == 0) { + session->sessionHandle = out->sessionHandle; + session->authHashAlg = in->authHash; +#ifndef TPM_TSS_NOCRYPTO + session->sizeInBytes = TSS_GetDigestSize(session->authHashAlg); +#endif + session->symmetric = in->symmetric; + session->sessionType = in->sessionType; + } + /* if not a bind session or if no bind password was supplied */ + if (rc == 0) { + if ((extra == NULL) || (in->bind == TPM_RH_NULL) || (extra->bindPassword == NULL)) { + session->bindAuthValue.b.size = 0; + } + else { + rc = TSS_TPM2B_StringCopy(&session->bindAuthValue.b, + extra->bindPassword, sizeof(session->bindAuthValue.t.buffer)); + } + } + if (rc == 0) { + /* if the caller did not supply extra, the salt must be empty */ + if (extra == NULL) { + salt.b.size = 0; + } + /* if the caller supplied extra, the preprocessor sets salt to empty (unsalted) or the + plaintext salt value */ + else { + rc = TSS_TPM2B_Copy(&salt.b, &extra->salt.b, sizeof(TPMT_HA)); + } + } +#ifndef TPM_TSS_NOCRYPTO + if (rc == 0) { + rc = TSS_TPM2B_Copy(&session->nonceTPM.b, &out->nonceTPM.b, sizeof(TPMT_HA)); + } + if (rc == 0) { + rc = TSS_TPM2B_Copy(&session->nonceCaller.b, &in->nonceCaller.b, sizeof(TPMT_HA)); + } + if (rc == 0) { + rc = TSS_HmacSession_SetSessionKey(tssContext, session, + &salt, + in->bind, &session->bindAuthValue); + } +#endif /* TPM_TSS_NOCRYPTO */ + if (rc == 0) { + rc = TSS_HmacSession_SaveSession(tssContext, session); + } + TSS_HmacSession_FreeContext(session); + return rc; +} + +/* TSS_PO_ContextSave() saves the name of an object in a filename that is a hash of the contextBlob. + + This permits the name to be found during ContextLoad. +*/ + +static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext, + ContextSave_In *in, + ContextSave_Out *out, + void *extra) +{ + TPM_RC rc = 0; +#ifndef TPM_TSS_NOFILE + TPMT_HA cpHash; /* largest size of a digest */ + char string[65]; /* sha256 hash * 2 + 1 */ + TPM_HT handleType; + int done = FALSE; +#endif + + in = in; + extra = extra; + +#ifndef TPM_TSS_NOFILE + if (tssVverbose) printf("TSS_PO_ContextSave: handle %08x\n", in->saveHandle); + /* only for objects and sequence objects, not sessions */ + if (rc == 0) { + handleType = (TPM_HT) ((in->saveHandle & HR_RANGE_MASK) >> HR_SHIFT); + if (handleType != TPM_HT_TRANSIENT) { + done = TRUE; + } + } + if ((rc == 0) && !done) { + cpHash.hashAlg = TPM_ALG_SHA256; /* arbitrary choice */ + rc = TSS_Hash_Generate(&cpHash, + out->context.contextBlob.b.size, out->context.contextBlob.b.buffer, + 0, NULL); + } + /* convert a hash of the context blob to a string */ + if ((rc == 0) && !done) { + rc = TSS_HashToString(string, cpHash.digest.sha256); + } + if ((rc == 0) && !done) { + rc = TSS_Name_Copy(tssContext, + 0, string, /* to context */ + in->saveHandle, NULL); /* from handle */ + } + /* get the public key of the object being context saved */ + /* save the public key under the context */ + if ((rc == 0) && !done) { + rc = TSS_Public_Copy(tssContext, + 0, + string, + in->saveHandle, + NULL); + } +#else + tssContext = tssContext; + out = out; +#endif + return rc; +} + +static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext, + ContextLoad_In *in, + ContextLoad_Out *out, + void *extra) +{ + TPM_RC rc = 0; +#ifndef TPM_TSS_NOFILE + TPMT_HA cpHash; /* largest size of a digest */ + char string[65]; /* sha256 hash * 2 + 1 */ + TPM_HT handleType; + int done = FALSE; +#endif + + out = out; + extra = extra; + +#ifndef TPM_TSS_NOFILE + if (tssVverbose) printf("TSS_PO_ContextLoad: handle %08x\n", out->loadedHandle); + /* only for objects and sequence objects, not sessions */ + if (rc == 0) { + handleType = (TPM_HT) ((out->loadedHandle & HR_RANGE_MASK) >> HR_SHIFT); + if (handleType != TPM_HT_TRANSIENT) { + done = TRUE; + } + } + if ((rc == 0) && !done) { + cpHash.hashAlg = TPM_ALG_SHA256; /* arbitrary choice */ + rc = TSS_Hash_Generate(&cpHash, + in->context.contextBlob.b.size, in->context.contextBlob.b.buffer, + 0, NULL); + } + /* convert a hash of the context blob to a string */ + if ((rc == 0) && !done) { + rc = TSS_HashToString(string, cpHash.digest.sha256); + } + /* get the Name of the object being context loaded */ + /* write the name with the loaded context's handle */ + if ((rc == 0) && !done) { + rc = TSS_Name_Copy(tssContext, + out->loadedHandle, NULL, /* to handle */ + 0, string); /* from context */ + } + /* get the public key of the object being context loaded */ + /* write the public key with the loaded context's handle */ + if ((rc == 0) && !done) { + rc = TSS_Public_Copy(tssContext, + out->loadedHandle, + NULL, + 0, + string); + } +#else + tssContext = tssContext; + in = in; +#endif + return rc; +} + +/* TSS_HashToString() converts a SHA-256 binary hash (really any 32-byte value) to a string + + string must be 65 bytes: 32*2 + 1 + + NOTE: Hard coded to SHA256 +*/ + +#ifndef TPM_TSS_NOFILE + +static TPM_RC TSS_HashToString(char *str, uint8_t *digest) +{ + size_t i; + + for (i = 0 ; i < SHA256_DIGEST_SIZE ; i++) { + sprintf(str +(i*2), "%02x", digest[i]); + } + if (tssVverbose) printf("TSS_HashToString: %s\n", str); + return 0; +} + +#endif + +/* TSS_PO_FlushContext() removes persistent state associated with the handle */ + +static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext, + FlushContext_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_FlushContext: flushHandle %08x\n", in->flushHandle); + if (rc == 0) { + rc = TSS_DeleteHandle(tssContext, in->flushHandle); + } + return rc; +} + +/* TSS_PO_EvictControl() removes persistent state associated with the handle */ + +static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext, + EvictControl_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + out = out; + extra = extra; + + if (tssVverbose) printf("TSS_PO_EvictControl: object %08x persistent %08x\n", + in->objectHandle, in->persistentHandle); + /* if it successfully made a persistent copy */ + if (in->objectHandle != in->persistentHandle) { + /* TPM2B_PUBLIC bPublic; */ + if (rc == 0) { + rc = TSS_Name_Copy(tssContext, + in->persistentHandle, NULL, /* to persistent handle */ + in->objectHandle, NULL); /* from transient handle */ + } + /* get the transient object public key */ + /* copy it to the persistent object public key */ + if (rc == 0) { + rc = TSS_Public_Copy(tssContext, + in->persistentHandle, + NULL, + in->objectHandle, + NULL); + } + } + /* if it successfully evicted the persistent object */ + else { + if (rc == 0) { + rc = TSS_DeleteHandle(tssContext, in->persistentHandle); + } + } + return rc; +} + +/* TSS_PO_Load() saves the Name returned for the loaded object. It saves the TPM2B_PUBLIC */ + +static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext, + Load_In *in, + Load_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PO_Load: handle %08x\n", out->objectHandle); + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL); + } + return rc; +} + +/* TSS_PO_LoadExternal() saves the Name returned for the loaded object */ + +static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext, + LoadExternal_In *in, + LoadExternal_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PO_LoadExternal: handle %08x\n", out->objectHandle); + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL); + } + return rc; +} + +/* TSS_PO_ReadPublic() saves the Name returned for the loaded object */ + +static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext, + ReadPublic_In *in, + ReadPublic_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PO_ReadPublic: handle %08x\n", in->objectHandle); + /* if the TSS is compiled without crypto support, it cannot recalculate the Name from the public + area. It has to trust the response from the TPM. This should be OK since a 'no crypto' TSS + is used when there is a tructed path to the TPM. */ +#ifndef TPM_TSS_NOCRYPTO + /* validate the Name against the public area */ + /* Name = nameAlg || HnameAlg (handle->publicArea) + where + nameAlg algorithm used to compute Name + HnameAlg hash using the nameAlg parameter in the object associated with handle + publicArea contents of the TPMT_PUBLIC associated with handle + */ + { + TPM2B_NAME name; + if (rc == 0) { + rc = TSS_ObjectPublic_GetName(&name, &out->outPublic.publicArea); + } + if (rc == 0) { + if (name.t.size != out->name.t.size) { + if (tssVerbose) + printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n"); + rc = TSS_RC_MALFORMED_PUBLIC; + } + else { + int irc; + irc = memcmp(name.t.name, out->name.t.name, out->name.t.size); + if (irc != 0) { + if (tssVerbose) + printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n"); + rc = TSS_RC_MALFORMED_PUBLIC; + } + } + } + } +#endif + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->name, in->objectHandle, NULL); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &out->outPublic, in->objectHandle, NULL); + } + return rc; +} + +/* TSS_PO_Load() saves the Name returned for the loaded object. It saves the TPM2B_PUBLIC */ + +static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext, + CreateLoaded_In *in, + CreateLoaded_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PO_CreateLoaded: handle %08x\n", out->objectHandle); + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL); + } + return rc; +} + +/* TSS_PO_HashSequenceStart() saves the Name returned for the started sequence object */ + +static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext, + HashSequenceStart_In *in, + HashSequenceStart_Out *out, + void *extra) +{ + TPM_RC rc = 0; + TPM2B_NAME name; + + in = in; + extra = extra; + + if (tssVverbose) printf("TSS_PO_HashSequenceStart\n"); + /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */ + if (rc == 0) { + name.b.size = 0; + /* use handle as file name */ + rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL); + } + return rc; +} + + +/* TSS_PO_HMAC_Start() saves the Name returned for the started sequence object */ + +static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext, + HMAC_Start_In *in, + HMAC_Start_Out *out, + void *extra) +{ + TPM_RC rc = 0; + TPM2B_NAME name; + + in = in; + extra = extra; + + if (tssVverbose) printf("TSS_PO_HMAC_Start\n"); + /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */ + if (rc == 0) { + name.b.size = 0; + /* use handle as file name */ + rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL); + } + return rc; +} + +static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext, + SequenceComplete_In *in, + SequenceComplete_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + out = out; + extra = extra; + + if (tssVverbose) printf("TSS_PO_SequenceComplete: sequenceHandle %08x\n", in->sequenceHandle); + if (rc == 0) { + rc = TSS_DeleteHandle(tssContext, in->sequenceHandle); + } + return rc; +} +static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext, + EventSequenceComplete_In *in, + EventSequenceComplete_Out *out, + void *extra) +{ + TPM_RC rc = 0; + out = out; + extra = extra; + if (tssVverbose) + printf("TSS_PO_EventSequenceComplete: sequenceHandle %08x\n", in->sequenceHandle); + if (rc == 0) { + rc = TSS_DeleteHandle(tssContext, in->sequenceHandle); + } + return rc; +} + +static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext, + PolicyAuthValue_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + struct TSS_HMAC_CONTEXT *session = NULL; + + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_PolicyAuthValue\n"); + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&session, sizeof(TSS_HMAC_CONTEXT)); /* freed @1 */ + } + if (rc == 0) { + rc = TSS_HmacSession_LoadSession(tssContext, session, in->policySession); + } + if (rc == 0) { + session->isPasswordNeeded = FALSE; + session->isAuthValueNeeded = TRUE; + rc = TSS_HmacSession_SaveSession(tssContext, session); + } + free(session); /* @1 */ + return rc; +} + +static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext, + PolicyPassword_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + struct TSS_HMAC_CONTEXT *session = NULL; + + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_PolicyPassword\n"); + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&session, sizeof(TSS_HMAC_CONTEXT)); /* freed @1 */ + } + if (rc == 0) { + rc = TSS_HmacSession_LoadSession(tssContext, session, in->policySession); + } + if (rc == 0) { + session->isPasswordNeeded = TRUE; + session->isAuthValueNeeded = FALSE; + rc = TSS_HmacSession_SaveSession(tssContext, session); + } + free(session); /* @1 */ + return rc; +} + +static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext, + CreatePrimary_In *in, + CreatePrimary_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + in = in; + extra = extra; + if (tssVverbose) printf("TSS_PO_CreatePrimary: handle %08x\n", out->objectHandle); + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); + } + if (rc == 0) { + rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL); + } + return rc; +} + +static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext, + NV_DefineSpace_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PO_NV_DefineSpace\n"); +#ifndef TPM_TSS_NOCRYPTO + { + TPM2B_NAME name; + /* calculate the Name from the input public area */ + /* Name = nameAlg || HnameAlg (handle->nvPublicArea) + where + nameAlg algorithm used to compute Name + HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle + nvPublicArea contents of the TPMS_NV_PUBLIC associated with handle + */ + /* calculate the Name from the input TPMS_NV_PUBLIC */ + if (rc == 0) { + rc = TSS_NVPublic_GetName(&name, &in->publicInfo.nvPublic); + } + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &name, in->publicInfo.nvPublic.nvIndex, NULL); + } + if (rc == 0) { + rc = TSS_NVPublic_Store(tssContext, &in->publicInfo.nvPublic, + in->publicInfo.nvPublic.nvIndex); + } + } +#else + tssContext = tssContext; + in = in; +#endif + out = out; + extra = extra; + return rc; +} + + +static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext, + NV_ReadPublic_In *in, + NV_ReadPublic_Out *out, + void *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PO_NV_ReadPublic\n"); + + /* validate the Name against the public area */ + /* Name = nameAlg || HnameAlg (handle->nvPublicArea) + where + nameAlg algorithm used to compute Name + HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle + nvPublicArea contents of the TPMS_NV_PUBLIC associated with handle + */ +#ifndef TPM_TSS_NOCRYPTO + { + TPM2B_NAME name; + /* calculate the Name from the TPMS_NV_PUBLIC */ + if (rc == 0) { + rc = TSS_NVPublic_GetName(&name, &out->nvPublic.nvPublic); + } + if (rc == 0) { + if (name.t.size != out->nvName.t.size) { + if (tssVerbose) + printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n"); + rc = TSS_RC_MALFORMED_NV_PUBLIC; + } + else { + int irc; + irc = memcmp(name.t.name, out->nvName.t.name, out->nvName.t.size); + if (irc != 0) { + if (tssVerbose) + printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n"); + rc = TSS_RC_MALFORMED_NV_PUBLIC; + } + } + } + /* use handle as file name */ + if (rc == 0) { + rc = TSS_Name_Store(tssContext, &out->nvName, in->nvIndex, NULL); + } + if (rc == 0) { + rc = TSS_NVPublic_Store(tssContext, &out->nvPublic.nvPublic, in->nvIndex); + } + } +#else + tssContext = tssContext; + in = in; + out = out; +#endif + extra = extra; + return rc; +} + +static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext, + NV_UndefineSpace_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_NV_UndefineSpace\n"); +#ifndef TPM_TSS_NOCRYPTO + /* Don't check return code. */ + TSS_DeleteHandle(tssContext, in->nvIndex); + TSS_NVPublic_Delete(tssContext, in->nvIndex); +#else + tssContext = tssContext; + in = in; +#endif + return rc; +} + +static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, + NV_UndefineSpaceSpecial_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + out = out; + extra = extra; + if (tssVverbose) printf("TSS_PO_NV_UndefineSpaceSpecial\n"); + /* Don't check return code. The name will only exist if NV_ReadPublic has been issued */ + TSS_DeleteHandle(tssContext, in->nvIndex); + TSS_NVPublic_Delete(tssContext, in->nvIndex); + return rc; +} + +/* TSS_PO_NV_Write() handles the Name and NVPublic update for the 4 NV write commands: write, + increment, extend, and setbits */ + +static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext, + NV_Write_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PO_NV_Write, Increment, Extend, SetBits:\n"); + +#ifndef TPM_TSS_NOCRYPTO + { + TPMS_NV_PUBLIC nvPublic; + TPM2B_NAME name; /* new name */ + + if (rc == 0) { + rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); + } + /* if the previous store had written clear */ + if (!(nvPublic.attributes.val & TPMA_NVA_WRITTEN)) { + if (rc == 0) { + /* set the written bit */ + nvPublic.attributes.val |= TPMA_NVA_WRITTEN; + /* save the TPMS_NV_PUBLIC */ + rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); + } + /* calculate the name */ + if (rc == 0) { + rc = TSS_NVPublic_GetName(&name, &nvPublic); + } + /* save the name */ + if (rc == 0) { + /* use handle as file name */ + rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); + } + /* if there is a failure. delete the name and NVPublic */ + if (rc != 0) { + TSS_DeleteHandle(tssContext, in->nvIndex); + TSS_NVPublic_Delete(tssContext, in->nvIndex); + } + } + } +#else + tssContext = tssContext; + in = in; +#endif + out = out; + extra = extra; + return rc; +} + +/* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the write lock command */ + +static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext, + NV_WriteLock_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PO_NV_WriteLock:\n"); + +#ifndef TPM_TSS_NOCRYPTO + { + TPMS_NV_PUBLIC nvPublic; + TPM2B_NAME name; /* new name */ + + if (rc == 0) { + rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); + } + /* if the previous store had write lock clear */ + if (!(nvPublic.attributes.val & TPMA_NVA_WRITELOCKED)) { + if (rc == 0) { + /* set the write lock bit */ + nvPublic.attributes.val |= TPMA_NVA_WRITELOCKED; + /* save the TPMS_NV_PUBLIC */ + rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); + } + /* calculate the name */ + if (rc == 0) { + rc = TSS_NVPublic_GetName(&name, &nvPublic); + } + /* save the name */ + if (rc == 0) { + /* use handle as file name */ + rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); + } + /* if there is a failure. delete the name and NVPublic */ + if (rc != 0) { + TSS_DeleteHandle(tssContext, in->nvIndex); + TSS_NVPublic_Delete(tssContext, in->nvIndex); + } + } + } +#else + tssContext = tssContext; + in = in; +#endif + out = out; + extra = extra; + return rc; +} + +/* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the read lock command */ + +static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext, + NV_ReadLock_In *in, + void *out, + void *extra) +{ + TPM_RC rc = 0; + + if (tssVverbose) printf("TSS_PO_NV_ReadLock:"); + +#ifndef TPM_TSS_NOCRYPTO + { + TPMS_NV_PUBLIC nvPublic; + TPM2B_NAME name; /* new name */ + + if (rc == 0) { + rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); + } + /* if the previous store had read lock clear */ + if (!(nvPublic.attributes.val & TPMA_NVA_READLOCKED)) { + if (rc == 0) { + /* set the read lock bit */ + nvPublic.attributes.val |= TPMA_NVA_READLOCKED; + /* save the TPMS_NV_PUBLIC */ + rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); + } + /* calculate the name */ + if (rc == 0) { + rc = TSS_NVPublic_GetName(&name, &nvPublic); + } + /* save the name */ + if (rc == 0) { + /* use handle as file name */ + rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); + } + /* if there is a failure. delete the name and NVPublic */ + if (rc != 0) { + TSS_DeleteHandle(tssContext, in->nvIndex); + TSS_NVPublic_Delete(tssContext, in->nvIndex); + } + } + } +#else + tssContext = tssContext; + in = in; +#endif + out = out; + extra = extra; + return rc; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/tss20.h b/libstb/tss2/ibmtpm20tss/utils/tss20.h new file mode 100644 index 000000000000..2e3e2b09bca4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tss20.h @@ -0,0 +1,58 @@ +/********************************************************************************/ +/* */ +/* TSS TPM 2.0 API */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id:tss.h 656 2016-06-28 16:49:29Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSS20_H +#define TSS20_H + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext, + RESPONSE_PARAMETERS *out, + COMMAND_PARAMETERS *in, + EXTRA_PARAMETERS *extra, + TPM_CC commandCode, + va_list ap); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth.c b/libstb/tss2/ibmtpm20tss/utils/tssauth.c new file mode 100644 index 000000000000..40e9602fc594 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth.c @@ -0,0 +1,161 @@ +/********************************************************************************/ +/* */ +/* Common TPM 1.2 and TPM 2.0 TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This layer handles command and response packet authorization parameters. */ + +#include +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "tssproperties.h" +#include + +#include "tssauth.h" + +extern int tssVerbose; +extern int tssVverbose; + +/* TSS_AuthCreate() allocates and initializes a TSS_AUTH_CONTEXT */ + +TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_Malloc((uint8_t **)tssAuthContext, sizeof(TSS_AUTH_CONTEXT)); + } + if (rc == 0) { + TSS_InitAuthContext(*tssAuthContext); + } + return rc; +} + +/* TSS_InitAuthContext() sets initial values for an allocated TSS_AUTH_CONTEXT */ + +void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext) +{ + memset(tssAuthContext->commandBuffer, 0, sizeof(tssAuthContext->commandBuffer)); + memset(tssAuthContext->responseBuffer, 0, sizeof(tssAuthContext->responseBuffer)); + tssAuthContext->commandText = NULL; + tssAuthContext->commandCode = 0; + tssAuthContext->responseCode = 0; + tssAuthContext->commandHandleCount = 0; + tssAuthContext->responseHandleCount = 0; + tssAuthContext->authCount = 0; + tssAuthContext->commandSize = 0; + tssAuthContext->cpBufferSize = 0; + tssAuthContext->cpBuffer = NULL; + tssAuthContext->responseSize = 0; + tssAuthContext->marshalInFunction = NULL; + tssAuthContext->unmarshalOutFunction = NULL; +#ifndef TPM_TSS_NOCMDCHECK + tssAuthContext->unmarshalInFunction = NULL; +#endif +#ifdef TPM_TPM12 + tssAuthContext->sessionNumber = 0xffff; /* no encrypt sessions */ + tssAuthContext->encAuthOffset0 = 0; + tssAuthContext->encAuthOffset1 = 0; +#endif + return; +} + +/* TSS_AuthDelete() re-initializes and then frees an allocated TSS_AUTH_CONTEXT */ + +TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext) +{ + if (tssAuthContext != NULL) { + TSS_InitAuthContext(tssAuthContext); + free(tssAuthContext); + } + return 0; +} + +TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext) +{ + TPM_CC commandCode = tssAuthContext->commandCode; + return commandCode; +} + +TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *cpBufferSize, + uint8_t **cpBuffer) +{ + *cpBufferSize = tssAuthContext->cpBufferSize; + *cpBuffer = tssAuthContext->cpBuffer; + return 0; +} + +/* TSS_GetCommandHandleCount() returns the number of handles in the command area */ + +TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext, + size_t *commandHandleCount) +{ + *commandHandleCount = tssAuthContext->commandHandleCount; + return 0; +} + +TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; + if (tssVverbose) printf("TSS_AuthExecute: Executing %s\n", + tssContext->tssAuthContext->commandText); + /* transmit the command and receive the response. Normally returns the TPM response code. */ + if (rc == 0) { + rc = TSS_Transmit(tssContext, + tssContext->tssAuthContext->responseBuffer, + &tssContext->tssAuthContext->responseSize, + tssContext->tssAuthContext->commandBuffer, + tssContext->tssAuthContext->commandSize, + tssContext->tssAuthContext->commandText); + } + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth.h b/libstb/tss2/ibmtpm20tss/utils/tssauth.h new file mode 100644 index 000000000000..9d52c538513b --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth.h @@ -0,0 +1,104 @@ +/********************************************************************************/ +/* */ +/* TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssauth.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is not a public header. It should not be used by applications. */ + +#ifndef TSS_AUTH_H +#define TSS_AUTH_H + +#include +#include "tssccattributes.h" + +/* Generic functions to marshal and unmarshal Part 3 ordinal command and response parameters */ + +typedef TPM_RC (*MarshalInFunction_t)(COMMAND_PARAMETERS *source, + uint16_t *written, BYTE **buffer, uint32_t *size); +typedef TPM_RC (*UnmarshalOutFunction_t)(RESPONSE_PARAMETERS *target, + TPM_ST tag, BYTE **buffer, uint32_t *size); +typedef TPM_RC (*UnmarshalInFunction_t)(COMMAND_PARAMETERS *target, + BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); + +/* The context for the entire command processor. Update TSS_InitAuthContext() when changing + this structure */ + +typedef struct TSS_AUTH_CONTEXT { + uint8_t commandBuffer [MAX_COMMAND_SIZE]; + uint8_t responseBuffer [MAX_RESPONSE_SIZE]; + const char *commandText; + COMMAND_INDEX tpmCommandIndex; /* index into attributes table */ + TPM_CC commandCode; + TPM_RC responseCode; + size_t commandHandleCount; + uint32_t responseHandleCount; + uint16_t authCount; /* authorizations in command */ + uint16_t commandSize; + uint32_t cpBufferSize; + uint8_t *cpBuffer; + uint32_t responseSize; + MarshalInFunction_t marshalInFunction; + UnmarshalOutFunction_t unmarshalOutFunction; +#ifndef TPM_TSS_NOCMDCHECK /* disable command parameter checking */ + UnmarshalInFunction_t unmarshalInFunction; +#endif +#ifdef TPM_TPM12 + uint16_t sessionNumber; /* session used for ADIP, zero based */ + int16_t encAuthOffset0; /* offset to first TPM_ENCAUTH parameter */ + int16_t encAuthOffset1; /* offset to second TPM_ENCAUTH parameter if not NULL */ +#endif +} TSS_AUTH_CONTEXT; + +TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext); + +void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext); + +TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext); + +TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext); + +TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *cpBufferSize, + uint8_t **cpBuffer); + + +TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext, + size_t *commandHandleCount); + +TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth12.c b/libstb/tss2/ibmtpm20tss/utils/tssauth12.c new file mode 100644 index 000000000000..1787618a2408 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth12.c @@ -0,0 +1,746 @@ +/********************************************************************************/ +/* */ +/* TPM 1.2 TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This layer handles command and response packet authorization parameters. */ + +#include +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include "tssproperties.h" +#include + +#include +#include +#include +#include + +#include "tssauth12.h" + +extern int tssVerbose; +extern int tssVverbose; + +typedef struct MARSHAL_TABLE { + TPM_CC commandCode; + const char *commandText; + MarshalInFunction_t marshalInFunction; /* marshal input command */ + UnmarshalOutFunction_t unmarshalOutFunction; /* unmarshal output response */ +#ifndef TPM_TSS_NOCMDCHECK + UnmarshalInFunction_t unmarshalInFunction; /* unmarshal input command for parameter + checking */ +#endif +} MARSHAL_TABLE; + +static const MARSHAL_TABLE marshalTable12 [] = { + + {TPM_ORD_ActivateIdentity,"TPM_ORD_ActivateIdentity", + (MarshalInFunction_t)TSS_ActivateIdentity_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ActivateIdentity_Out_Unmarshalu, + (UnmarshalInFunction_t)ActivateIdentity_In_Unmarshal}, + + {TPM_ORD_ContinueSelfTest,"TPM_ORD_ContinueSelfTest", + (MarshalInFunction_t)NULL, + (UnmarshalOutFunction_t)NULL, + (UnmarshalInFunction_t)NULL}, + + {TPM_ORD_CreateEndorsementKeyPair,"TPM_ORD_CreateEndorsementKeyPair", + (MarshalInFunction_t)TSS_CreateEndorsementKeyPair_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CreateEndorsementKeyPair_Out_Unmarshalu, + (UnmarshalInFunction_t)CreateEndorsementKeyPair_In_Unmarshal}, + + {TPM_ORD_CreateWrapKey,"TPM_ORD_CreateWrapKey", + (MarshalInFunction_t)TSS_CreateWrapKey_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CreateWrapKey_Out_Unmarshalu, + (UnmarshalInFunction_t)CreateWrapKey_In_Unmarshal}, + + {TPM_ORD_Extend,"TPM_ORD_Extend", + (MarshalInFunction_t)TSS_Extend_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Extend_Out_Unmarshalu, + (UnmarshalInFunction_t)Extend_In_Unmarshal}, + + {TPM_ORD_FlushSpecific,"TPM_ORD_FlushSpecific", + (MarshalInFunction_t)TSS_FlushSpecific_In_Marshalu, + (UnmarshalOutFunction_t)NULL, + (UnmarshalInFunction_t)FlushSpecific_In_Unmarshal}, + + {TPM_ORD_GetCapability,"TPM_ORD_GetCapability", + (MarshalInFunction_t)TSS_GetCapability12_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetCapability12_Out_Unmarshalu, + (UnmarshalInFunction_t)GetCapability12_In_Unmarshal}, + + {TPM_ORD_LoadKey2,"TPM_ORD_LoadKey2", + (MarshalInFunction_t)TSS_LoadKey2_In_Marshalu, + (UnmarshalOutFunction_t)TSS_LoadKey2_Out_Unmarshalu, + (UnmarshalInFunction_t)LoadKey2_In_Unmarshal}, + + {TPM_ORD_MakeIdentity,"TPM_ORD_MakeIdentity", + (MarshalInFunction_t)TSS_MakeIdentity_In_Marshalu, + (UnmarshalOutFunction_t)TSS_MakeIdentity_Out_Unmarshalu, + (UnmarshalInFunction_t)MakeIdentity_In_Unmarshal}, + + {TPM_ORD_NV_DefineSpace,"TPM_ORD_NV_DefineSpace", + (MarshalInFunction_t)TSS_NV_DefineSpace12_In_Marshalu, + NULL, + (UnmarshalInFunction_t)NV_DefineSpace12_In_Unmarshal}, + + {TPM_ORD_NV_ReadValueAuth,"TPM_ORD_NV_ReadValueAuth", + (MarshalInFunction_t)TSS_NV_ReadValueAuth_In_Marshalu, + (UnmarshalOutFunction_t)TSS_NV_ReadValueAuth_Out_Unmarshalu, + (UnmarshalInFunction_t)NV_ReadValueAuth_In_Unmarshal}, + + {TPM_ORD_NV_ReadValue,"TPM_ORD_NV_ReadValue", + (MarshalInFunction_t)TSS_NV_ReadValue_In_Marshalu, + (UnmarshalOutFunction_t)TSS_NV_ReadValue_Out_Unmarshalu, + (UnmarshalInFunction_t)NV_ReadValue_In_Unmarshal}, + + {TPM_ORD_NV_WriteValue,"TPM_ORD_NV_WriteValue", + (MarshalInFunction_t)TSS_NV_WriteValue_In_Marshalu, + NULL, + (UnmarshalInFunction_t)NV_WriteValue_In_Unmarshal}, + + {TPM_ORD_NV_WriteValueAuth,"TPM_ORD_NV_WriteValueAuth", + (MarshalInFunction_t)TSS_NV_WriteValueAuth_In_Marshalu, + NULL, + (UnmarshalInFunction_t)NV_WriteValueAuth_In_Unmarshal}, + + {TPM_ORD_OIAP,"TPM_ORD_OIAP", + (MarshalInFunction_t)NULL, + (UnmarshalOutFunction_t)TSS_OIAP_Out_Unmarshalu, + (UnmarshalInFunction_t)NULL}, + + {TPM_ORD_OSAP,"TPM_ORD_OSAP", + (MarshalInFunction_t)TSS_OSAP_In_Marshalu, + (UnmarshalOutFunction_t)TSS_OSAP_Out_Unmarshalu, + (UnmarshalInFunction_t)OSAP_In_Unmarshal}, + + {TPM_ORD_OwnerReadInternalPub,"TPM_ORD_OwnerReadInternalPub", + (MarshalInFunction_t)TSS_OwnerReadInternalPub_In_Marshalu, + (UnmarshalOutFunction_t)TSS_OwnerReadInternalPub_Out_Unmarshalu, + (UnmarshalInFunction_t)OwnerReadInternalPub_In_Unmarshal}, + + {TPM_ORD_OwnerSetDisable,"TPM_ORD_OwnerSetDisable", + (MarshalInFunction_t)TSS_OwnerSetDisable_In_Marshalu, + NULL, + (UnmarshalInFunction_t)OwnerSetDisable_In_Unmarshal}, + + {TPM_ORD_MakeIdentity,"TPM_ORD_MakeIdentity", + (MarshalInFunction_t)TSS_MakeIdentity_In_Marshalu, + (UnmarshalOutFunction_t)TSS_MakeIdentity_Out_Unmarshalu, + (UnmarshalInFunction_t)MakeIdentity_In_Unmarshal}, + + {TPM_ORD_PcrRead,"TPM_ORD_PcrRead", + (MarshalInFunction_t)TSS_PcrRead12_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PcrRead12_Out_Unmarshalu, + (UnmarshalInFunction_t)PcrRead12_In_Unmarshal}, + + {TPM_ORD_PCR_Reset,"TPM_ORD_PCR_Reset", + (MarshalInFunction_t)TSS_PCR_Reset12_In_Marshalu, + NULL, + (UnmarshalInFunction_t)PCR_Reset12_In_Unmarshal}, + + {TPM_ORD_Quote2,"TPM_ORD_Quote2", + (MarshalInFunction_t)TSS_Quote2_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Quote2_Out_Unmarshalu, + (UnmarshalInFunction_t)Quote2_In_Unmarshal}, + + {TPM_ORD_ReadPubek,"TPM_ORD_ReadPubek", + (MarshalInFunction_t)TSS_ReadPubek_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ReadPubek_Out_Unmarshalu, + (UnmarshalInFunction_t)ReadPubek_In_Unmarshal}, + + {TPM_ORD_Sign,"TPM_ORD_Sign", + (MarshalInFunction_t)TSS_Sign12_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Sign12_Out_Unmarshalu, + (UnmarshalInFunction_t)Sign12_In_Unmarshal}, + + {TPM_ORD_Startup,"TPM_ORD_Startup", + (MarshalInFunction_t)TSS_Startup12_In_Marshalu, + NULL, + (UnmarshalInFunction_t)Startup12_In_Unmarshal}, + + {TPM_ORD_TakeOwnership,"TPM_ORD_TakeOwnership", + (MarshalInFunction_t)TSS_TakeOwnership_In_Marshalu, + (UnmarshalOutFunction_t)TSS_TakeOwnership_Out_Unmarshalu, + (UnmarshalInFunction_t)TakeOwnership_In_Unmarshal}, + + {TPM_ORD_Init,"TPM_ORD_Init", + NULL, + NULL, + NULL}, +}; + +/* TSS_MarshalTable12_Process() indexes into the command marshal table, and saves the marshal and + unmarshal functions */ + + +static TPM_RC TSS_MarshalTable12_Process(TSS_AUTH_CONTEXT *tssAuthContext, + TPM_CC commandCode) +{ + TPM_RC rc = 0; + size_t index; + int found = FALSE; + + /* get the command index in the dispatch table */ + for (index = 0 ; index < (sizeof(marshalTable12) / sizeof(MARSHAL_TABLE)) ; (index)++) { + if (marshalTable12[index].commandCode == commandCode) { + found = TRUE; + break; + } + } + if (found) { + tssAuthContext->commandCode = commandCode; + tssAuthContext->commandText = marshalTable12[index].commandText; + tssAuthContext->marshalInFunction = marshalTable12[index].marshalInFunction; + tssAuthContext->unmarshalOutFunction = marshalTable12[index].unmarshalOutFunction; +#ifndef TPM_TSS_NOCMDCHECK + tssAuthContext->unmarshalInFunction = marshalTable12[index].unmarshalInFunction; +#endif + } + else { + if (tssVerbose) printf("TSS_MarshalTable12_Process: " + "commandCode %08x not found in marshal table\n", + commandCode); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; + } + return rc; +} + +/* TSS_Marshal12() marshals the input parameters into the TSS Authorization context. + + It also sets other member of the context in preparation for the rest of the sequence. +*/ + +TPM_RC TSS_Marshal12(TSS_AUTH_CONTEXT *tssAuthContext, + COMMAND_PARAMETERS *in, + TPM_CC commandCode) +{ + TPM_RC rc = 0; + TPM_TAG tag = TPM_TAG_RQU_COMMAND; /* default until sessions are added */ + uint8_t *buffer; /* for marshaling */ + uint8_t *bufferu; /* for test unmarshaling */ + uint32_t size; + + /* index from command code to table and save marshal and unmarshal functions for this command */ + if (rc == 0) { + rc = TSS_MarshalTable12_Process(tssAuthContext, commandCode); + } + /* get the number of command and response handles from the TPM table */ + if (rc == 0) { + tssAuthContext->tpmCommandIndex = CommandCodeToCommandIndex12(commandCode); + if (tssAuthContext->tpmCommandIndex == UNIMPLEMENTED_COMMAND_INDEX) { + if (tssVerbose) printf("TSS_Marshal12: " + "commandCode %08x not found in command attributes table\n", + commandCode); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; + } + } + if (rc == 0) { + tssAuthContext->commandHandleCount = + getCommandHandleCount12(tssAuthContext->tpmCommandIndex); + tssAuthContext->responseHandleCount = + getresponseHandleCount12(tssAuthContext->tpmCommandIndex); + } + if (rc == 0) { + /* make a copy of the command buffer and size since the marshal functions move them */ + buffer = tssAuthContext->commandBuffer; + size = MAX_COMMAND_SIZE; + /* marshal header, preliminary tag and command size */ + rc = TSS_UINT16_Marshalu(&tag, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { + uint32_t commandSize = tssAuthContext->commandSize; + rc = TSS_UINT32_Marshalu(&commandSize, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&commandCode, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { + /* save pointer to marshaled data for test unmarshal */ + bufferu = buffer + + tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE); + /* if there is a marshal function */ + if (tssAuthContext->marshalInFunction != NULL) { + /* if there is a structure to marshal */ + if (in != NULL) { + rc = tssAuthContext->marshalInFunction(in, &tssAuthContext->commandSize, + &buffer, &size); + } + /* caller error, no structure supplied to marshal */ + else { + if (tssVerbose) + printf("TSS_Marshal12: Command %08x requires command parameter structure\n", + commandCode); + rc = TSS_RC_IN_PARAMETER; + } + } + /* if there is no marshal function */ + else { + /* caller error, supplied structure but there is no marshal function */ + if (in != NULL) { + if (tssVerbose) + printf("TSS_Marshal12: Command %08x does not take command parameter structure\n", + commandCode); + rc = TSS_RC_IN_PARAMETER; + } + /* no marshal function and no command parameter structure is OK */ + } + } +#ifndef TPM_TSS_NOCMDCHECK + /* unmarshal to validate the input parameters */ + if ((rc == 0) && (tssAuthContext->unmarshalInFunction != NULL)) { + COMMAND_PARAMETERS target; + TPM_HANDLE handles[MAX_HANDLE_NUM]; + size = MAX_COMMAND_SIZE; + rc = tssAuthContext->unmarshalInFunction(&target, &bufferu, &size, handles); + if ((rc != 0) && tssVerbose) { + printf("TSS_Marshal12: Invalid command parameter\n"); + } + } +#endif + /* back fill the correct commandSize */ + if (rc == 0) { + uint16_t written = 0; /* dummy */ + uint32_t commandSize = tssAuthContext->commandSize; + buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); + TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL); + } + /* record the interim cpBuffer and cpBufferSize before adding authorizations */ + if (rc == 0) { + uint32_t notCpBufferSize; + + /* cpBuffer does not include the header and handles */ + notCpBufferSize = sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) + + (sizeof(TPM_HANDLE) * tssAuthContext->commandHandleCount); + + tssAuthContext->cpBuffer = tssAuthContext->commandBuffer + notCpBufferSize; + tssAuthContext->cpBufferSize = tssAuthContext->commandSize - notCpBufferSize; + } + return rc; +} + +/* TSS_Unmarshal12() unmarshals the response parameter. + + It returns an error if either there is no unmarshal function and out is not NULL or if there is + an unmarshal function and out is not NULL. + + If there is no unmarshal function and out is NULL, the function is a noop. +*/ + +TPM_RC TSS_Unmarshal12(TSS_AUTH_CONTEXT *tssAuthContext, + RESPONSE_PARAMETERS *out) +{ + TPM_RC rc = 0; + TPM_TAG tag; + uint8_t *buffer; + uint32_t size; + + /* if there is an unmarshal function */ + if (tssAuthContext->unmarshalOutFunction != NULL) { + /* if there is a structure to unmarshal */ + if (out != NULL) { + if (rc == 0) { + /* get the response tag, determines whether there are response authorizations to + unmarshal */ + /* tag not required for TPM 1.2, where there is no parameterSize to skip, but the + response unmarshal function uses a common prototype */ + buffer = tssAuthContext->responseBuffer; + size = tssAuthContext->responseSize; + rc = TSS_TPM_TAG_Unmarshalu(&tag, &buffer, &size); + } + if (rc == 0) { + /* move the buffer and size past the header */ + buffer = tssAuthContext->responseBuffer + + sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC); + size = tssAuthContext->responseSize - + (sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC)); + rc = tssAuthContext->unmarshalOutFunction(out, tag, &buffer, &size); + } + } + /* caller error, no structure supplied to unmarshal */ + else { + if (tssVerbose) + printf("TSS_Unmarshal12: Command %08x requires response parameter structure\n", + tssAuthContext->commandCode); + rc = TSS_RC_OUT_PARAMETER; + } + } + /* if there is no unmarshal function */ + else { + /* caller error, structure supplied but no unmarshal function */ + if (out != NULL) { + if (tssVerbose) + printf("TSS_Unmarshal12: Command %08x does not take response parameter structure\n", + tssAuthContext->commandCode); + rc = TSS_RC_OUT_PARAMETER; + } + /* no unmarshal function and no response parameter structure is OK */ + } + return rc; +} + +/* TSS_SetCmdAuths12() appends a list of TPMS_AUTH12_COMMAND structures to the command buffer. It + back fills the tag and paramSize. + +*/ + +TPM_RC TSS_SetCmdAuths12(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TPMS_AUTH12_COMMAND *authC[]) +{ + TPM_RC rc = 0; + size_t i = 0; + TPM_TAG tag; + uint32_t cpBufferSize; + uint8_t *cpBuffer; + uint8_t *buffer; + + if (rc == 0) { + /* record the number of authorizations for the response */ + tssAuthContext->authCount = numSessions; + switch (numSessions) { + case 0: + tag = TPM_TAG_RQU_COMMAND; + break; + case 1: + tag = TPM_TAG_RQU_AUTH1_COMMAND; + break; + case 2: + tag = TPM_TAG_RQU_AUTH2_COMMAND; + break; + default: + if (tssVerbose) printf("TSS_SetCmdAuths12: Invalid number of sessions %u\n", + (unsigned int)numSessions); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* back fill the tag */ + if (rc == 0) { + uint16_t written = 0; /* dummy */ + buffer = tssAuthContext->commandBuffer; + TSS_UINT16_Marshalu(&tag, &written, &buffer, NULL); + } + /* get cpBuffer, command parameters */ + if (rc == 0) { + rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); + } + /* index to the beginning of the authorization area, and range check the command buffer */ + if (rc == 0) { + cpBuffer += cpBufferSize; + } + for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) { + uint16_t written = 0; + uint32_t size = MAX_COMMAND_SIZE - cpBufferSize; + /* marshal authHandle */ + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&authC[i]->sessionHandle, &written, &cpBuffer, &size); + } + /* marshal nonceOdd */ + if (rc == 0) { + rc = TSS_Array_Marshalu(authC[i]->nonce, SHA1_DIGEST_SIZE, + &written, &cpBuffer, &size); + } + /* marshal attributes */ + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&authC[i]->sessionAttributes.val, &written, &cpBuffer, &size); + } + /* marshal HMAC */ + if (rc == 0) { + rc = TSS_Array_Marshalu(authC[i]->hmac, SHA1_DIGEST_SIZE, + &written, &cpBuffer, &size); + } + } + if (rc == 0) { + uint16_t written = 0; /* dummy */ + uint32_t commandSize; + /* record command stream used size */ + tssAuthContext->commandSize = cpBuffer - tssAuthContext->commandBuffer; + /* back fill the correct commandSize */ + buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); + commandSize = tssAuthContext->commandSize; + TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL); + } + return rc; +} + +/* TSS_GetRspAuths12() unmarshals a response buffer into a list of list of TPMS_AUTH12_RESPONSE + structures. This should not be called if the TPM returned a non-success response code. + + Returns an error if the number of response auths requested is not equal to the number of command + auths, including zero. + + If the response tag is TPM_TAG_RSP_COMMAND, the function is a noop (except for error checking). +*/ + +TPM_RC TSS_GetRspAuths12(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TPMS_AUTH12_RESPONSE *authR[]) +{ + TPM_RC rc = 0; + size_t i; + TPM_TAG tag; + uint32_t oneAuthAreaSize = SHA1_DIGEST_SIZE + 1 + SHA1_DIGEST_SIZE; + uint32_t authBufferSize; + uint8_t *authBuffer; + + /* range check the response buffer size before the subtraction below */ + if (rc == 0) { + if ((sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC) + + (numSessions * oneAuthAreaSize)) <= tssAuthContext->responseSize) { + authBufferSize = tssAuthContext->responseSize - + (sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC)); + } + else { + if (tssVerbose) printf("TSS_GetRspAuths12: Invalid response size %u\n", + (unsigned int)tssAuthContext->responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* unmarshal the response tag */ + if (rc == 0) { + uint32_t size = tssAuthContext->responseSize; + uint8_t *buffer = tssAuthContext->responseBuffer; + rc = TSS_TPM_TAG_Unmarshalu(&tag, &buffer, &size); + } + /* sanity check the response tag, range checking below */ + if (rc == 0) { + switch (tag) { + case TPM_TAG_RSP_COMMAND: + if (numSessions != 0) { + if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n", + (unsigned int)numSessions); + rc = TSS_RC_MALFORMED_RESPONSE; + } + break; + case TPM_TAG_RSP_AUTH1_COMMAND: + authBuffer = tssAuthContext->responseBuffer + tssAuthContext->responseSize /* end */ + - oneAuthAreaSize; /* minus one auth area */ + authBufferSize = oneAuthAreaSize; + if (numSessions != 1) { + if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n", + (unsigned int)numSessions); + rc = TSS_RC_MALFORMED_RESPONSE; + } + break; + case TPM_TAG_RSP_AUTH2_COMMAND: + authBuffer = tssAuthContext->responseBuffer + tssAuthContext->responseSize /* end */ + - oneAuthAreaSize - oneAuthAreaSize ; /* minus two auth areas */ + authBufferSize = oneAuthAreaSize + oneAuthAreaSize; + if (numSessions != 2) { + if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n", + (unsigned int)numSessions); + rc = TSS_RC_MALFORMED_RESPONSE; + } + break; + default: + if (tssVerbose) printf("TSS_GetRspAuths12: Bad tag %04x\n", tag); + rc = TSS_RC_MALFORMED_RESPONSE; + break; + } + } + /* unmarshal into the TPMS_AUTH12_RESPONSE structures */ + for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) { + /* TPM 1.2 has fixed size auth area - nonceEven + continue + auth HMAC */ + if (rc == 0) { + rc = TSS_Array_Unmarshalu(authR[i]->nonce, + SHA1_DIGEST_SIZE, &authBuffer, &authBufferSize); + } + if (rc == 0) { + rc = TSS_UINT8_Unmarshalu(&authR[i]->sessionAttributes.val, &authBuffer, &authBufferSize); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(authR[i]->hmac, + SHA1_DIGEST_SIZE, &authBuffer, &authBufferSize); + } + } + return rc; +} + +/* TSS_GetRpBuffer12() returns a pointer to the response parameter area. + + NOTE could move to execute so it only has to be done once. +*/ + +TPM_RC TSS_GetRpBuffer12(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *rpBufferSize, + uint8_t **rpBuffer, + size_t numSessions) +{ + TPM_RC rc = 0; + uint32_t headerSize = sizeof(TPM_TAG) + sizeof (uint32_t) + sizeof(TPM_RC) + + (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount); + uint32_t oneAuthAreaSize = SHA1_DIGEST_SIZE + 1 + SHA1_DIGEST_SIZE; + + if (rc == 0) { + *rpBuffer = tssAuthContext->responseBuffer + headerSize; + + if (headerSize + (numSessions * oneAuthAreaSize) <= tssAuthContext->responseSize) { + *rpBufferSize = + tssAuthContext->responseSize - headerSize - (numSessions * oneAuthAreaSize); + } + else { + if (tssVerbose) printf("TSS_GetRpBuffer12: " + "response size %u too small for number of sessions %u\n", + tssAuthContext->responseSize, (unsigned int)numSessions); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + return rc; +} + +/* TSS_SetEncAuth() are called from the TPM 1.2 command pre-processor to record the location(s) of + the encrypted authorizations. + + Cannot range check here, because command parameters have not been marshaled yet. + + NOTE: This is a bit of a hack, depending on the location being a fixed distance from the + beginning or end of the command buffer. It could break if there is both a variable size argument + before and a variable number of authorizations or variable size argument after the location. + + If this occurs, the pointers nust be set during marshaling, but this is more intrusive, requiring + TSS_AUTH_CONTEXT to be passed into the marshaling code. + +*/ + +TPM_RC TSS_SetEncAuthOffset0(TSS_AUTH_CONTEXT *tssAuthContext, + int16_t offset) +{ + tssAuthContext->encAuthOffset0 = offset; + return 0; +} +TPM_RC TSS_SetEncAuthOffset1(TSS_AUTH_CONTEXT *tssAuthContext, + int16_t offset) +{ + tssAuthContext->encAuthOffset1 = offset; + return 0; +} +TPM_RC TSS_GetEncAuths(TSS_AUTH_CONTEXT *tssAuthContext, + uint8_t **encAuth0, + uint8_t **encAuth1) +{ + TPM_RC rc = 0; + + if (tssAuthContext->encAuthOffset0 > 0) { + if ((uint16_t)tssAuthContext->encAuthOffset0 < tssAuthContext->cpBufferSize) { + *encAuth0 = tssAuthContext->commandBuffer + tssAuthContext->encAuthOffset0; + } + else { + if (tssVerbose) printf("TSS_GetEncAuths: " + "encAuthOffset0 %d too large for command buffer %u\n", + tssAuthContext->encAuthOffset0, tssAuthContext->cpBufferSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + else if (tssAuthContext->encAuthOffset0 < 0) { + if ((uint16_t)(-tssAuthContext->encAuthOffset0) < tssAuthContext->commandSize) { + *encAuth0 = tssAuthContext->commandBuffer + + tssAuthContext->commandSize + tssAuthContext->encAuthOffset0; + } + else { + if (tssVerbose) printf("TSS_GetEncAuths: " + "encAuthOffset0 %d too large for command buffer %u\n", + tssAuthContext->encAuthOffset0, tssAuthContext->commandSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + else { + *encAuth0 = NULL; + } + if (tssAuthContext->encAuthOffset1 > 0) { + if ((uint16_t)tssAuthContext->encAuthOffset1 < tssAuthContext->cpBufferSize) { + *encAuth1 = tssAuthContext->commandBuffer + tssAuthContext->encAuthOffset1; + } + else { + if (tssVerbose) printf("TSS_GetEncAuths: " + "encAuthOffset1 %u too large for command buffer %u\n", + tssAuthContext->encAuthOffset1, tssAuthContext->cpBufferSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + else if (tssAuthContext->encAuthOffset1 < 0) { + if ((uint16_t)(-tssAuthContext->encAuthOffset1) < tssAuthContext->commandSize) { + *encAuth1 = tssAuthContext->commandBuffer + + tssAuthContext->commandSize + tssAuthContext->encAuthOffset1; + } + else { + if (tssVerbose) printf("TSS_GetEncAuths: " + "encAuthOffset1 %d too large for command buffer %u\n", + tssAuthContext->encAuthOffset1, tssAuthContext->commandSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + else { + *encAuth1 = NULL; + } + return rc; +} + +TPM_RC TSS_SetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext, + uint16_t sessionNumber) +{ + TPM_RC rc = 0; + + tssAuthContext->sessionNumber = sessionNumber; + if (sessionNumber > 1) { + if (tssVerbose) printf("TSS_SetSessionNumber: %u out of range\n", + sessionNumber); + rc = TSS_RC_SESSION_NUMBER; + } + return rc; +} +TPM_RC TSS_GetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext, + uint16_t *sessionNumber) +{ + *sessionNumber = tssAuthContext->sessionNumber; + return 0; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth12.h b/libstb/tss2/ibmtpm20tss/utils/tssauth12.h new file mode 100644 index 000000000000..9cc898c3463c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth12.h @@ -0,0 +1,94 @@ +/********************************************************************************/ +/* */ +/* TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssauth12.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is not a public header. It should not be used by applications. */ + +#ifndef TSS_AUTH12_H +#define TSS_AUTH12_H + +#include +#include "Commands12_fp.h" +#include "tssccattributes12.h" + +/* command and response authorization structures adapted for TPM 1.2 */ + +typedef struct { + TPM_AUTHHANDLE sessionHandle; /* the session handle */ + TPM_NONCE nonce; /* the session nonce, may be the Empty Buffer */ + TPMA_SESSION sessionAttributes; /* the session attributes */ + TPM_AUTHDATA hmac; /* authorization HMAC */ +} TPMS_AUTH12_COMMAND; + + +typedef struct { + TPM_NONCE nonce; /* the session nonce, may be the Empty Buffer */ + TPMA_SESSION sessionAttributes; /* the session attributes */ + TPM_AUTHDATA hmac; /* authorization HMAC */ +} TPMS_AUTH12_RESPONSE; + +TPM_RC TSS_Marshal12(TSS_AUTH_CONTEXT *tssAuthContext, + COMMAND_PARAMETERS *in, + TPM_CC commandCode); + +TPM_RC TSS_Unmarshal12(TSS_AUTH_CONTEXT *tssAuthContext, + RESPONSE_PARAMETERS *out); + +TPM_RC TSS_SetCmdAuths12(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TPMS_AUTH12_COMMAND *authC[]); +TPM_RC TSS_GetRspAuths12(TSS_AUTH_CONTEXT *tssAuthContext, + size_t numSessions, + TPMS_AUTH12_RESPONSE *authR[]); +TPM_RC TSS_GetRpBuffer12(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *rpBufferSize, + uint8_t **rpBuffer, + size_t numSessions); +TPM_RC TSS_SetEncAuthOffset0(TSS_AUTH_CONTEXT *tssAuthContext, + int16_t offset); +TPM_RC TSS_SetEncAuthOffset1(TSS_AUTH_CONTEXT *tssAuthContext, + int16_t offset); +TPM_RC TSS_GetEncAuths(TSS_AUTH_CONTEXT *tssAuthContext, + uint8_t **encAuth0, + uint8_t **encAuth1); +TPM_RC TSS_SetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext, + uint16_t sessionNumber); +TPM_RC TSS_GetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext, + uint16_t *sessionNumber); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth20.c b/libstb/tss2/ibmtpm20tss/utils/tssauth20.c new file mode 100644 index 000000000000..8489e86d52d4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth20.c @@ -0,0 +1,1546 @@ +/********************************************************************************/ +/* */ +/* TPM 2.0 TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This layer handles command and response packet authorization parameters. */ + +#include +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "tssproperties.h" +#include + +#include "tssntc.h" +#include "tssauth.h" +#include "tssauth20.h" + +extern int tssVerbose; +extern int tssVverbose; + +typedef struct MARSHAL_TABLE { + TPM_CC commandCode; + const char *commandText; + MarshalInFunction_t marshalInFunction; /* marshal input command */ + UnmarshalOutFunction_t unmarshalOutFunction; /* unmarshal output response */ +#ifndef TPM_TSS_NOCMDCHECK + UnmarshalInFunction_t unmarshalInFunction; /* unmarshal input command for parameter + checking */ +#endif +} MARSHAL_TABLE; + +static const MARSHAL_TABLE marshalTable [] = { + + {TPM_CC_Startup, "TPM2_Startup", + (MarshalInFunction_t)TSS_Startup_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Startup_In_Unmarshal +#endif + }, + {TPM_CC_Shutdown, "TPM2_Shutdown", + (MarshalInFunction_t)TSS_Shutdown_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Shutdown_In_Unmarshal +#endif + }, + {TPM_CC_SelfTest, "TPM2_SelfTest", + (MarshalInFunction_t)TSS_SelfTest_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SelfTest_In_Unmarshal +#endif + }, + {TPM_CC_IncrementalSelfTest, "TPM2_IncrementalSelfTest", + (MarshalInFunction_t)TSS_IncrementalSelfTest_In_Marshalu, + (UnmarshalOutFunction_t)TSS_IncrementalSelfTest_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)IncrementalSelfTest_In_Unmarshal +#endif + }, + {TPM_CC_GetTestResult, "TPM2_GetTestResult", + NULL, + (UnmarshalOutFunction_t)TSS_GetTestResult_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,NULL +#endif + }, + {TPM_CC_StartAuthSession, "TPM2_StartAuthSession", + (MarshalInFunction_t)TSS_StartAuthSession_In_Marshalu, + (UnmarshalOutFunction_t)TSS_StartAuthSession_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)StartAuthSession_In_Unmarshal +#endif + }, + {TPM_CC_PolicyRestart, "TPM2_PolicyRestart", + (MarshalInFunction_t)TSS_PolicyRestart_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyRestart_In_Unmarshal +#endif + }, + {TPM_CC_Create, "TPM2_Create", + (MarshalInFunction_t)TSS_Create_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Create_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Create_In_Unmarshal +#endif + }, + {TPM_CC_Load, "TPM2_Load", + (MarshalInFunction_t)TSS_Load_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Load_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Load_In_Unmarshal +#endif + }, + {TPM_CC_LoadExternal, "TPM2_LoadExternal", + (MarshalInFunction_t)TSS_LoadExternal_In_Marshalu, + (UnmarshalOutFunction_t)TSS_LoadExternal_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)LoadExternal_In_Unmarshal +#endif + }, + {TPM_CC_ReadPublic, "TPM2_ReadPublic", + (MarshalInFunction_t)TSS_ReadPublic_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ReadPublic_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ReadPublic_In_Unmarshal +#endif + }, + {TPM_CC_ActivateCredential, "TPM2_ActivateCredential", + (MarshalInFunction_t)TSS_ActivateCredential_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ActivateCredential_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ActivateCredential_In_Unmarshal +#endif + }, + {TPM_CC_MakeCredential, "TPM2_MakeCredential", + (MarshalInFunction_t)TSS_MakeCredential_In_Marshalu, + (UnmarshalOutFunction_t)TSS_MakeCredential_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)MakeCredential_In_Unmarshal +#endif + }, + {TPM_CC_Unseal, "TPM2_Unseal", + (MarshalInFunction_t)TSS_Unseal_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Unseal_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Unseal_In_Unmarshal +#endif + }, + {TPM_CC_ObjectChangeAuth, "TPM2_ObjectChangeAuth", + (MarshalInFunction_t)TSS_ObjectChangeAuth_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ObjectChangeAuth_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ObjectChangeAuth_In_Unmarshal +#endif + }, + {TPM_CC_CreateLoaded, "TPM2_CreateLoaded", + (MarshalInFunction_t)TSS_CreateLoaded_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CreateLoaded_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)CreateLoaded_In_Unmarshal +#endif + }, + {TPM_CC_Duplicate, "TPM2_Duplicate", + (MarshalInFunction_t)TSS_Duplicate_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Duplicate_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Duplicate_In_Unmarshal +#endif + }, + {TPM_CC_Rewrap, "TPM2_Rewrap", + (MarshalInFunction_t)TSS_Rewrap_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Rewrap_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Rewrap_In_Unmarshal +#endif + }, + {TPM_CC_Import, "TPM2_Import", + (MarshalInFunction_t)TSS_Import_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Import_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Import_In_Unmarshal +#endif + }, + {TPM_CC_RSA_Encrypt, "TPM2_RSA_Encrypt", + (MarshalInFunction_t)TSS_RSA_Encrypt_In_Marshalu, + (UnmarshalOutFunction_t)TSS_RSA_Encrypt_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)RSA_Encrypt_In_Unmarshal +#endif + }, + {TPM_CC_RSA_Decrypt, "TPM2_RSA_Decrypt", + (MarshalInFunction_t)TSS_RSA_Decrypt_In_Marshalu, + (UnmarshalOutFunction_t)TSS_RSA_Decrypt_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)RSA_Decrypt_In_Unmarshal +#endif + }, + {TPM_CC_ECDH_KeyGen, "TPM2_ECDH_KeyGen", + (MarshalInFunction_t)TSS_ECDH_KeyGen_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ECDH_KeyGen_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ECDH_KeyGen_In_Unmarshal +#endif + }, + {TPM_CC_ECDH_ZGen, "TPM2_ECDH_ZGen", + (MarshalInFunction_t)TSS_ECDH_ZGen_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ECDH_ZGen_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ECDH_ZGen_In_Unmarshal +#endif + }, + {TPM_CC_ECC_Parameters, "TPM2_ECC_Parameters", + (MarshalInFunction_t)TSS_ECC_Parameters_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ECC_Parameters_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ECC_Parameters_In_Unmarshal +#endif + }, + {TPM_CC_ZGen_2Phase, "TPM2_ZGen_2Phase", + (MarshalInFunction_t)TSS_ZGen_2Phase_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ZGen_2Phase_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ZGen_2Phase_In_Unmarshal +#endif + }, + {TPM_CC_EncryptDecrypt, "TPM2_EncryptDecrypt", + (MarshalInFunction_t)TSS_EncryptDecrypt_In_Marshalu, + (UnmarshalOutFunction_t)TSS_EncryptDecrypt_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)EncryptDecrypt_In_Unmarshal +#endif + }, + {TPM_CC_EncryptDecrypt2, "TPM2_EncryptDecrypt2", + (MarshalInFunction_t)TSS_EncryptDecrypt2_In_Marshalu, + (UnmarshalOutFunction_t)TSS_EncryptDecrypt2_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)EncryptDecrypt2_In_Unmarshal +#endif + }, + {TPM_CC_Hash, "TPM2_Hash", + (MarshalInFunction_t)TSS_Hash_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Hash_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Hash_In_Unmarshal +#endif + }, + {TPM_CC_HMAC, "TPM2_HMAC", + (MarshalInFunction_t)TSS_HMAC_In_Marshalu, + (UnmarshalOutFunction_t)TSS_HMAC_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)HMAC_In_Unmarshal +#endif + }, + {TPM_CC_GetRandom, "TPM2_GetRandom", + (MarshalInFunction_t)TSS_GetRandom_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetRandom_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)GetRandom_In_Unmarshal +#endif + }, + {TPM_CC_StirRandom, "TPM2_StirRandom", + (MarshalInFunction_t)TSS_StirRandom_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)StirRandom_In_Unmarshal +#endif + }, + {TPM_CC_HMAC_Start, "TPM2_HMAC_Start", + (MarshalInFunction_t)TSS_HMAC_Start_In_Marshalu, + (UnmarshalOutFunction_t)TSS_HMAC_Start_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)HMAC_Start_In_Unmarshal +#endif + }, + {TPM_CC_HashSequenceStart, "TPM2_HashSequenceStart", + (MarshalInFunction_t)TSS_HashSequenceStart_In_Marshalu, + (UnmarshalOutFunction_t)TSS_HashSequenceStart_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)HashSequenceStart_In_Unmarshal +#endif + }, + {TPM_CC_SequenceUpdate, "TPM2_SequenceUpdate", + (MarshalInFunction_t)TSS_SequenceUpdate_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SequenceUpdate_In_Unmarshal +#endif + }, + {TPM_CC_SequenceComplete, "TPM2_SequenceComplete", + (MarshalInFunction_t)TSS_SequenceComplete_In_Marshalu, + (UnmarshalOutFunction_t)TSS_SequenceComplete_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SequenceComplete_In_Unmarshal +#endif + }, + {TPM_CC_EventSequenceComplete, "TPM2_EventSequenceComplete", + (MarshalInFunction_t)TSS_EventSequenceComplete_In_Marshalu, + (UnmarshalOutFunction_t)TSS_EventSequenceComplete_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)EventSequenceComplete_In_Unmarshal +#endif + }, + {TPM_CC_Certify, "TPM2_Certify", + (MarshalInFunction_t)TSS_Certify_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Certify_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Certify_In_Unmarshal +#endif + }, + {TPM_CC_CertifyX509, "TPM2_CertifyX509", + (MarshalInFunction_t)TSS_CertifyX509_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CertifyX509_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)CertifyX509_In_Unmarshal +#endif + }, + {TPM_CC_CertifyCreation, "TPM2_CertifyCreation", + (MarshalInFunction_t)TSS_CertifyCreation_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CertifyCreation_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)CertifyCreation_In_Unmarshal +#endif + }, + {TPM_CC_Quote, "TPM2_Quote", + (MarshalInFunction_t)TSS_Quote_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Quote_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Quote_In_Unmarshal +#endif + }, + {TPM_CC_GetSessionAuditDigest, "TPM2_GetSessionAuditDigest", + (MarshalInFunction_t)TSS_GetSessionAuditDigest_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetSessionAuditDigest_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)GetSessionAuditDigest_In_Unmarshal +#endif + }, + {TPM_CC_GetCommandAuditDigest, "TPM2_GetCommandAuditDigest", + (MarshalInFunction_t)TSS_GetCommandAuditDigest_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetCommandAuditDigest_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)GetCommandAuditDigest_In_Unmarshal +#endif + }, + {TPM_CC_GetTime, "TPM2_GetTime", + (MarshalInFunction_t)TSS_GetTime_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetTime_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)GetTime_In_Unmarshal +#endif + }, + {TPM_CC_Commit, "TPM2_Commit", + (MarshalInFunction_t)TSS_Commit_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Commit_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Commit_In_Unmarshal +#endif + }, + {TPM_CC_EC_Ephemeral, "TPM2_EC_Ephemeral", + (MarshalInFunction_t)TSS_EC_Ephemeral_In_Marshalu, + (UnmarshalOutFunction_t)TSS_EC_Ephemeral_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)EC_Ephemeral_In_Unmarshal +#endif + }, + {TPM_CC_VerifySignature, "TPM2_VerifySignature", + (MarshalInFunction_t)TSS_VerifySignature_In_Marshalu, + (UnmarshalOutFunction_t)TSS_VerifySignature_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)VerifySignature_In_Unmarshal +#endif + }, + {TPM_CC_Sign, "TPM2_Sign", + (MarshalInFunction_t)TSS_Sign_In_Marshalu, + (UnmarshalOutFunction_t)TSS_Sign_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Sign_In_Unmarshal +#endif + }, + {TPM_CC_SetCommandCodeAuditStatus, "TPM2_SetCommandCodeAuditStatus", + (MarshalInFunction_t)TSS_SetCommandCodeAuditStatus_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SetCommandCodeAuditStatus_In_Unmarshal +#endif + }, + {TPM_CC_PCR_Extend, "TPM2_PCR_Extend", + (MarshalInFunction_t)TSS_PCR_Extend_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_Extend_In_Unmarshal +#endif + }, + {TPM_CC_PCR_Event, "TPM2_PCR_Event", + (MarshalInFunction_t)TSS_PCR_Event_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PCR_Event_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_Event_In_Unmarshal +#endif + }, + {TPM_CC_PCR_Read, "TPM2_PCR_Read", + (MarshalInFunction_t)TSS_PCR_Read_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PCR_Read_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_Read_In_Unmarshal +#endif + }, + {TPM_CC_PCR_Allocate, "TPM2_PCR_Allocate", + (MarshalInFunction_t)TSS_PCR_Allocate_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PCR_Allocate_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_Allocate_In_Unmarshal +#endif + }, + {TPM_CC_PCR_SetAuthPolicy, "TPM2_PCR_SetAuthPolicy", + (MarshalInFunction_t)TSS_PCR_SetAuthPolicy_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_SetAuthPolicy_In_Unmarshal +#endif + }, + {TPM_CC_PCR_SetAuthValue, "TPM2_PCR_SetAuthValue", + (MarshalInFunction_t)TSS_PCR_SetAuthValue_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_SetAuthValue_In_Unmarshal +#endif + }, + {TPM_CC_PCR_Reset, "TPM2_PCR_Reset", + (MarshalInFunction_t)TSS_PCR_Reset_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PCR_Reset_In_Unmarshal +#endif + }, + {TPM_CC_PolicySigned, "TPM2_PolicySigned", + (MarshalInFunction_t)TSS_PolicySigned_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PolicySigned_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicySigned_In_Unmarshal +#endif + }, + {TPM_CC_PolicySecret, "TPM2_PolicySecret", + (MarshalInFunction_t)TSS_PolicySecret_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PolicySecret_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicySecret_In_Unmarshal +#endif + }, + {TPM_CC_PolicyTicket, "TPM2_PolicyTicket", + (MarshalInFunction_t)TSS_PolicyTicket_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyTicket_In_Unmarshal +#endif + }, + {TPM_CC_PolicyOR, "TPM2_PolicyOR", + (MarshalInFunction_t)TSS_PolicyOR_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyOR_In_Unmarshal +#endif + }, + {TPM_CC_PolicyPCR, "TPM2_PolicyPCR", + (MarshalInFunction_t)TSS_PolicyPCR_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyPCR_In_Unmarshal +#endif + }, + {TPM_CC_PolicyLocality, "TPM2_PolicyLocality", + (MarshalInFunction_t)TSS_PolicyLocality_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyLocality_In_Unmarshal +#endif + }, + {TPM_CC_PolicyNV, "TPM2_PolicyNV", + (MarshalInFunction_t)TSS_PolicyNV_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyNV_In_Unmarshal +#endif + }, + {TPM_CC_PolicyAuthorizeNV, "TPM2_PolicyAuthorizeNV", + (MarshalInFunction_t)TSS_PolicyAuthorizeNV_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyAuthorizeNV_In_Unmarshal +#endif + }, + {TPM_CC_PolicyCounterTimer, "TPM2_PolicyCounterTimer", + (MarshalInFunction_t)TSS_PolicyCounterTimer_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyCounterTimer_In_Unmarshal +#endif + }, + {TPM_CC_PolicyCommandCode, "TPM2_PolicyCommandCode", + (MarshalInFunction_t)TSS_PolicyCommandCode_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyCommandCode_In_Unmarshal +#endif + }, + {TPM_CC_PolicyPhysicalPresence, "TPM2_PolicyPhysicalPresence", + (MarshalInFunction_t)TSS_PolicyPhysicalPresence_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyPhysicalPresence_In_Unmarshal +#endif + }, + {TPM_CC_PolicyCpHash, "TPM2_PolicyCpHash", + (MarshalInFunction_t)TSS_PolicyCpHash_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyCpHash_In_Unmarshal +#endif + }, + {TPM_CC_PolicyNameHash, "TPM2_PolicyNameHash", + (MarshalInFunction_t)TSS_PolicyNameHash_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyNameHash_In_Unmarshal +#endif + }, + {TPM_CC_PolicyDuplicationSelect, "TPM2_PolicyDuplicationSelect", + (MarshalInFunction_t)TSS_PolicyDuplicationSelect_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyDuplicationSelect_In_Unmarshal +#endif + }, + {TPM_CC_PolicyAuthorize, "TPM2_PolicyAuthorize", + (MarshalInFunction_t)TSS_PolicyAuthorize_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyAuthorize_In_Unmarshal +#endif + }, + {TPM_CC_PolicyAuthValue, "TPM2_PolicyAuthValue", + (MarshalInFunction_t)TSS_PolicyAuthValue_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyAuthValue_In_Unmarshal +#endif + }, + {TPM_CC_PolicyPassword, "TPM2_PolicyPassword", + (MarshalInFunction_t)TSS_PolicyPassword_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyPassword_In_Unmarshal +#endif + }, + {TPM_CC_PolicyGetDigest, "TPM2_PolicyGetDigest", + (MarshalInFunction_t)TSS_PolicyGetDigest_In_Marshalu, + (UnmarshalOutFunction_t)TSS_PolicyGetDigest_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyGetDigest_In_Unmarshal +#endif + }, + {TPM_CC_PolicyNvWritten, "TPM2_PolicyNvWritten", + (MarshalInFunction_t)TSS_PolicyNvWritten_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyNvWritten_In_Unmarshal +#endif + }, + {TPM_CC_PolicyTemplate, "TPM2_PolicyTemplate", + (MarshalInFunction_t)TSS_PolicyTemplate_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PolicyTemplate_In_Unmarshal +#endif + }, + {TPM_CC_CreatePrimary, "TPM2_CreatePrimary", + (MarshalInFunction_t)TSS_CreatePrimary_In_Marshalu, + (UnmarshalOutFunction_t)TSS_CreatePrimary_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)CreatePrimary_In_Unmarshal +#endif + }, + {TPM_CC_HierarchyControl, "TPM2_HierarchyControl", + (MarshalInFunction_t)TSS_HierarchyControl_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)HierarchyControl_In_Unmarshal +#endif + }, + {TPM_CC_SetPrimaryPolicy, "TPM2_SetPrimaryPolicy", + (MarshalInFunction_t)TSS_SetPrimaryPolicy_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SetPrimaryPolicy_In_Unmarshal +#endif + }, + {TPM_CC_ChangePPS, "TPM2_ChangePPS", + (MarshalInFunction_t)TSS_ChangePPS_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ChangePPS_In_Unmarshal +#endif + }, + {TPM_CC_ChangeEPS, "TPM2_ChangeEPS", + (MarshalInFunction_t)TSS_ChangeEPS_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ChangeEPS_In_Unmarshal +#endif + }, + {TPM_CC_Clear, "TPM2_Clear", + (MarshalInFunction_t)TSS_Clear_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)Clear_In_Unmarshal +#endif + }, + {TPM_CC_ClearControl, "TPM2_ClearControl", + (MarshalInFunction_t)TSS_ClearControl_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ClearControl_In_Unmarshal +#endif + }, + {TPM_CC_HierarchyChangeAuth, "TPM2_HierarchyChangeAuth", + (MarshalInFunction_t)TSS_HierarchyChangeAuth_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)HierarchyChangeAuth_In_Unmarshal +#endif + }, + {TPM_CC_DictionaryAttackLockReset, "TPM2_DictionaryAttackLockReset", + (MarshalInFunction_t)TSS_DictionaryAttackLockReset_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)DictionaryAttackLockReset_In_Unmarshal +#endif + }, + {TPM_CC_DictionaryAttackParameters, "TPM2_DictionaryAttackParameters", + (MarshalInFunction_t)TSS_DictionaryAttackParameters_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)DictionaryAttackParameters_In_Unmarshal +#endif + }, + {TPM_CC_PP_Commands, "TPM2_PP_Commands", + (MarshalInFunction_t)TSS_PP_Commands_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)PP_Commands_In_Unmarshal +#endif + }, + {TPM_CC_SetAlgorithmSet, "TPM2_SetAlgorithmSet", + (MarshalInFunction_t)TSS_SetAlgorithmSet_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)SetAlgorithmSet_In_Unmarshal +#endif + }, + {TPM_CC_ContextSave, "TPM2_ContextSave", + (MarshalInFunction_t)TSS_ContextSave_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ContextSave_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ContextSave_In_Unmarshal +#endif + }, + {TPM_CC_ContextLoad, "TPM2_ContextLoad", + (MarshalInFunction_t)TSS_ContextLoad_In_Marshalu, + (UnmarshalOutFunction_t)TSS_ContextLoad_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ContextLoad_In_Unmarshal +#endif + }, + {TPM_CC_FlushContext, "TPM2_FlushContext", + (MarshalInFunction_t)TSS_FlushContext_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)FlushContext_In_Unmarshal +#endif + }, + {TPM_CC_EvictControl, "TPM2_EvictControl", + (MarshalInFunction_t)TSS_EvictControl_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)EvictControl_In_Unmarshal +#endif + }, + {TPM_CC_ReadClock, "TPM2_ReadClock", + NULL, + (UnmarshalOutFunction_t)TSS_ReadClock_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,NULL +#endif + }, + {TPM_CC_ClockSet, "TPM2_ClockSet", + (MarshalInFunction_t)TSS_ClockSet_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ClockSet_In_Unmarshal +#endif + }, + {TPM_CC_ClockRateAdjust, "TPM2_ClockRateAdjust", + (MarshalInFunction_t)TSS_ClockRateAdjust_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)ClockRateAdjust_In_Unmarshal +#endif + }, + {TPM_CC_GetCapability, "TPM2_GetCapability", + (MarshalInFunction_t)TSS_GetCapability_In_Marshalu, + (UnmarshalOutFunction_t)TSS_GetCapability_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)GetCapability_In_Unmarshal +#endif + }, + {TPM_CC_TestParms, "TPM2_TestParms", + (MarshalInFunction_t)TSS_TestParms_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)TestParms_In_Unmarshal +#endif + }, + {TPM_CC_NV_DefineSpace, "TPM2_NV_DefineSpace", + (MarshalInFunction_t)TSS_NV_DefineSpace_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_DefineSpace_In_Unmarshal +#endif + }, + {TPM_CC_NV_UndefineSpace, "TPM2_NV_UndefineSpace", + (MarshalInFunction_t)TSS_NV_UndefineSpace_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_UndefineSpace_In_Unmarshal +#endif + }, + {TPM_CC_NV_UndefineSpaceSpecial, "TPM2_NV_UndefineSpaceSpecial", + (MarshalInFunction_t)TSS_NV_UndefineSpaceSpecial_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_UndefineSpaceSpecial_In_Unmarshal +#endif + }, + {TPM_CC_NV_ReadPublic, "TPM2_NV_ReadPublic", + (MarshalInFunction_t)TSS_NV_ReadPublic_In_Marshalu, + (UnmarshalOutFunction_t)TSS_NV_ReadPublic_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_ReadPublic_In_Unmarshal +#endif + }, + {TPM_CC_NV_Write, "TPM2_NV_Write", + (MarshalInFunction_t)TSS_NV_Write_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_Write_In_Unmarshal +#endif + }, + {TPM_CC_NV_Increment, "TPM2_NV_Increment", + (MarshalInFunction_t)TSS_NV_Increment_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_Increment_In_Unmarshal +#endif + }, + {TPM_CC_NV_Extend, "TPM2_NV_Extend", + (MarshalInFunction_t)TSS_NV_Extend_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_Extend_In_Unmarshal +#endif + }, + {TPM_CC_NV_SetBits, "TPM2_NV_SetBits", + (MarshalInFunction_t)TSS_NV_SetBits_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_SetBits_In_Unmarshal +#endif + }, + {TPM_CC_NV_WriteLock, "TPM2_NV_WriteLock", + (MarshalInFunction_t)TSS_NV_WriteLock_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_WriteLock_In_Unmarshal +#endif + }, + {TPM_CC_NV_GlobalWriteLock, "TPM2_NV_GlobalWriteLock", + (MarshalInFunction_t)TSS_NV_GlobalWriteLock_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_GlobalWriteLock_In_Unmarshal +#endif + }, + {TPM_CC_NV_Read, "TPM2_NV_Read", + (MarshalInFunction_t)TSS_NV_Read_In_Marshalu, + (UnmarshalOutFunction_t)TSS_NV_Read_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_Read_In_Unmarshal +#endif + }, + {TPM_CC_NV_ReadLock, "TPM2_NV_ReadLock", + (MarshalInFunction_t)TSS_NV_ReadLock_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_ReadLock_In_Unmarshal +#endif + }, + {TPM_CC_NV_ChangeAuth, "TPM2_NV_ChangeAuth", + (MarshalInFunction_t)TSS_NV_ChangeAuth_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_ChangeAuth_In_Unmarshal +#endif + }, + {TPM_CC_NV_Certify, "TPM2_NV_Certify", + (MarshalInFunction_t)TSS_NV_Certify_In_Marshalu, + (UnmarshalOutFunction_t)TSS_NV_Certify_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)NV_Certify_In_Unmarshal +#endif + }, +#ifdef TPM_TSS_NUVOTON + {NTC2_CC_PreConfig,"NTC2_CC_PreConfig", + (MarshalInFunction_t)TSS_NTC2_PreConfig_In_Marshalu, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,(UnmarshalInFunction_t)TSS_NTC2_PreConfig_In_Unmarshalu +#endif + }, + {NTC2_CC_LockPreConfig,"NTC2_CC_LockPreConfig", + NULL, + NULL +#ifndef TPM_TSS_NOCMDCHECK + ,NULL +#endif + }, + {NTC2_CC_GetConfig,"NTC2_CC_GetConfig", + NULL, + (UnmarshalOutFunction_t)TSS_NTC2_GetConfig_Out_Unmarshalu +#ifndef TPM_TSS_NOCMDCHECK + ,NULL +#endif + }, + +#endif /* TPM_TSS_NUVOTON */ +}; + +/* TSS_MarshalTable_Process() indexes into the command marshal table, and saves the marshal and + unmarshal functions */ + +static TPM_RC TSS_MarshalTable_Process(TSS_AUTH_CONTEXT *tssAuthContext, + TPM_CC commandCode) +{ + TPM_RC rc = 0; + size_t index; + int found = FALSE; + + /* get the command index in the dispatch table */ + for (index = 0 ; index < (sizeof(marshalTable) / sizeof(MARSHAL_TABLE)) ; (index)++) { + if (marshalTable[index].commandCode == commandCode) { + found = TRUE; + break; + } + } + if (found) { + tssAuthContext->commandCode = commandCode; + tssAuthContext->commandText = marshalTable[index].commandText; + tssAuthContext->marshalInFunction = marshalTable[index].marshalInFunction; + tssAuthContext->unmarshalOutFunction = marshalTable[index].unmarshalOutFunction; +#ifndef TPM_TSS_NOCMDCHECK + tssAuthContext->unmarshalInFunction = marshalTable[index].unmarshalInFunction; +#endif + } + else { + if (tssVerbose) printf("TSS_MarshalTable_Process: " + "commandCode %08x not found in marshal table\n", + commandCode); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; + } + return rc; +} + +/* TSS_Marshal() marshals the input parameters into the TSS Authorization context. + + It also sets other member of the context in preparation for the rest of the sequence. +*/ + +TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext, + COMMAND_PARAMETERS *in, + TPM_CC commandCode) +{ + TPM_RC rc = 0; + TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; /* default until sessions are added */ + uint8_t *buffer; /* for marshaling */ +#ifndef TPM_TSS_NOCMDCHECK + uint8_t *bufferu; /* for test unmarshaling */ +#endif + uint32_t size; + + /* index from command code to table and save items for this command */ + if (rc == 0) { + rc = TSS_MarshalTable_Process(tssAuthContext, commandCode); + } + /* get the number of command and response handles from the TPM table */ + if (rc == 0) { + tssAuthContext->tpmCommandIndex = CommandCodeToCommandIndex(commandCode); + if (tssAuthContext->tpmCommandIndex == UNIMPLEMENTED_COMMAND_INDEX) { + if (tssVerbose) printf("TSS_Marshal: " + "commandCode %08x not found in command attributes table\n", + commandCode); + rc = TSS_RC_COMMAND_UNIMPLEMENTED; + } + } + if (rc == 0) { + tssAuthContext->commandHandleCount = + getCommandHandleCount(tssAuthContext->tpmCommandIndex); + tssAuthContext->responseHandleCount = + getresponseHandleCount(tssAuthContext->tpmCommandIndex); + } + if (rc == 0) { + /* make a copy of the command buffer and size since the marshal functions move them */ + buffer = tssAuthContext->commandBuffer; + size = sizeof(tssAuthContext->commandBuffer); + /* marshal header, preliminary tag and command size */ + rc = TSS_TPMI_ST_COMMAND_TAG_Marshalu(&tag, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { + uint32_t commandSize = tssAuthContext->commandSize; + rc = TSS_UINT32_Marshalu(&commandSize, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { + rc = TSS_TPM_CC_Marshalu(&commandCode, &tssAuthContext->commandSize, &buffer, &size); + } + if (rc == 0) { +#ifndef TPM_TSS_NOCMDCHECK + /* save pointer to marshaled data for test unmarshal */ + bufferu = buffer + + tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE); +#endif + /* if there is a marshal function */ + if (tssAuthContext->marshalInFunction != NULL) { + /* if there is a structure to marshal */ + if (in != NULL) { + rc = tssAuthContext->marshalInFunction(in, &tssAuthContext->commandSize, + &buffer, &size); + } + /* caller error, no structure supplied to marshal */ + else { + if (tssVerbose) + printf("TSS_Marshal: Command %08x requires command parameter structure\n", + commandCode); + rc = TSS_RC_IN_PARAMETER; + } + } + /* if there is no marshal function */ + else { + /* caller error, supplied structure but there is no marshal function */ + if (in != NULL) { + if (tssVerbose) + printf("TSS_Marshal: Command %08x does not take command parameter structure\n", + commandCode); + rc = TSS_RC_IN_PARAMETER; + } + /* no marshal function and no command parameter structure is OK */ + } + } +#ifndef TPM_TSS_NOCMDCHECK + /* unmarshal to validate the input parameters */ + if ((rc == 0) && (tssAuthContext->unmarshalInFunction != NULL)) { + COMMAND_PARAMETERS *target = NULL; + TPM_HANDLE handles[MAX_HANDLE_NUM]; + if (rc == 0) { + rc = TSS_Malloc((unsigned char **)&target, + sizeof(COMMAND_PARAMETERS)); /* freed @1 */ + } + if (rc == 0) { + size = sizeof(tssAuthContext->commandBuffer) - + (tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE)); + rc = tssAuthContext->unmarshalInFunction(target, &bufferu, &size, handles); + if ((rc != 0) && tssVerbose) { + printf("TSS_Marshal: Invalid command parameter\n"); + } + } + free(target); /* @1 */ + } +#endif + /* back fill the correct commandSize */ + if (rc == 0) { + uint16_t written = 0; /* dummy */ + uint32_t commandSize = tssAuthContext->commandSize; + buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); + TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL); + } + /* record the interim cpBuffer and cpBufferSize before adding authorizations */ + if (rc == 0) { + uint32_t notCpBufferSize; + + /* cpBuffer does not include the header and handles */ + notCpBufferSize = sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) + + (sizeof(TPM_HANDLE) * tssAuthContext->commandHandleCount); + + tssAuthContext->cpBuffer = tssAuthContext->commandBuffer + notCpBufferSize; + tssAuthContext->cpBufferSize = tssAuthContext->commandSize - notCpBufferSize; + } + return rc; +} + +/* TSS_Unmarshal() unmarshals the response parameter. + + It returns an error if either there is no unmarshal function and out is not NULL or if there is + an unmarshal function and out is not NULL. + + If there is no unmarshal function and out is NULL, the function is a noop. +*/ + +TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext, + RESPONSE_PARAMETERS *out) +{ + TPM_RC rc = 0; + TPM_ST tag; + uint8_t *buffer; + uint32_t size; + + /* if there is an unmarshal function */ + if (tssAuthContext->unmarshalOutFunction != NULL) { + /* if there is a structure to unmarshal */ + if (out != NULL) { + if (rc == 0) { + /* get the response tag, determines whether there is a response parameterSize to + unmarshal */ + buffer = tssAuthContext->responseBuffer; + size = tssAuthContext->responseSize; + rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size); + } + if (rc == 0) { + /* move the buffer and size past the header */ + buffer = tssAuthContext->responseBuffer + + sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC); + size = tssAuthContext->responseSize - + (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC)); + rc = tssAuthContext->unmarshalOutFunction(out, tag, &buffer, &size); + } + } + /* caller error, no structure supplied to unmarshal */ + else { + if (tssVerbose) + printf("TSS_Unmarshal: Command %08x requires response parameter structure\n", + tssAuthContext->commandCode); + rc = TSS_RC_OUT_PARAMETER; + } + } + /* if there is no unmarshal function */ + else { + /* caller error, structure supplied but no unmarshal function */ + if (out != NULL) { + if (tssVerbose) + printf("TSS_Unmarshal: Command %08x does not take response parameter structure\n", + tssAuthContext->commandCode); + rc = TSS_RC_OUT_PARAMETER; + } + /* no unmarshal function and no response parameter structure is OK */ + } + return rc; +} + +/* TSS_SetCmdAuths() adds a list of TPMS_AUTH_COMMAND structures to the command buffer. + + The arguments are a NULL terminated list of TPMS_AUTH_COMMAND * structures. + */ + +TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...) +{ + TPM_RC rc = 0; + va_list ap; + uint16_t authorizationSize; /* does not include 4 bytes of size */ + TPMS_AUTH_COMMAND *authCommand = NULL; + int done; + uint32_t cpBufferSize; + uint8_t *cpBuffer; + uint8_t *buffer; + + /* calculate size of authorization area */ + done = FALSE; + authorizationSize = 0; + va_start(ap, tssAuthContext); + while ((rc == 0) && !done){ + authCommand = va_arg(ap, TPMS_AUTH_COMMAND *); + if (authCommand != NULL) { + rc = TSS_TPMS_AUTH_COMMAND_Marshalu(authCommand, &authorizationSize, NULL, NULL); + } + else { + done = TRUE; + } + } + va_end(ap); + /* command called with authorizations */ + if (authorizationSize != 0) { + /* back fill the tag TPM_ST_SESSIONS */ + if (rc == 0) { + uint16_t written = 0; /* dummy */ + TPMI_ST_COMMAND_TAG tag = TPM_ST_SESSIONS; + buffer = tssAuthContext->commandBuffer; + TSS_TPMI_ST_COMMAND_TAG_Marshalu(&tag, &written, &buffer, NULL); + } + /* get cpBuffer, command parameters */ + if (rc == 0) { + rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); + } + /* new authorization area range check, will cpBuffer move overflow */ + if (rc == 0) { + if (cpBuffer + + cpBufferSize + + sizeof (uint32_t) + /* authorizationSize */ + authorizationSize /* authorization area */ + > tssAuthContext->commandBuffer + sizeof(tssAuthContext->commandBuffer)) { + + if (tssVerbose) + printf("TSS_SetCmdAuths: Command authorizations overflow command buffer\n"); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* move the cpBuffer to make space for the authorization area and its size */ + if (rc == 0) { + memmove(cpBuffer + sizeof (uint32_t) + authorizationSize, /* to here */ + cpBuffer, /* from here */ + cpBufferSize); + } + /* marshal the authorizationSize area, where cpBuffer was before move */ + if (rc == 0) { + uint32_t authorizationSize32 = authorizationSize; + uint16_t written = 0; /* dummy */ + TSS_UINT32_Marshalu(&authorizationSize32, &written, &cpBuffer, NULL); + } + /* marshal the command authorization areas */ + done = FALSE; + authorizationSize = 0; + va_start(ap, tssAuthContext); + while ((rc == 0) && !done){ + authCommand = va_arg(ap, TPMS_AUTH_COMMAND *); + if (authCommand != NULL) { + rc = TSS_TPMS_AUTH_COMMAND_Marshalu(authCommand, &authorizationSize, &cpBuffer, NULL); + tssAuthContext->authCount++; /* count the number of authorizations for the + response */ + } + else { + done = TRUE; + } + } + va_end(ap); + if (rc == 0) { + uint16_t written = 0; /* dummy */ + uint32_t commandSize; + /* mark cpBuffer new location, size doesn't change */ + tssAuthContext->cpBuffer += sizeof (uint32_t) + authorizationSize; + /* record command stream used size */ + tssAuthContext->commandSize += sizeof (uint32_t) + authorizationSize; + /* back fill the correct commandSize */ + buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); + commandSize = tssAuthContext->commandSize; + TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL); + } + } + return rc; +} + +/* TSS_GetRspAuths() unmarshals a response buffer into a NULL terminated list of TPMS_AUTH_RESPONSE + structures. This should not be called if the TPM returned a non-success response code. + + Returns an error if the number of response auths requested is not equal to the number of command + auths, including zero. + + If the response tag is not TPM_ST_SESSIONS, the function is a noop (except for error checking). + */ + +TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...) +{ + TPM_RC rc = 0; + va_list ap; + TPMS_AUTH_RESPONSE *authResponse = NULL; + uint32_t size; + uint8_t *buffer; + TPM_ST tag; + int done; + uint16_t authCount = 0; /* authorizations in response */ + uint32_t parameterSize; + + /* unmarshal the response tag */ + if (rc == 0) { + size = tssAuthContext->responseSize; + buffer = tssAuthContext->responseBuffer; + rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size); + } + /* check that the tag indicates that there are sessions */ + if ((rc == 0) && (tag == TPM_ST_SESSIONS)) { + /* offset the buffer past the header and handles, and get the response parameterSize */ + if (rc == 0) { + uint32_t offsetSize = sizeof(TPM_ST) + + sizeof (uint32_t) + sizeof(TPM_RC) + + (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount); + buffer = tssAuthContext->responseBuffer + offsetSize; + size = tssAuthContext->responseSize - offsetSize; + rc = TSS_UINT32_Unmarshalu(¶meterSize, &buffer, &size); + } + if (rc == 0) { + if (parameterSize > (uint32_t)size) { + if (tssVerbose) printf("TSS_GetRspAuths: Invalid response parameterSize %u\n", + parameterSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + if (rc == 0) { + /* index past the response parameters to the authorization area */ + buffer += parameterSize; + size -= parameterSize; + } + /* unmarshal the response authorization area */ + done = FALSE; + va_start(ap, tssAuthContext); + while ((rc == 0) && !done){ + authResponse = va_arg(ap, TPMS_AUTH_RESPONSE *); + if (authResponse != NULL) { + rc = TSS_TPMS_AUTH_RESPONSE_Unmarshalu(authResponse, &buffer, &size); + authCount++; + } + else { + done = TRUE; + } + } + va_end(ap); + /* check for extra bytes at the end of the response */ + if (rc == 0) { + if (size != 0) { + if (tssVerbose) + printf("TSS_GetRspAuths: Extra bytes at the end of response authorizations\n"); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + } + /* check that the same number was requested as were sent in the command. Check for zero if not + TPM_ST_SESSIONS */ + if (rc == 0) { + if (tssAuthContext->authCount != authCount) { + if (tssVerbose) + printf("TSS_GetRspAuths: " + "Response authorizations requested does not equal number in command\n"); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + return rc; +} + +/* TSS_GetCommandDecryptParam() returns the size and pointer to the first marshaled TPM2B */ + +TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *decryptParamSize, + uint8_t **decryptParamBuffer) +{ + TPM_RC rc = 0; + /* the first parameter is the TPM2B */ + uint32_t cpBufferSize; + uint8_t *cpBuffer; + + if (rc == 0) { + rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); + } + /* extract contents of the first TPM2B */ + if (rc == 0) { + *decryptParamSize = ntohs(*(uint16_t *)cpBuffer); + *decryptParamBuffer = cpBuffer + sizeof(uint16_t); + } + /* sanity range check */ + if (rc == 0) { + if (((*decryptParamBuffer + *decryptParamSize) > + (tssAuthContext->commandBuffer + tssAuthContext->commandSize)) || + ((*decryptParamSize + sizeof(uint16_t) > tssAuthContext->cpBufferSize))) { + if (tssVerbose) printf("TSS_GetCommandDecryptParam: Malformed decrypt parameter " + "size %u cpBufferSize %u commandSize %u\n", + *decryptParamSize, tssAuthContext->cpBufferSize, + tssAuthContext->commandSize); + rc = TSS_RC_BAD_ENCRYPT_SIZE; + } + } + return rc; +} + +TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t encryptParamSize, + uint8_t *encryptParamBuffer) +{ + TPM_RC rc = 0; + /* the first parameter is the TPM2B */ + uint32_t decryptParamSize; + uint8_t *decryptParamBuffer; + + if (rc == 0) { + rc = TSS_GetCommandDecryptParam(tssAuthContext, + &decryptParamSize, + &decryptParamBuffer); + } + /* the encrypt data overwrites the already marshaled data */ + if (rc == 0) { + if (decryptParamSize != encryptParamSize) { + if (tssVerbose) + printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n"); + rc = TSS_RC_BAD_ENCRYPT_SIZE; + } + } + /* skip the 2B size, copy the data */ + if (rc == 0) { + memcpy(decryptParamBuffer, encryptParamBuffer, encryptParamSize); + } + return rc; +} + +/* TSS_GetAuthRole() returns AUTH_NONE if the handle in the handle area cannot be an authorization + handle. */ + +AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext, + size_t handleIndex) +{ + AUTH_ROLE authRole; + authRole = getCommandAuthRole(tssAuthContext->tpmCommandIndex, handleIndex); + return authRole; +} + +/* TSS_GetCommandHandle() gets the command handle at the index. Index is a zero based count, not a + byte count. + + Returns 0 if the index exceeds the number of handles. +*/ + +TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext, + TPM_HANDLE *commandHandle, + size_t index) +{ + TPM_RC rc = 0; + uint8_t *buffer; + uint32_t size; + + + if (rc == 0) { + if (index >= tssAuthContext->commandHandleCount) { + if (tssVerbose) printf("TSS_GetCommandHandle: index %u too large for command\n", + (unsigned int)index); + rc = TSS_RC_BAD_HANDLE_NUMBER; + } + } + if (rc == 0) { + /* index into the command handle */ + buffer = tssAuthContext->commandBuffer + + sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) + + (sizeof(TPM_HANDLE) * index); + size = sizeof(TPM_HANDLE); + rc = TSS_TPM_HANDLE_Unmarshalu(commandHandle, &buffer, &size); + } + return rc; +} + +/* TSS_GetRpBuffer() returns a pointer to the response parameter area. + + NOTE could move to execute so it only has to be done once. +*/ + +TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *rpBufferSize, + uint8_t **rpBuffer) +{ + TPM_RC rc = 0; + TPM_ST tag; /* response tag */ + uint32_t offsetSize; /* to beginning of parameter area, to parameterSize */ + uint32_t size; /* tmp for unmarshal */ + uint8_t *buffer; /* tmp for unmarshal */ + uint32_t parameterSize; /* response parameter (if sessions) */ + + /* unmarshal the response tag */ + if (rc == 0) { + /* offset to parameterSize or parameters */ + offsetSize = sizeof(TPM_ST) + sizeof (uint32_t) + sizeof(TPM_RC) + + (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount); + + size = tssAuthContext->responseSize; + buffer = tssAuthContext->responseBuffer; + rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size); /* does value checking */ + } + /* no sessions -> no parameterSize */ + if (tag == TPM_ST_NO_SESSIONS) { + if (rc == 0) { + if (offsetSize > tssAuthContext->responseSize) { + if (tssVerbose) + printf("TSS_GetRpBuffer: offset %u past response buffer %u\n", + offsetSize, tssAuthContext->responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + if (rc == 0) { /* subtract now safe from above range check */ + *rpBufferSize = tssAuthContext->responseSize - offsetSize; + *rpBuffer = tssAuthContext->responseBuffer + offsetSize; + } + } + /* sessions -> parameterSize */ + else { + /* validate that there are enough response bytes for uint32_t parameterSize */ + if (rc == 0) { + if ((offsetSize + sizeof(uint32_t)) > tssAuthContext->responseSize) { + if (tssVerbose) + printf("TSS_GetRpBuffer: offset %u past response buffer %u\n", + offsetSize, tssAuthContext->responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* unmarshal the parameterSize */ + if (rc == 0) { + size = tssAuthContext->responseSize - offsetSize; + buffer = tssAuthContext->responseBuffer + offsetSize; + rc = TSS_UINT32_Unmarshalu(¶meterSize, &buffer, &size); + offsetSize += sizeof(uint32_t); /* move offset past parameterSize, to rpBuffer */ + } + /* range check parameterSize */ + /* first, check that addition willl not overflow */ + if (rc == 0) { + if (parameterSize > (0xffffffff - offsetSize)) { + if (tssVerbose) printf("TSS_GetRpBuffer: parameterSize %u too large\n", + parameterSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* second, range check parameterSize vs. entire response buffer */ + if (rc == 0) { + if ((offsetSize + parameterSize) > tssAuthContext->responseSize) { + if (tssVerbose) + printf("TSS_GetRpBuffer: parameterSize %u past response buffer %u\n", + parameterSize, tssAuthContext->responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* assignment safe after above checks */ + if (rc == 0) { + *rpBufferSize = parameterSize; /* by definition when there are auth sessions */ + *rpBuffer = tssAuthContext->responseBuffer + offsetSize; + } + } + return rc; +} + +/* TSS_GetResponseEncryptParam() returns the first TPM2B in the response area. + + The caller should ensure that the first response parameter is a TPM2B. +*/ + +TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *encryptParamSize, + uint8_t **encryptParamBuffer) +{ + TPM_RC rc = 0; + /* the first parameter is the TPM2B */ + uint32_t rpBufferSize; + uint8_t *rpBuffer; + + if (rc == 0) { + rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer); + } + /* extract contents of the first TPM2B */ + if (rc == 0) { + *encryptParamSize = ntohs(*(uint16_t *)rpBuffer); + *encryptParamBuffer = rpBuffer + sizeof(uint16_t); + } + /* sanity range check */ + if (rc == 0) { + if (((*encryptParamBuffer + *encryptParamSize) > + (tssAuthContext->responseBuffer + tssAuthContext->responseSize)) || + ((*encryptParamSize + sizeof(uint16_t) > rpBufferSize))) { + if (tssVerbose) printf("TSS_GetResponseEncryptParam: Malformed encrypt parameter " + "size %u rpBufferSize %u responseSize %u\n", + *encryptParamSize, rpBufferSize, + tssAuthContext->responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + return rc; +} + +/* TSS_SetResponseDecryptParam() copies the decryptParamBuffer into the first TPM2B in the response + area. + + The caller should ensure that the first response parameter is a TPM2B. +*/ + +TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t decryptParamSize, + uint8_t *decryptParamBuffer) +{ + TPM_RC rc = 0; + /* the first parameter is the TPM2B */ + uint32_t encryptParamSize; + uint8_t *encryptParamBuffer; + + if (rc == 0) { + rc = TSS_GetResponseEncryptParam(tssAuthContext, + &encryptParamSize, + &encryptParamBuffer); + } + /* the decrypt data overwrites the already marshaled data */ + if (rc == 0) { + if (decryptParamSize != encryptParamSize) { + if (tssVerbose) + printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n"); + rc = TSS_RC_BAD_ENCRYPT_SIZE; + } + } + /* skip the 2B size, copy the data */ + if (rc == 0) { + memcpy(encryptParamBuffer, decryptParamBuffer, decryptParamSize); + } + return rc; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/tssauth20.h b/libstb/tss2/ibmtpm20tss/utils/tssauth20.h new file mode 100644 index 000000000000..52b840376196 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssauth20.h @@ -0,0 +1,86 @@ +/********************************************************************************/ +/* */ +/* TSS Authorization */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssauth20.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is not a public header. It should not be used by applications. */ + +#ifndef TSS_AUTH20_H +#define TSS_AUTH20_H + +#include +#include "tssccattributes.h" + +TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext, + COMMAND_PARAMETERS *in, + TPM_CC commandCode); + +TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext, + RESPONSE_PARAMETERS *out); + +TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...); + +TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...); + +TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *decryptParamSize, + uint8_t **decryptParamBuffer); + +TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t encryptParamSize, + uint8_t *encryptParamBuffer); + +AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext, + size_t handleIndex); + +TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext, + TPM_HANDLE *commandHandle, + size_t index); + +TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *rpBufferSize, + uint8_t **rpBuffer); + +TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t *encryptParamSize, + uint8_t **encryptParamBuffer); + +TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, + uint32_t decryptParamSize, + uint8_t *decryptParamBuffer); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssccattributes.c b/libstb/tss2/ibmtpm20tss/utils/tssccattributes.c new file mode 100644 index 000000000000..1f4f656dbbb8 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssccattributes.c @@ -0,0 +1,150 @@ +/********************************************************************************/ +/* */ +/* Command Code Attributes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* NOTE: This is a replica of CommandAttributeData.c, but endian independent. It must be kept in + sync with the TPM reference implementation. + +*/ + +#include +#include +#include +#include + +#include "tssccattributes.h" + +/* CommandCodeToCommandIndex() returns the index into the s_ccAttr table for the commandCode. + Returns UNIMPLEMENTED_COMMAND_INDEX if the command is unimplemented. +*/ + +/* NOTE: Marked as const function in header declaration */ + +COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode) +{ + COMMAND_INDEX i; + + /* s_ccAttr has terminating 0x0000 command code and V */ + for (i = 0 ; (s_ccAttr[i].commandCode != 0) || (s_ccAttr[i].V != 0) ; i++) { + if (s_ccAttr[i].commandCode == commandCode) { + return i; + } + } + return UNIMPLEMENTED_COMMAND_INDEX; +} + +/* getCommandHandleCount() returns the number of command parameter handles */ + +/* NOTE: Marked as const function in header declaration */ + +uint32_t getCommandHandleCount(COMMAND_INDEX index) +{ + return s_ccAttr[index].cHandles; +} + +/* getresponseHandleCount() returns the number of command parameter handles */ + +/* NOTE: Marked as const function in header declaration */ + +uint32_t getresponseHandleCount(COMMAND_INDEX index) +{ + return s_ccAttr[index].rHandle; +} + +/* getDecryptSize() returns 0 if the command does not support command parameter encryption, 2 if the + command does support command parameter encryption and the size is a uint16_t. There is an unused + provision for a 4 for a uint32_t size. */ + +/* NOTE: Marked as const function in header declaration */ + +int getDecryptSize(COMMAND_INDEX commandIndex) +{ + COMMAND_ATTRIBUTES ca = s_commandAttributes[commandIndex]; + + if(ca & DECRYPT_2) + return 2; + if(ca & DECRYPT_4) + return 4; + return 0; +} + +/* getEecryptSize() returns 0 if the response does not support response parameter encryption, 2 if + the command does support response parameter encryption and the size is a uint16_t. There is an + unused provision for a 4 for a uint32_t size. */ + +/* NOTE: Marked as const function in header declaration */ + +int getEncryptSize(COMMAND_INDEX commandIndex) +{ + COMMAND_ATTRIBUTES ca = s_commandAttributes[commandIndex]; + if(ca & ENCRYPT_2) + return 2; + if(ca & ENCRYPT_4) + return 4; + return 0; +} + +/* getCommandAuthRole() returns the authorization role for the handle: user, admin, or dup. + + */ + +/* NOTE: Marked as const function in header declaration */ + +AUTH_ROLE getCommandAuthRole( + COMMAND_INDEX commandIndex, // IN: command index + size_t handleIndex // IN: handle index (zero based) + ) +{ + if(0 == handleIndex ) + { + // Any auth role set? + COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; + + if(properties & HANDLE_1_USER) + return AUTH_USER; + if(properties & HANDLE_1_ADMIN) + return AUTH_ADMIN; + if(properties & HANDLE_1_DUP) + return AUTH_DUP; + } + else if (1 == handleIndex) + { + if(s_commandAttributes[commandIndex] & HANDLE_2_USER) + return AUTH_USER; + } + return AUTH_NONE; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssccattributes.h b/libstb/tss2/ibmtpm20tss/utils/tssccattributes.h new file mode 100644 index 000000000000..d975b914dafd --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssccattributes.h @@ -0,0 +1,90 @@ +/********************************************************************************/ +/* */ +/* Command Code Attributes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSSCCATTRIBUTES_H +#define TSSCCATTRIBUTES_H + +#include + +#include +#include "CommandAttributes.h" + +typedef uint16_t COMMAND_INDEX; + +/* From Global.h */ +typedef UINT32 AUTH_ROLE; +#define AUTH_NONE ((AUTH_ROLE)(0)) +#define AUTH_USER ((AUTH_ROLE)(1)) +#define AUTH_ADMIN ((AUTH_ROLE)(2)) +#define AUTH_DUP ((AUTH_ROLE)(3)) + +#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) + +COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode) +#ifdef __ULTRAVISOR__ +__attribute__ ((const)) +#endif + ; +uint32_t getCommandHandleCount(COMMAND_INDEX index) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; +uint32_t getresponseHandleCount(COMMAND_INDEX index) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; +int getDecryptSize(COMMAND_INDEX commandIndex) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; +int getEncryptSize(COMMAND_INDEX commandIndex) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; +AUTH_ROLE getCommandAuthRole(COMMAND_INDEX commandIndex, + size_t handleIndex) +#ifdef __ULTRAVISOR__ + __attribute__ ((const)) +#endif + ; + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.c b/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.c new file mode 100644 index 000000000000..0ae8a876a11d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.c @@ -0,0 +1,74 @@ +/********************************************************************************/ +/* */ +/* Command Code Attributes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssccattributes12.c 1164 2018-04-17 19:53:29Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* NOTE: This is a replica of CommandAttributeData.c, but endian independent. It must be kept in + sync with the TPM reference implementation. + +*/ + +#include +#include +#include +#include + +#include "tssccattributes12.h" + +COMMAND_INDEX CommandCodeToCommandIndex12(TPM_CC commandCode) +{ + COMMAND_INDEX i; + + /* s_ccAttr12 has terminating 0x0000 command code and V */ + for (i = 0 ; (s_ccAttr12[i].commandCode != 0) || (s_ccAttr12[i].V != 0) ; i++) { + if (s_ccAttr12[i].commandCode == commandCode) { + return i; + } + } + return UNIMPLEMENTED_COMMAND_INDEX; +} + +uint32_t getCommandHandleCount12(COMMAND_INDEX index) +{ + return s_ccAttr12[index].cHandles; +} + +uint32_t getresponseHandleCount12(COMMAND_INDEX index) +{ + return s_ccAttr12[index].rHandle; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.h b/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.h new file mode 100644 index 000000000000..a29f011f58b4 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssccattributes12.h @@ -0,0 +1,55 @@ +/********************************************************************************/ +/* */ +/* Command Code Attributes */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssccattributes12.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSSCCATTRIBUTES12_H +#define TSSCCATTRIBUTES12_H + +#include + +#include +#include "tssccattributes.h" +#include "CommandAttributes.h" + +#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) + +COMMAND_INDEX CommandCodeToCommandIndex12(TPM_CC commandCode); +uint32_t getCommandHandleCount12(COMMAND_INDEX index); +uint32_t getresponseHandleCount12(COMMAND_INDEX index); + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tsscrypto.c b/libstb/tss2/ibmtpm20tss/utils/tsscrypto.c new file mode 100644 index 000000000000..74c792789e89 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsscrypto.c @@ -0,0 +1,1457 @@ +/********************************************************************************/ +/* */ +/* TSS Library Dependent Crypto Support */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* ECC Salt functions written by Bill Martin */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* Interface to OpenSSL version 1.0 or 1.1 crypto library */ + +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include +#ifndef TPM_TSS_NORSA +#include +#endif +#include +#include + +#include +#include +#include +#include + +#include +#include + +extern int tssVverbose; +extern int tssVerbose; + +/* openssl compatibility code */ + +#if OPENSSL_VERSION_NUMBER < 0x10101000 +#define EC_POINT_set_affine_coordinates(a,b,c,d,e) EC_POINT_set_affine_coordinates_GFp(a,b,c,d,e) +#define EC_POINT_get_affine_coordinates(a,b,c,d,e) EC_POINT_get_affine_coordinates_GFp(a,b,c,d,e) +#endif + +/* local prototypes */ + +static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, + TPMI_ALG_HASH hashAlg); + +#ifndef TPM_TSS_NOECC + +/* ECC salt */ + +typedef struct +{ + EC_GROUP *G; + BN_CTX *ctx; +} CURVE_DATA; + +static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData, + EC_KEY *myecc); +static TPM_RC TSS_BN_new(BIGNUM **bn); +static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str); +#endif /* TPM_TSS_NOECC */ + +#ifndef TPM_TSS_NORSA +static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes); +#endif /* TPM_TSS_NORSA */ + +/* + Initialization +*/ + +TPM_RC TSS_Crypto_Init(void) +{ + TPM_RC rc = 0; +#if 0 + int irc; +#endif + + ERR_load_crypto_strings (); + OpenSSL_add_all_algorithms(); +#if 0 + irc = FIPS_mode_set(1); + if (irc == 0) { + if (tssVerbose) printf("TSS_Crypto_Init: Cannot set FIPS mode\n"); + } +#endif + return rc; +} + +/* + Digests +*/ + +static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, + TPMI_ALG_HASH hashAlg) +{ + TPM_RC rc = 0; + + if (rc == 0) { + switch (hashAlg) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + *md = EVP_get_digestbyname("sha1"); + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + *md = EVP_get_digestbyname("sha256"); + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + *md = EVP_get_digestbyname("sha384"); + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + *md = EVP_get_digestbyname("sha512"); + break; +#endif + default: + rc = TSS_RC_BAD_HASH_ALGORITHM; + } + } + return rc; +} + +/* On call, digest->hashAlg is the desired hash algorithm + + length 0 is ignored, buffer NULL terminates list. +*/ + +TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest, /* largest size of a digest */ + const TPM2B_KEY *hmacKey, + va_list ap) +{ + TPM_RC rc = 0; + int irc = 0; + int done = FALSE; + const EVP_MD *md; /* message digest method */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 + HMAC_CTX ctx; +#else + HMAC_CTX *ctx; +#endif + int length; + uint8_t *buffer; + +#if OPENSSL_VERSION_NUMBER < 0x10100000 + HMAC_CTX_init(&ctx); +#else + ctx = HMAC_CTX_new(); +#endif + if (rc == 0) { + rc = TSS_Hash_GetMd(&md, digest->hashAlg); + } + if (rc == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 + irc = HMAC_Init_ex(&ctx, + hmacKey->b.buffer, hmacKey->b.size, /* HMAC key */ + md, /* message digest method */ + NULL); +#else + irc = HMAC_Init_ex(ctx, + hmacKey->b.buffer, hmacKey->b.size, /* HMAC key */ + md, /* message digest method */ + NULL); +#endif + + if (irc == 0) { + rc = TSS_RC_HMAC; + } + } + while ((rc == 0) && !done) { + length = va_arg(ap, int); /* first vararg is the length */ + buffer = va_arg(ap, unsigned char *); /* second vararg is the array */ + if (buffer != NULL) { /* loop until a NULL buffer terminates */ + if (length < 0) { + if (tssVerbose) printf("TSS_HMAC_Generate: Length is negative\n"); + rc = TSS_RC_HMAC; + } + else { +#if OPENSSL_VERSION_NUMBER < 0x10100000 + irc = HMAC_Update(&ctx, buffer, length); +#else + irc = HMAC_Update(ctx, buffer, length); +#endif + if (irc == 0) { + if (tssVerbose) printf("TSS_HMAC_Generate: HMAC_Update failed\n"); + rc = TSS_RC_HMAC; + } + } + } + else { + done = TRUE; + } + } + + if (rc == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 + irc = HMAC_Final(&ctx, (uint8_t *)&digest->digest, NULL); +#else + irc = HMAC_Final(ctx, (uint8_t *)&digest->digest, NULL); +#endif + if (irc == 0) { + rc = TSS_RC_HMAC; + } + } +#if OPENSSL_VERSION_NUMBER < 0x10100000 + HMAC_CTX_cleanup(&ctx); +#else + HMAC_CTX_free(ctx); +#endif + return rc; +} + +/* + valist is int length, unsigned char *buffer pairs + + length 0 is ignored, buffer NULL terminates list. +*/ + +TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest, /* largest size of a digest */ + va_list ap) +{ + TPM_RC rc = 0; + int irc = 0; + int done = FALSE; + int length; + uint8_t *buffer; + EVP_MD_CTX *mdctx; + const EVP_MD *md; + + if (rc == 0) { + mdctx = EVP_MD_CTX_create(); + if (mdctx == NULL) { + if (tssVerbose) printf("TSS_Hash_Generate: EVP_MD_CTX_create failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + rc = TSS_Hash_GetMd(&md, digest->hashAlg); + } + if (rc == 0) { + irc = EVP_DigestInit_ex(mdctx, md, NULL); + if (irc != 1) { + rc = TSS_RC_HASH; + } + } + while ((rc == 0) && !done) { + length = va_arg(ap, int); /* first vararg is the length */ + buffer = va_arg(ap, unsigned char *); /* second vararg is the array */ + if (buffer != NULL) { /* loop until a NULL buffer terminates */ + if (length < 0) { + if (tssVerbose) printf("TSS_Hash_Generate: Length is negative\n"); + rc = TSS_RC_HASH; + } + else { + /* if (tssVverbose) TSS_PrintAll("TSS_Hash_Generate:", buffer, length); */ + if (length != 0) { + EVP_DigestUpdate(mdctx, buffer, length); + } + } + } + else { + done = TRUE; + } + } + if (rc == 0) { + EVP_DigestFinal_ex(mdctx, (uint8_t *)&digest->digest, NULL); + } + EVP_MD_CTX_destroy(mdctx); + return rc; +} + +/* Random Numbers */ + +TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size) +{ + TPM_RC rc = 0; + int irc = 0; + + irc = RAND_bytes(buffer, size); + if (irc != 1) { + if (tssVerbose) printf("TSS_RandBytes: Random number generation failed\n"); + rc = TSS_RC_RNG_FAILURE; + } + return rc; +} + +/* + RSA functions +*/ + +#ifndef TPM_TSS_NORSA + +/* TSS_RsaNew() allocates an openssl RSA key token. + + This abstracts the crypto library specific allocation. + + For Openssl, rsaKey is an RSA structure. +*/ + +TPM_RC TSS_RsaNew(void **rsaKey) +{ + TPM_RC rc = 0; + + /* sanity check for the free */ + if (rc == 0) { + if (*rsaKey != NULL) { + if (tssVerbose) + printf("TSS_RsaNew: Error (fatal), token %p should be NULL\n", + *rsaKey); + rc = TSS_RC_ALLOC_INPUT; + } + } + /* construct the OpenSSL private key object */ + if (rc == 0) { + *rsaKey = RSA_new(); /* freed by caller */ + if (*rsaKey == NULL) { + if (tssVerbose) printf("TSS_RsaNew: Error in RSA_new()\n"); + rc = TSS_RC_RSA_KEY_CONVERT; + } + } + return rc; +} + +/* TSS_RsaFree() frees an openssl RSA key token. + + This abstracts the crypto library specific free. + + For Openssl, rsaKey is an RSA structure. +*/ + +void TSS_RsaFree(void *rsaKey) +{ + if (rsaKey != NULL) { + RSA_free(rsaKey); + } + return; +} + +/* TSS_RSAGeneratePublicToken() is deprecated for application use, since it is openssl library + dependent. + + Use TSS_RSAGeneratePublicTokenI(). +*/ + +TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key, /* freed by caller */ + const unsigned char *narr, /* public modulus */ + uint32_t nbytes, + const unsigned char *earr, /* public exponent */ + uint32_t ebytes) +{ + TPM_RC rc = 0; + rc = TSS_RSAGeneratePublicTokenI((void **)rsa_pub_key, + narr, + nbytes, + earr, + ebytes); + return rc; +} + +/* TSS_RSAGeneratePublicTokenI() generates an RSA key token from n and e + + Free rsa_pub_key using TSS_RsaFree(); + */ + +TPM_RC TSS_RSAGeneratePublicTokenI(void **rsa_pub_key, /* freed by caller */ + const unsigned char *narr, /* public modulus */ + uint32_t nbytes, + const unsigned char *earr, /* public exponent */ + uint32_t ebytes) +{ + TPM_RC rc = 0; + BIGNUM * n = NULL; + BIGNUM * e = NULL; + RSA ** rsaPubKey = (RSA **)rsa_pub_key; /* openssl specific structure */ + + /* construct the OpenSSL private key object */ + if (rc == 0) { + rc = TSS_RsaNew(rsa_pub_key); + } + if (rc == 0) { + rc = TSS_bin2bn(&n, narr, nbytes); /* freed by caller */ + } + if (rc == 0) { + rc = TSS_bin2bn(&e, earr, ebytes); /* freed by caller */ + } + if (rc == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 + (*rsaPubKey)->n = n; + (*rsaPubKey)->e = e; + (*rsaPubKey)->d = NULL; +#else + int irc = RSA_set0_key(*rsaPubKey, n, e, NULL); + if (irc != 1) { + if (tssVerbose) printf("TSS_RSAGeneratePublicTokenI: Error in RSA_set0_key()\n"); + rc = TSS_RC_RSA_KEY_CONVERT; + } +#endif + } + return rc; +} + +/* TSS_RSAPublicEncrypt() pads 'decrypt_data' to 'encrypt_data_size' and encrypts using the public + key 'n, e'. +*/ + +TPM_RC TSS_RSAPublicEncrypt(unsigned char *encrypt_data, /* encrypted data */ + size_t encrypt_data_size, /* size of encrypted data buffer */ + const unsigned char *decrypt_data, /* decrypted data */ + size_t decrypt_data_size, + unsigned char *narr, /* public modulus */ + uint32_t nbytes, + unsigned char *earr, /* public exponent */ + uint32_t ebytes, + unsigned char *p, /* encoding parameter */ + int pl, + TPMI_ALG_HASH halg) /* OAEP hash algorithm */ +{ + TPM_RC rc = 0; + int irc; + RSA *rsa_pub_key = NULL; + unsigned char *padded_data = NULL; + + if (tssVverbose) printf(" TSS_RSAPublicEncrypt: Input data size %lu\n", + (unsigned long)decrypt_data_size); + /* intermediate buffer for the decrypted but still padded data */ + if (rc == 0) { + rc = TSS_Malloc(&padded_data, encrypt_data_size); /* freed @2 */ + } + /* construct the OpenSSL public key object */ + if (rc == 0) { + rc = TSS_RSAGeneratePublicTokenI((void **)&rsa_pub_key, /* freed @1 */ + narr, /* public modulus */ + nbytes, + earr, /* public exponent */ + ebytes); + } + if (rc == 0) { + padded_data[0] = 0x00; + rc = TSS_RSA_padding_add_PKCS1_OAEP(padded_data, /* to */ + encrypt_data_size, /* to length */ + decrypt_data, /* from */ + decrypt_data_size, /* from length */ + p, /* encoding parameter */ + pl, /* encoding parameter length */ + halg); /* OAEP hash algorithm */ + } + if (rc == 0) { + if (tssVverbose) + printf(" TSS_RSAPublicEncrypt: Padded data size %lu\n", + (unsigned long)encrypt_data_size); + if (tssVverbose) TSS_PrintAll(" TPM_RSAPublicEncrypt: Padded data", padded_data, + encrypt_data_size); + /* encrypt with public key. Must pad first and then encrypt because the encrypt + call cannot specify an encoding parameter */ + /* returns the size of the encrypted data. On error, -1 is returned */ + irc = RSA_public_encrypt(encrypt_data_size, /* from length */ + padded_data, /* from - the clear text data */ + encrypt_data, /* the padded and encrypted data */ + rsa_pub_key, /* key */ + RSA_NO_PADDING); /* padding */ + if (irc < 0) { + if (tssVerbose) printf("TSS_RSAPublicEncrypt: Error in RSA_public_encrypt()\n"); + rc = TSS_RC_RSA_ENCRYPT; + } + } + if (rc == 0) { + if (tssVverbose) printf(" TSS_RSAPublicEncrypt: RSA_public_encrypt() success\n"); + } + TSS_RsaFree(rsa_pub_key); /* @1 */ + free(padded_data); /* @2 */ + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +#ifndef TPM_TSS_NOECC + +/* TSS_GeneratePlatformEphemeralKey sets the EC parameters to NIST P256 for generating the ephemeral + key. Some OpenSSL versions do not come with NIST p256. + + On success, eCurveData->G must be freed by the caller. +*/ + +static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData, EC_KEY *myecc) +{ + TPM_RC rc = 0; + BIGNUM *p = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BIGNUM *z = NULL; + EC_POINT *G = NULL; /* generator */ + + /* ---------------------------------------------------------- * + * Set the EC parameters to NISTp256. Openssl versions might * + * not have NISTP256 as a possible parameter so we make it * + * possible by setting the curve ourselves. * + * ---------------------------------------------------------- */ + + /* NIST P256 from FIPS 186-3 */ + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting p\n"); + rc = TSS_BN_hex2bn(&p, /* freed @1 */ + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting a\n"); + rc = TSS_BN_hex2bn(&a, /* freed @2 */ + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting b\n"); + rc = TSS_BN_hex2bn(&b, /* freed @3 */ + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: New group\n"); + eCurveData->G = EC_GROUP_new(EC_GFp_mont_method()); /* freed @4 */ + if (eCurveData->G == NULL) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Error creating new group\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Set the curve prime\n"); + if (EC_GROUP_set_curve_GFp(eCurveData->G, p, a, b, eCurveData->ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Error seting curve prime\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + G = EC_POINT_new(eCurveData->G); /* freed @5 */ + if (G == NULL ){ + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: EC_POINT_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + rc = TSS_BN_hex2bn(&x, /* freed @6 */ + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"); + } + if (rc == 0) { + rc = TSS_BN_hex2bn(&y, /* freed @7 */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"); + } + if (rc == 0) { + if (EC_POINT_set_affine_coordinates(eCurveData->G, G, x, y, eCurveData->ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " + "Cannot create TPM public point from coordinates\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + /* sanity check to see if point is on the curve */ + if (rc == 0) { + if (EC_POINT_is_on_curve(eCurveData->G, G, eCurveData->ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " + "Point not on curve\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + rc = TSS_BN_hex2bn(&z, /* freed @8 */ + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); + } + if (rc == 0) { + if (EC_GROUP_set_generator(eCurveData->G, G, z, BN_value_one()) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " + "EC_GROUP_set_generator()\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + if (EC_GROUP_check(eCurveData->G, eCurveData->ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " + "EC_GROUP_check()\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + if (EC_KEY_set_group(myecc, eCurveData->G) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " + "EC_KEY_set_group()\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { +#if 0 + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Address of eCurveData->G is %p\n", eCurveData->G); + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Address of eCurveData->CTX is %p\n", eCurveData->ctx); +#endif + if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Set group for key\n"); + } + /* Create the public/private EC key pair here */ + if (rc == 0) { + if (EC_KEY_generate_key(myecc) == 0) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Error generating the ECC key.\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + if (!EC_KEY_check_key(myecc)) { + if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " + "Error on EC_KEY_check_key()\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (p != NULL) BN_clear_free(p); /* @1 */ + if (a != NULL) BN_clear_free(a); /* @2 */ + if (b != NULL) BN_clear_free(b); /* @3 */ + if (rc != 0) { /* else freed by caller */ + EC_GROUP_free(eCurveData->G); /* @4 */ + /* EC_POINT_free(G); /\* @5 *\/ */ + } + EC_POINT_free(G); /* @5 */ + if (x != NULL) BN_clear_free(x); /* @6 */ + if (y != NULL) BN_clear_free(y); /* @7 */ + if (z != NULL) BN_clear_free(z); /* @8 */ + + /* don't free the key info. This curve was constructed out of parameters, not of the openssl + library */ + /* EC_KEY_free(myecc) */ + /* EC_POINT_free(G); */ + return rc; +} + +/* TSS_ECC_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic. + + This is currently hard coded to the TPM_ECC_NIST_P256 curve. +*/ + +TPM_RC TSS_ECC_Salt(TPM2B_DIGEST *salt, + TPM2B_ENCRYPTED_SECRET *encryptedSalt, + TPMT_PUBLIC *publicArea) +{ + TPM_RC rc = 0; + EC_KEY *myecc = NULL; /* ephemeral key */ + const BIGNUM *d_caller; /* ephemeral private key */ + const EC_POINT *callerPointPub; /* ephemeral public key */ + EC_POINT *tpmPointPub = NULL; + BIGNUM *p_tpmX = NULL; + BIGNUM *bigY = NULL; + BIGNUM *zBn = NULL; + EC_POINT *rPoint = NULL; + BIGNUM *thepoint = NULL; + BIGNUM *sharedX = NULL; + BIGNUM *yBn = NULL; + uint32_t sizeInBytes; + uint32_t sizeInBits; + uint8_t *sharedXBin = NULL; + unsigned int lengthSharedXBin; + BIGNUM *p_caller_Xbn = NULL; + BIGNUM *p_caller_Ybn = NULL; + uint8_t *p_caller_Xbin = NULL; + uint8_t *p_caller_Ybin = NULL; + uint8_t *p_tpmXbin = NULL; + unsigned int length_p_caller_Xbin; + unsigned int length_p_caller_Ybin; + unsigned int length_p_tpmXbin; + TPM2B_ECC_PARAMETER sharedX_For_KDFE; + TPM2B_ECC_PARAMETER p_caller_X_For_KDFE; + TPM2B_ECC_PARAMETER p_tpmX_For_KDFE; + CURVE_DATA eCurveData; + + eCurveData.ctx = NULL; /* for free */ + eCurveData.G = NULL; /* this is initialized in TSS_ECC_GeneratePlatformEphemeralKey() at + EC_GROUP_new() but gcc -O3 emits a warning that it's + uninitialized. */ + /* only NIST P256 is currently supported */ + if (rc == 0) { + if ((publicArea->parameters.eccDetail.curveID != TPM_ECC_NIST_P256)) { + if (tssVerbose) + printf("TSS_ECC_Salt: ECC curve ID %04x not supported\n", + publicArea->parameters.eccDetail.curveID); + rc = TSS_RC_BAD_SALT_KEY; + } + } + if (rc == 0) { + myecc = EC_KEY_new(); /* freed @1 */ + if (myecc == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: EC_KEY_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + eCurveData.ctx = BN_CTX_new(); /* freed @16 */ + if (eCurveData.ctx == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: BN_CTX_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* Generate the TSS EC ephemeral key pair outside the TPM for the salt. The public part of this + key is actually the 'encrypted' salt. */ + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Calling TSS_ECC_GeneratePlatformEphemeralKey\n"); + /* eCurveData->G freed @17 */ + rc = TSS_ECC_GeneratePlatformEphemeralKey(&eCurveData, myecc); + } + if (rc == 0) { + d_caller = EC_KEY_get0_private_key(myecc); /* ephemeral private key */ + callerPointPub = EC_KEY_get0_public_key(myecc); /* ephemeral public key */ + } + /* validate that the public point is on the NIST P-256 curve */ + if (rc == 0) { + if (EC_POINT_is_on_curve(eCurveData.G, callerPointPub, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "Generated point not on curve\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + /* let d_caller be private scalar and P_caller be public point */ + /* p_tpm is public point. p_tpmX is to be X-coordinate and p_tpmY the + Y-coordinate */ + + /* Allocate the space for P_tpm */ + tpmPointPub = EC_POINT_new(eCurveData.G); /* freed @2 */ + if (tpmPointPub == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: EC_POINT_new failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* grab the public point x and y using the parameters passed in */ + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Salt key sizes are X: %d and Y: %d\n", + publicArea->unique.ecc.x.t.size, + publicArea->unique.ecc.y.t.size); + p_tpmX = BN_bin2bn((const unsigned char *)&publicArea->unique.ecc.x.t.buffer, + publicArea->unique.ecc.x.t.size, NULL); /* freed @3 */ + if (p_tpmX == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn p_tpmX failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + bigY = BN_bin2bn((const unsigned char*)&publicArea->unique.ecc.y.t.buffer, + publicArea->unique.ecc.y.t.size, bigY); /* freed @15 */ + if (bigY == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn bigY failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Salt public key X %s\n", BN_bn2hex(p_tpmX)); + if (tssVverbose) printf("TSS_ECC_Salt: " + "Salt public key Y %s\n", BN_bn2hex(bigY)); + } + /* Create the openssl form of the TPM salt public key as EC_POINT using coordinates */ + if (rc == 0) { + if (EC_POINT_set_affine_coordinates + (eCurveData.G, tpmPointPub, p_tpmX, bigY, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "Cannot create TPM public point from coordinates\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + /* RFC 2440 Named curve prime256v1 */ + if (rc == 0) { + rc = TSS_BN_hex2bn(&zBn, /* freed @4 */ + "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); + } + /* add the generator z to the group we are constructing */ + if (rc == 0) { + if (EC_GROUP_set_generator(eCurveData.G, tpmPointPub, zBn, BN_value_one()) == 0) { + if(tssVerbose) printf ("TSS_ECC_Salt: " + "Error EC_GROUP_set_generator()\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + /* Check for validity of our group */ + if (rc == 0) { + if (EC_GROUP_check(eCurveData.G, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "ec_group_check() failed\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + /* Check to see if what we think is the TPM point is on the curve */ + if (rc == 0) { + if (EC_POINT_is_on_curve(eCurveData.G, tpmPointPub, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: Error, " + "Point not on curve\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + else { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Validated that TPM EC point is on curve\n"); + } + } + if (rc == 0) { + rPoint = EC_POINT_new(eCurveData.G); + if (rPoint == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "Cannot create rPoint\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + /* Point multiply the TPM public point by the ephemeral scalar. This will produce the + point from which we get the shared X coordinate, which we keep for use in KDFE. The + TPM will calculate the same X. */ + if (rc == 0) { + if (EC_POINT_mul(eCurveData.G, rPoint, NULL, tpmPointPub, + d_caller, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "EC_POINT_mul failed\n") ; + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + else { + if (tssVverbose) printf("TSS_ECC_Salt: " + "EC_POINT_mul() succeeded\n"); + } + } + /* Check to see if calculated point is on the curve, just for extra sanity */ + if (rc == 0) { + if (EC_POINT_is_on_curve(eCurveData.G, rPoint, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: Error," + "Point r is not on curve\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + else { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Point calculated by EC_POINT_mul() is on the curve\n"); + } + } + if (rc == 0) { + thepoint = EC_POINT_point2bn(eCurveData.G, rPoint, POINT_CONVERSION_UNCOMPRESSED, + NULL, eCurveData.ctx); /* freed @6 */ + if (thepoint == NULL) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "EC_POINT_point2bn thepoint failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + /* get sharedX */ + if (rc == 0) { + rc = TSS_BN_new(&sharedX); /* freed @7 */ + } + if (rc == 0) { + rc = TSS_BN_new(&yBn); /* freed @8 */ + } + if (rc == 0) { + if (EC_POINT_get_affine_coordinates(eCurveData.G, rPoint, + sharedX, yBn, eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "EC_POINT_get_affine_coordinates() failed\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + sizeInBytes = TSS_GetDigestSize(publicArea->nameAlg); + sizeInBits = sizeInBytes * 8; + rc = TSS_Malloc(&sharedXBin, BN_num_bytes(sharedX)); /* freed @9 */ + } + if (rc == 0) { + lengthSharedXBin = (unsigned int)BN_bn2bin(sharedX, sharedXBin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedXBin", + sharedXBin, + lengthSharedXBin); + } + /* encrypted salt is just the ephemeral public key */ + if (rc == 0) { + rc = TSS_BN_new(&p_caller_Xbn); /* freed 10 */ + } + if (rc == 0) { + rc = TSS_BN_new(&p_caller_Ybn); /* freed @11 */ + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Allocated space for ephemeral BIGNUM X, Y\n"); + } + /* Get the X-coordinate and Y-Coordinate */ + if (rc == 0) { + if (EC_POINT_get_affine_coordinates(eCurveData.G, callerPointPub, + p_caller_Xbn, p_caller_Ybn, + eCurveData.ctx) == 0) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "EC_POINT_get_affine_coordinates() failed\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + else { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Retrieved X and Y coordinates from ephemeral public\n"); + } + } + if (rc == 0) { + rc = TSS_Malloc(&p_caller_Xbin, BN_num_bytes(p_caller_Xbn)); /* freed @12 */ + } + if (rc == 0) { + rc = TSS_Malloc(&p_caller_Ybin , BN_num_bytes(p_caller_Ybn)); /* freed @13 */ + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Allocated space for ephemeral binary X and y\n"); + } + if (rc == 0) { + rc = TSS_Malloc(&p_tpmXbin, BN_num_bytes(p_tpmX)); /* freed @14 */ + } + if (rc == 0) { + length_p_tpmXbin = (unsigned int)BN_bn2bin(p_tpmX, p_tpmXbin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmXbin ", + p_tpmXbin, + length_p_tpmXbin); + length_p_caller_Xbin = (unsigned int)BN_bn2bin(p_caller_Xbn, p_caller_Xbin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Xbin", + p_caller_Xbin, + length_p_caller_Xbin); + length_p_caller_Ybin = (unsigned int)BN_bn2bin(p_caller_Ybn, p_caller_Ybin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Ybin", + p_caller_Ybin, + length_p_caller_Ybin); + } + /* in->encryptedSalt TPM2B_ENCRYPTED_SECRET is a size and TPMU_ENCRYPTED_SECRET secret. + TPMU_ENCRYPTED_SECRET is a TPMS_ECC_POINT + TPMS_ECC_POINT has two TPMB_ECC_PARAMETER, x and y + */ + if (rc == 0) { + /* TPMS_ECC_POINT 256/8 is a hard coded value for NIST P256, the only curve + currently supported */ + uint8_t *secret = encryptedSalt->t.secret; /* TPMU_ENCRYPTED_SECRET pointer for + clarity */ + /* TPM2B_ENCRYPTED_SECRET size */ + encryptedSalt->t.size = sizeof(uint16_t) + (256/8) + sizeof(uint16_t) + (256/8); + /* leading zeros, because some points may be less than 32 bytes */ + memset(secret, 0, sizeof(TPMU_ENCRYPTED_SECRET)); + /* TPMB_ECC_PARAMETER X point */ + *(uint16_t *)(secret) = htons(256/8); + memcpy(secret + + sizeof(uint16_t) + (256/8) - length_p_caller_Xbin, + p_caller_Xbin, length_p_caller_Xbin); + /* TPMB_ECC_PARAMETER Y point */ + *(uint16_t *)(secret + sizeof(uint16_t) + (256/8)) = htons(256/8); + memcpy(secret + + sizeof(uint16_t) + (256/8) + + sizeof(uint16_t) + (256/8) - length_p_caller_Ybin, + p_caller_Ybin, length_p_caller_Ybin); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: ECC encrypted salt", + encryptedSalt->t.secret, + encryptedSalt->t.size); + } + /* TPM2B_ECC_PARAMETER sharedX_For_KDFE */ + if (rc == 0) { + if (lengthSharedXBin > 32) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "lengthSharedXBin %u too large\n", + lengthSharedXBin); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + sharedX_For_KDFE.t.size = 32; + memset(sharedX_For_KDFE.t.buffer, 0, sizeof(sharedX_For_KDFE.t.buffer)); + memcpy(sharedX_For_KDFE.t.buffer + 32 - lengthSharedXBin, + sharedXBin, lengthSharedXBin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedX_For_KDFE", + sharedX_For_KDFE.t.buffer, + sharedX_For_KDFE.t.size); + } + /* TPM2B_ECC_PARAMETER p_caller_X_For_KDFE */ + if (rc == 0) { + if (length_p_caller_Xbin > 32) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "length_p_caller_Xbin %u too large\n", + length_p_caller_Xbin); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + p_caller_X_For_KDFE.t.size = 32; + memset(p_caller_X_For_KDFE.t.buffer, 0, sizeof(p_caller_X_For_KDFE.t.buffer)); + memcpy(p_caller_X_For_KDFE.t.buffer + 32 - length_p_caller_Xbin, + p_caller_Xbin, length_p_caller_Xbin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_X_For_KDFE", + p_caller_X_For_KDFE.t.buffer, + p_caller_X_For_KDFE.t.size); + } + /* p_tpmX_For_KDFE */ + if (rc == 0) { + if (length_p_tpmXbin > 32) { + if (tssVerbose) printf("TSS_ECC_Salt: " + "length_p_tpmXbin %u too large\n", + length_p_tpmXbin); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + if (rc == 0) { + p_tpmX_For_KDFE .t.size = 32; + memset(p_tpmX_For_KDFE.t.buffer, 0, sizeof(p_tpmX_For_KDFE.t.buffer)); + memcpy(p_tpmX_For_KDFE.t.buffer + 32 - length_p_tpmXbin, + p_tpmXbin, length_p_tpmXbin); + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmX_For_KDFE", + p_tpmX_For_KDFE.t.buffer, + p_tpmX_For_KDFE.t.size); + } + if (rc == 0) { + if (tssVverbose) printf("TSS_ECC_Salt: " + "Calling TSS_KDFE\n"); + /* TPM2B_DIGEST salt size is the largest supported digest algorithm. + This has already been validated when unmarshaling the Name hash algorithm. + */ + /* salt = KDFe(tpmKey_NameAlg, sharedX, "SECRET", P_caller, P_tpm, + tpmKey_NameAlgSizeBits) */ + salt->t.size = sizeInBytes; + rc = TSS_KDFE((uint8_t *)&salt->t.buffer, /* KDFe output */ + publicArea->nameAlg, /* hash algorithm */ + &sharedX_For_KDFE.b, /* Z (key) */ + "SECRET", /* KDFe label */ + &p_caller_X_For_KDFE.b, /* context U */ + &p_tpmX_For_KDFE.b, /* context V */ + sizeInBits); /* required size of key in bits */ + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: salt", + (uint8_t *)&salt->t.buffer, + salt->t.size); + } + /* cleanup */ + if (myecc != NULL) EC_KEY_free(myecc); /* @1 */ + if (tpmPointPub != NULL) EC_POINT_free(tpmPointPub); /* @2 */ + if (p_tpmX != NULL) BN_clear_free(p_tpmX); /* @3 */ + if (zBn != NULL) BN_clear_free(zBn); /* @4 */ + if (rPoint != NULL) EC_POINT_free(rPoint); /* @5 */ + if (thepoint != NULL) BN_clear_free(thepoint); /* @6 */ + if (sharedX != NULL) BN_clear_free(sharedX); /* @7 */ + if (yBn != NULL) BN_clear_free(yBn); /* @8 */ + free(sharedXBin); /* @9 */ + if (p_caller_Xbn != NULL) BN_clear_free(p_caller_Xbn); /* @10 */ + if (p_caller_Ybn != NULL) BN_clear_free(p_caller_Ybn); /* @11 */ + free(p_caller_Xbin); /* @12 */ + free(p_caller_Ybin); /* @13 */ + free(p_tpmXbin); /* @14 */ + if (bigY != NULL) BN_clear_free(bigY); /* @15 */ + EC_GROUP_free(eCurveData.G); /* @17 */ + if (eCurveData.ctx != NULL) BN_CTX_free(eCurveData.ctx); /* @16 */ + + return rc; +} + +/* TSS_BN_new() wraps the openSSL function in a TPM error handler + */ + +static TPM_RC TSS_BN_new(BIGNUM **bn) /* freed by caller */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (*bn != NULL) { + if (tssVerbose) + printf("TSS_BN_new: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn); + rc = TSS_RC_ALLOC_INPUT; + } + } + if (rc == 0) { + *bn = BN_new(); + if (*bn == NULL) { + if (tssVerbose) printf("TSS_BN_new: BN_new() failed\n"); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + return rc; +} + +/* TSS_BN_hex2bn() wraps the openSSL function in a TPM error handler + */ + +static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str) /* freed by caller */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (*bn != NULL) { + if (tssVerbose) + printf("TSS_BN_hex2bn: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn); + rc = TSS_RC_ALLOC_INPUT; + } + } + if (rc == 0) { + int irc; + irc = BN_hex2bn(bn, str); + if (irc == 0) { + if (tssVerbose) printf("TSS_BN_hex2bn: BN_hex2bn() failed\n"); + rc = TSS_RC_EC_EPHEMERAL_FAILURE; + } + } + return rc; +} + +#endif /* TPM_TSS_NOECC */ + +#ifndef TPM_TSS_NORSA + +/* TSS_bin2bn() wraps the openSSL function in a TPM error handler + + Converts a char array to bignum + + bn must be freed by the caller. +*/ + +static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes) +{ + TPM_RC rc = 0; + + /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + + BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM + and places it in ret. If ret is NULL, a new BIGNUM is created. + + BN_bin2bn() returns the BIGNUM, NULL on error. + */ + if (rc == 0) { + *bn = BN_bin2bn(bin, bytes, *bn); + if (*bn == NULL) { + if (tssVerbose) printf("TSS_bin2bn: Error in BN_bin2bn\n"); + rc = TSS_RC_BIGNUM; + } + } + return rc; +} + +#endif /* TPM_TSS_NORSA */ + +/* + AES +*/ + +TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize) +{ + *tssSessionEncKeySize = sizeof(AES_KEY); + return 0; +} +TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize) +{ + *tssSessionDecKeySize = sizeof(AES_KEY); + return 0; +} + +#define TSS_AES_KEY_BITS 128 + +#ifndef TPM_TSS_NOFILE + +TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey, + void *tssSessionDecKey) +{ + TPM_RC rc = 0; + int irc; + unsigned char userKey[AES_128_BLOCK_SIZE_BYTES]; + const char *envKeyString = NULL; + unsigned char *envKeyBin = NULL; + size_t envKeyBinLen; + + if (rc == 0) { + envKeyString = getenv("TPM_SESSION_ENCKEY"); + } + if (envKeyString == NULL) { + /* If the env variable TPM_SESSION_ENCKEY is not set, generate a random key for this + TSS_CONTEXT */ + if (rc == 0) { + /* initialize userKey to silence valgrind false positive */ + memset(userKey, 0, sizeof(userKey)); + rc = TSS_RandBytes(userKey, AES_128_BLOCK_SIZE_BYTES); + } + } + /* The env variable TPM_SESSION_ENCKEY can set a (typically constant) encryption key. This is + useful for scripting, where the env variable is set to a random seed at the beginning of the + script. */ + else { + /* hexascii to binary */ + if (rc == 0) { + rc = TSS_Array_Scan(&envKeyBin, /* freed @1 */ + &envKeyBinLen, envKeyString); + } + /* range check */ + if (rc == 0) { + if (envKeyBinLen != AES_128_BLOCK_SIZE_BYTES) { + if (tssVerbose) + printf("TSS_AES_KeyGenerate: Error, env variable length %lu not %lu\n", + (unsigned long)envKeyBinLen, (unsigned long)sizeof(userKey)); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* copy the binary to the common userKey for use below */ + if (rc == 0) { + memcpy(userKey, envKeyBin, envKeyBinLen); + } + } + /* translate to an openssl key token */ + if (rc == 0) { + irc = AES_set_encrypt_key(userKey, + TSS_AES_KEY_BITS, + tssSessionEncKey); + /* should never occur, null pointers or bad bit size */ + if (irc != 0) { + if (tssVerbose) + printf("TSS_AES_KeyGenerate: Error setting openssl AES encryption key\n"); + rc = TSS_RC_AES_KEYGEN_FAILURE; + } + } + if (rc == 0) { + irc = AES_set_decrypt_key(userKey, + TSS_AES_KEY_BITS, + tssSessionDecKey); + /* should never occur, null pointers or bad bit size */ + if (irc != 0) { + if (tssVerbose) + printf("TSS_AES_KeyGenerate: Error setting openssl AES decryption key\n"); + rc = TSS_RC_AES_KEYGEN_FAILURE; + } + } + free(envKeyBin); /* @1 */ + return rc; +} + +#endif + +/* TSS_AES_Encrypt() is AES non-portable code to encrypt 'decrypt_data' to 'encrypt_data' using CBC. + This function uses the session encryption key for encrypting session state. + + The stream is padded as per PKCS#7 / RFC2630 + + 'encrypt_data' must be free by the caller +*/ + +TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey, + unsigned char **encrypt_data, /* output, caller frees */ + uint32_t *encrypt_length, /* output */ + const unsigned char *decrypt_data, /* input */ + uint32_t decrypt_length) /* input */ +{ + TPM_RC rc = 0; + uint32_t pad_length; + unsigned char *decrypt_data_pad; + unsigned char ivec[AES_128_BLOCK_SIZE_BYTES]; /* initial chaining vector */ + + decrypt_data_pad = NULL; /* freed @1 */ + if (rc == 0) { + /* calculate the pad length and padded data length */ + pad_length = AES_128_BLOCK_SIZE_BYTES - (decrypt_length % AES_128_BLOCK_SIZE_BYTES); + *encrypt_length = decrypt_length + pad_length; + /* allocate memory for the encrypted response */ + rc = TSS_Malloc(encrypt_data, *encrypt_length); + } + /* allocate memory for the padded decrypted data */ + if (rc == 0) { + rc = TSS_Malloc(&decrypt_data_pad, *encrypt_length); + } + /* pad the decrypted clear text data */ + if (rc == 0) { + /* unpadded original data */ + memcpy(decrypt_data_pad, decrypt_data, decrypt_length); + /* last gets pad = pad length */ + memset(decrypt_data_pad + decrypt_length, pad_length, pad_length); + /* set the IV */ + memset(ivec, 0, sizeof(ivec)); + /* encrypt the padded input to the output */ + AES_cbc_encrypt(decrypt_data_pad, + *encrypt_data, + *encrypt_length, + tssSessionEncKey, + ivec, + AES_ENCRYPT); + } + free(decrypt_data_pad); /* @1 */ + return rc; +} + +/* TSS_AES_Decrypt() is AES non-portable code to decrypt 'encrypt_data' to 'decrypt_data' using CBC. + This function uses the session encryption key for decrypting session state. + + The stream must be padded as per PKCS#7 / RFC2630 + + decrypt_data must be free by the caller +*/ + +TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey, + unsigned char **decrypt_data, /* output, caller frees */ + uint32_t *decrypt_length, /* output */ + const unsigned char *encrypt_data, /* input */ + uint32_t encrypt_length) /* input */ +{ + TPM_RC rc = 0; + uint32_t pad_length; + uint32_t i; + unsigned char *pad_data; + unsigned char ivec[AES_128_BLOCK_SIZE_BYTES]; /* initial chaining vector */ + + /* sanity check encrypted length */ + if (rc == 0) { + if (encrypt_length < AES_128_BLOCK_SIZE_BYTES) { + if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad length %u\n", + encrypt_length); + rc = TSS_RC_AES_DECRYPT_FAILURE; + } + } + /* allocate memory for the padded decrypted data */ + if (rc == 0) { + rc = TSS_Malloc(decrypt_data, encrypt_length); + } + /* decrypt the input to the padded output */ + if (rc == 0) { + /* set the IV */ + memset(ivec, 0, sizeof(ivec)); + /* decrypt the padded input to the output */ + AES_cbc_encrypt(encrypt_data, + *decrypt_data, + encrypt_length, + tssSessionDecKey, + ivec, + AES_DECRYPT); + } + /* get the pad length */ + if (rc == 0) { + /* get the pad length from the last byte */ + pad_length = (uint32_t)*(*decrypt_data + encrypt_length - 1); + /* sanity check the pad length */ + if ((pad_length == 0) || + (pad_length > AES_128_BLOCK_SIZE_BYTES)) { + if (tssVerbose) printf("TSS_AES_Decrypt: Error, illegal pad length\n"); + rc = TSS_RC_AES_DECRYPT_FAILURE; + } + } + if (rc == 0) { + /* get the unpadded length */ + *decrypt_length = encrypt_length - pad_length; + /* pad starting point */ + pad_data = *decrypt_data + *decrypt_length; + /* sanity check the pad */ + for (i = 0 ; (rc == 0) && (i < pad_length) ; i++, pad_data++) { + if (*pad_data != pad_length) { + if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad pad %02x at index %u\n", + *pad_data, i); + rc = TSS_RC_AES_DECRYPT_FAILURE; + } + } + } + return rc; +} + +TPM_RC TSS_AES_EncryptCFB(uint8_t *dOut, /* OUT: the encrypted data */ + uint32_t keySizeInBits, /* IN: key size in bits */ + uint8_t *key, /* IN: key buffer */ + uint8_t *iv, /* IN/OUT: IV for decryption */ + uint32_t dInSize, /* IN: data size */ + uint8_t *dIn) /* IN: data buffer */ +{ + TPM_RC rc = 0; + int irc; + int blockSize; + AES_KEY aeskey; + int32_t dSize; /* signed version of dInSize */ + + /* Create AES encryption key token */ + if (rc == 0) { + irc = AES_set_encrypt_key(key, keySizeInBits, &aeskey); + if (irc != 0) { + if (tssVerbose) printf("TSS_AES_EncryptCFB: Error setting openssl AES encryption key\n"); + rc = TSS_RC_AES_KEYGEN_FAILURE; /* should never occur, null pointers or bad bit size */ + } + } + if (rc == 0) { + /* Encrypt the current IV into the new IV, XOR in the data, and copy to output */ + for(dSize = (int32_t)dInSize ; dSize > 0 ; dSize -= 16, dOut += 16, dIn += 16) { + /* Encrypt the current value of the IV to the intermediate value. Store in old iv, + since it's not needed anymore. */ + AES_encrypt(iv, iv, &aeskey); + blockSize = (dSize < 16) ? dSize : 16; /* last block can be < 16 */ + TSS_XOR(dOut, dIn, iv, blockSize); + memcpy(iv, dOut, blockSize); + } + } + return rc; +} + +TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut, /* OUT: the decrypted data */ + uint32_t keySizeInBits, /* IN: key size in bits */ + uint8_t *key, /* IN: key buffer */ + uint8_t *iv, /* IN/OUT: IV for decryption. */ + uint32_t dInSize, /* IN: data size */ + uint8_t *dIn) /* IN: data buffer */ +{ + TPM_RC rc = 0; + int irc; + uint8_t tmp[16]; + int blockSize; + AES_KEY aesKey; + int32_t dSize; + + /* Create AES encryption key token */ + if (rc == 0) { + irc = AES_set_encrypt_key(key, keySizeInBits, &aesKey); + if (irc != 0) { + if (tssVerbose) printf("TSS_AES_DecryptCFB: Error setting openssl AES encryption key\n"); + rc = TSS_RC_AES_KEYGEN_FAILURE; /* should never occur, null pointers or bad bit size */ + } + } + if (rc == 0) { + for (dSize = (int32_t)dInSize ; dSize > 0; dSize -= 16, dOut += 16, dIn += 16) { + /* Encrypt the IV into the temp buffer */ + AES_encrypt(iv, tmp, &aesKey); + blockSize = (dSize < 16) ? dSize : 16; /* last block can be < 16 */ + TSS_XOR(dOut, dIn, tmp, blockSize); + memcpy(iv, dIn, blockSize); + } + } + return rc; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/tsscryptoh.c b/libstb/tss2/ibmtpm20tss/utils/tsscryptoh.c new file mode 100644 index 000000000000..9afc99ee9ef7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsscryptoh.c @@ -0,0 +1,590 @@ +/********************************************************************************/ +/* */ +/* TSS Library Independent Crypto Support */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include + +#include +#include + +extern int tssVverbose; +extern int tssVerbose; + +/* local prototypes */ + +static TPM_RC TSS_MGF1(unsigned char *mask, + uint32_t maskLen, + const unsigned char *mgfSeed, + uint16_t mgfSeedlen, + TPMI_ALG_HASH halg); + +/* TSS_HMAC_Generate() can be called directly to HMAC a list of streams. + + The ... arguments are a message list of the form + int length, unsigned char *buffer + terminated by a 0 length +*/ + +/* On call, digest->hashAlg is the desired hash algorithm */ + +TPM_RC TSS_HMAC_Generate(TPMT_HA *digest, /* largest size of a digest */ + const TPM2B_KEY *hmacKey, + ...) +{ + TPM_RC rc = 0; + va_list ap; + + va_start(ap, hmacKey); + rc = TSS_HMAC_Generate_valist(digest, hmacKey, ap); + va_end(ap); + return rc; +} + +/* TSS_HMAC_Verify() can be called directly to check the HMAC of a list of streams. + + The ... arguments are a list of the form + int length, unsigned char *buffer + terminated by a 0 length + +*/ + +TPM_RC TSS_HMAC_Verify(TPMT_HA *expect, + const TPM2B_KEY *hmacKey, + uint32_t sizeInBytes, + ...) +{ + TPM_RC rc = 0; + int irc; + va_list ap; + TPMT_HA actual; + + actual.hashAlg = expect->hashAlg; /* algorithm for the HMAC calculation */ + va_start(ap, sizeInBytes); + if (rc == 0) { + rc = TSS_HMAC_Generate_valist(&actual, hmacKey, ap); + } + if (rc == 0) { + irc = memcmp((uint8_t *)&expect->digest, &actual.digest, sizeInBytes); + if (irc != 0) { + TSS_PrintAll("TSS_HMAC_Verify: calculated HMAC", + (uint8_t *)&actual.digest, sizeInBytes); + rc = TSS_RC_HMAC_VERIFY; + } + } + va_end(ap); + return rc; +} + +/* TSS_KDFA() 11.4.9 Key Derivation Function + + As defined in SP800-108, the inner loop for building the key stream is: + + K(i) = HMAC (KI , [i]2 || Label || 00 || Context || [L]2) +*/ + +TPM_RC TSS_KDFA(uint8_t *keyStream, /* OUT: key buffer */ + TPM_ALG_ID hashAlg, /* IN: hash algorithm used in HMAC */ + const TPM2B *key, /* IN: HMAC key */ + const char *label, /* IN: KDFa label, NUL terminated */ + const TPM2B *contextU, /* IN: context U */ + const TPM2B *contextV, /* IN: context V */ + uint32_t sizeInBits) /* IN: size of generated key in bits */ + +{ + TPM_RC rc = 0; + uint32_t bytes = ((sizeInBits + 7) / 8); /* bytes left to produce */ + uint8_t *stream; + uint32_t sizeInBitsNbo = htonl(sizeInBits); /* KDFa L2 */ + uint16_t bytesThisPass; /* in one HMAC operation */ + uint32_t counter; /* counter value */ + uint32_t counterNbo; /* counter in big endian */ + TPMT_HA hmac; /* hmac result for this pass */ + + + if (rc == 0) { + hmac.hashAlg = hashAlg; /* for TSS_HMAC_Generate() */ + bytesThisPass = TSS_GetDigestSize(hashAlg); /* start with hashAlg sized chunks */ + if (bytesThisPass == 0) { + if (tssVerbose) printf("TSS_KDFA: KDFa failed\n"); + rc = TSS_RC_KDFA_FAILED; + } + } + /* Generate required bytes */ + for (stream = keyStream, counter = 1 ; /* beginning of stream, KDFa counter starts at 1 */ + (rc == 0) && bytes > 0 ; /* bytes left to produce */ + stream += bytesThisPass, bytes -= bytesThisPass, counter++) { + + /* last pass, can be less than hashAlg sized chunks */ + if (bytes < bytesThisPass) { + bytesThisPass = bytes; + } + counterNbo = htonl(counter); /* counter for this pass in BE format */ + + rc = TSS_HMAC_Generate(&hmac, /* largest size of an HMAC */ + (const TPM2B_KEY *)key, + sizeof(uint32_t), &counterNbo, /* KDFa i2 counter */ + strlen(label) + 1, label, /* KDFa label, use NUL as the KDFa + 00 byte */ + contextU->size, contextU->buffer, /* KDFa Context */ + contextV->size, contextV->buffer, /* KDFa Context */ + sizeof(uint32_t), &sizeInBitsNbo, /* KDFa L2 */ + 0, NULL); + memcpy(stream, &hmac.digest.tssmax, bytesThisPass); + } + return rc; +} + +/* TSS_KDFE() 11.4.9.3 Key Derivation Function for ECDH + + Digest = Hash(counter || Z || Use || PartyUInfo || PartyVInfo || bits ) + + where + + counter is initialized to 1 and incremented for each iteration + + Z is the X-coordinate of the product of a public (TPM) ECC key and + a different private ECC key + + Use is a NULL-terminated string that indicates the use of the key + ("DUPLICATE", "IDENTITY", "SECRET", etc) + + PartyUInfo is the X-coordinate of the public point of an ephemeral key + + PartyVInfo is the X-coordinate of the public point of the TPM key + + bits is a 32-bit value indicating the number of bits to be returned +*/ + +TPM_RC TSS_KDFE(uint8_t *keyStream, /* OUT: key buffer */ + TPM_ALG_ID hashAlg, /* IN: hash algorithm used */ + const TPM2B *key, /* IN: Z */ + const char *label, /* IN: KDFe label, NUL terminated */ + const TPM2B *contextU, /* IN: context U */ + const TPM2B *contextV, /* IN: context V */ + uint32_t sizeInBits) /* IN: size of generated key in bits */ + +{ + TPM_RC rc = 0; + uint32_t bytes = ((sizeInBits + 7) / 8); /* bytes left to produce */ + uint8_t *stream; + uint16_t bytesThisPass; /* in one Hash operation */ + uint32_t counter; /* counter value */ + uint32_t counterNbo; /* counter in big endian */ + TPMT_HA digest; /* result for this pass */ + + if (rc == 0) { + digest.hashAlg = hashAlg; /* for TSS_Hash_Generate() */ + bytesThisPass = TSS_GetDigestSize(hashAlg); /* start with hashAlg sized chunks */ + if (bytesThisPass == 0) { + if (tssVerbose) printf("TSS_KDFE: KDFe failed\n"); + rc = TSS_RC_KDFE_FAILED; + } + } + /* Generate required bytes */ + for (stream = keyStream, counter = 1 ; /* beginning of stream, KDFe counter starts at 1 */ + (rc == 0) && bytes > 0 ; /* bytes left to produce */ + stream += bytesThisPass, bytes -= bytesThisPass, counter++) { + /* last pass, can be less than hashAlg sized chunks */ + if (bytes < bytesThisPass) { + bytesThisPass = bytes; + } + counterNbo = htonl(counter); /* counter for this pass in BE format */ + + rc = TSS_Hash_Generate(&digest, /* largest size of a digest */ + sizeof(uint32_t), &counterNbo, /* KDFe i2 counter */ + key->size, key->buffer, + strlen(label) + 1, label, /* KDFe label, use NUL as the KDFe + 00 byte */ + contextU->size, contextU->buffer, /* KDFe Context */ + contextV->size, contextV->buffer, /* KDFe Context */ + 0, NULL); + memcpy(stream, &digest.digest.tssmax, bytesThisPass); + } + return rc; +} + +/* On call, digest->hashAlg is the desired hash algorithm + + ... is a list of int length, unsigned char *buffer pairs. + + length 0 is ignored, buffer NULL terminates list. +*/ + +TPM_RC TSS_Hash_Generate(TPMT_HA *digest, /* largest size of a digest */ + ...) +{ + TPM_RC rc = 0; + va_list ap; + va_start(ap, digest); + rc = TSS_Hash_Generate_valist(digest, ap); + va_end(ap); + return rc; +} + + +/* TSS_GetDigestBlockSize() returns the digest block size in bytes based on the hash algorithm. + + Returns 0 for an unknown algorithm. +*/ + +/* NOTE: Marked as const function in header */ + +uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg) +{ + uint16_t size; + + switch (hashAlg) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + size = SHA1_BLOCK_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + size = SHA256_BLOCK_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + size = SHA384_BLOCK_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + size = SHA512_BLOCK_SIZE; + break; +#endif +#if 0 + case TPM_ALG_SM3_256: + size = SM3_256_BLOCK_SIZE; + break; +#endif + default: + size = 0; + } + return size; +} + +/* TPM_MGF1() generates an MGF1 'array' of length 'arrayLen' from 'seed' of length 'seedlen' + + The openSSL DLL doesn't export MGF1 in Windows or Linux 1.0.0, so this version is created from + scratch. + + Algorithm and comments (not the code) from: + + PKCS #1: RSA Cryptography Specifications Version 2.1 B.2.1 MGF1 + + Prototype designed to be compatible with openSSL + + MGF1 is a Mask Generation Function based on a hash function. + + MGF1 (mgfSeed, maskLen) + + Options: + + Hash hash function (hLen denotes the length in octets of the hash + function output) + + Input: + + mgfSeed seed from which mask is generated, an octet string + maskLen intended length in octets of the mask, at most 2^32(hLen) + + Output: + mask mask, an octet string of length l; or "mask too long" + + Error: "mask too long' +*/ + +static TPM_RC TSS_MGF1(unsigned char *mask, + uint32_t maskLen, + const unsigned char *mgfSeed, + uint16_t mgfSeedlen, + TPMI_ALG_HASH halg) +{ + TPM_RC rc = 0; + unsigned char counter[4]; /* 4 octets */ + uint32_t count; /* counter as an integral type */ + uint32_t outLen; + TPMT_HA digest; + uint16_t digestSize = TSS_GetDigestSize(halg); + + digest.hashAlg = halg; + +#if 0 + if (rc == 0) { + /* this is possible with arrayLen on a 64 bit architecture, comment to quiet beam */ + if ((maskLen / TPM_DIGEST_SIZE) > 0xffffffff) { /* constant condition */ + if (tssVerbose) + printf("TSS_MGF1: Error (fatal), Output length too large for 32 bit counter\n"); + rc = TPM_FAIL; /* should never occur */ + } + } +#endif + /* 1.If l > 2^32(hLen), output "mask too long" and stop. */ + /* NOTE Checked by caller */ + /* 2. Let T be the empty octet string. */ + /* 3. For counter from 0 to [masklen/hLen] - 1, do the following: */ + for (count = 0, outLen = 0 ; (rc == 0) && (outLen < maskLen) ; count++) { + /* a. Convert counter to an octet string C of length 4 octets - see Section 4.1 */ + /* C = I2OSP(counter, 4) NOTE Basically big endian */ + uint32_t count_n = htonl(count); + memcpy(counter, &count_n, 4); + /* b.Concatenate the hash of the seed mgfSeed and C to the octet string T: */ + /* T = T || Hash (mgfSeed || C) */ + /* If the entire digest is needed for the mask */ + if ((outLen + digestSize) < maskLen) { + rc = TSS_Hash_Generate(&digest, + mgfSeedlen, mgfSeed, + 4, counter, + 0, NULL); + memcpy(mask + outLen, &digest.digest, digestSize); + outLen += digestSize; + } + /* if the mask is not modulo TPM_DIGEST_SIZE, only part of the final digest is needed */ + else { + /* hash to a temporary digest variable */ + rc = TSS_Hash_Generate(&digest, + mgfSeedlen, mgfSeed, + 4, counter, + 0, NULL); + /* copy what's needed */ + memcpy(mask + outLen, &digest.digest, maskLen - outLen); + outLen = maskLen; /* outLen = outLen + maskLen - outLen */ + } + } + /* 4.Output the leading l octets of T as the octet string mask. */ + return rc; +} + +/* + OAEP Padding +*/ + +/* TSS_RSA_padding_add_PKCS1_OAEP() is a variation of the the openSSL function + + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *f, int fl, unsigned char *p, int pl); + + It is used because the openssl function is hard coded to SHA1. + + This function was independently written from the PKCS1 specification "9.1.1.1 Encoding + Operation" and PKCS#1 v2.2, intended to be unencumbered by any license. + + + | <- emLen -> | + + | lHash | PS | 01 | Message | + + SHA flen + + | db | + | dbMask | + | seed | + + SHA + + | seedMask | + | 00 | maskSeed | maskedDB | +*/ + +TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen, + const unsigned char *from, uint32_t fLen, + const unsigned char *p, + int plen, + TPMI_ALG_HASH halg) +{ + TPM_RC rc = 0; + TPMT_HA lHash; + unsigned char *db = NULL; /* compiler false positive */ + + unsigned char *dbMask = NULL; /* freed @1 */ + unsigned char *seed = NULL; /* freed @2 */ + unsigned char *maskedDb; + unsigned char *seedMask = NULL; /* compiler false positive */ + unsigned char *maskedSeed; + + uint16_t hlen = TSS_GetDigestSize(halg); + + /* 1.a. If the length of L is greater than the input limitation for */ + /* the hash function (2^61-1 octets for SHA-1) then output "parameter */ + /* string too long" and stop. */ + if (rc == 0) { + if (plen > 0xffff) { + if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, " + "label %u too long\n", plen); + rc = TSS_RC_RSA_PADDING; + } + } + /* 1.b. If ||M|| > emLen-2hLen-1 then output "message too long" and stop. */ + if (rc == 0) { + if (emLen < ((2 * hlen) + 2 + fLen)) { + if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, " + "message length %u too large for encoded length %u\n", + fLen, emLen); + rc = TSS_RC_RSA_PADDING; + } + } + /* 2.a. Let lHash = Hash(L), an octet string of length hLen. */ + if (rc == 0) { + lHash.hashAlg = halg; + rc = TSS_Hash_Generate(&lHash, + plen, p, + 0, NULL); + } + if (rc == 0) { + /* 2.b. Generate an octet string PS consisting of emLen-||M||-2hLen-2 zero octets. The + length of PS may be 0. */ + /* 2.c. Concatenate lHash, PS, a single octet of 0x01 the message M, to form a data block DB + as: DB = lHash || PS || 01 || M */ + /* NOTE Since db is eventually maskedDb, part of em, create directly in em */ + db = em + hlen + 1; + memcpy(db, &lHash.digest, hlen); /* lHash */ + /* PSlen = emlen - flen - (2 * hlen) - 2 */ + memset(db + hlen, 0, /* PS */ + emLen - fLen - (2 * hlen) - 2); + /* position of 0x01 in db is + hlen + PSlen = + hlen + emlen - flen - (2 * hlen) - 2 = + emlen - hlen - flen - 2 */ + db[emLen - fLen - hlen - 2] = 0x01; + memcpy(db + emLen - fLen - hlen - 1, from, fLen); /* M */ + } + /* 2.d. Generate a random octet string seed of length hLen. */ + if (rc == 0) { + rc = TSS_Malloc(&seed, hlen); + } + if (rc == 0) { + rc = TSS_RandBytes(seed, hlen); + } + if (rc == 0) { + rc = TSS_Malloc(&dbMask, emLen - hlen - 1); + } + if (rc == 0) { + /* 2.e. Let dbMask = MGF(seed, emLen-hLen-1). */ + rc = TSS_MGF1(dbMask, emLen - hlen -1, /* dbLen */ + seed, hlen, + halg); + } + if (rc == 0) { + /* 2.f. Let maskedDB = DB xor dbMask. */ + /* NOTE Since maskedDB is eventually em, XOR directly to em */ + maskedDb = em + hlen + 1; + TSS_XOR(maskedDb, db, dbMask, emLen - hlen -1); + /* 2.g. Let seedMask = MGF(maskedDB, hLen). */ + /* NOTE Since seedMask is eventually em, create directly to em */ + seedMask = em + 1; + rc = TSS_MGF1(seedMask, hlen, + maskedDb, emLen - hlen - 1, + halg); + } + if (rc == 0) { + /* 2.h. Let maskedSeed = seed xor seedMask. */ + /* NOTE Since maskedSeed is eventually em, create directly to em */ + maskedSeed = em + 1; + TSS_XOR(maskedSeed, seed, seedMask, hlen); + /* 2.i. 0x00, maskedSeed, and maskedDb to form EM */ + /* NOTE Created directly in em */ + } + free(dbMask); /* @1 */ + free(seed); /* @2 */ + return rc; +} + +/* TPM_XOR XOR's 'in1' and 'in2' of 'length', putting the result in 'out' + + */ + +void TSS_XOR(unsigned char *out, + const unsigned char *in1, + const unsigned char *in2, + size_t length) +{ + size_t i; + + for (i = 0 ; i < length ; i++) { + out[i] = in1[i] ^ in2[i]; + } + return; +} + +/* + AES +*/ + +#define TSS_AES_KEY_BITS 128 + +/* TSS_Sym_GetBlockSize() returns the block size for the symmetric algorithm. Returns 0 on for an + unknown algorithm. +*/ + +/* NOTE: Marked as const function in header */ + +uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID symmetricAlg, + uint16_t keySizeInBits) +{ + keySizeInBits = keySizeInBits; + + switch (symmetricAlg) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: +#endif +#ifdef TPM_ALG_SM4 /* Both AES and SM4 use the same block size */ + case TPM_ALG_SM4: +#endif + return 16; + default: + return 0; + } + return 0; +} + diff --git a/libstb/tss2/ibmtpm20tss/utils/tssdev.c b/libstb/tss2/ibmtpm20tss/utils/tssdev.c new file mode 100644 index 000000000000..affd9db01b1e --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssdev.c @@ -0,0 +1,213 @@ +/********************************************************************************/ +/* */ +/* Linux Device Transmit and Receive Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifdef TPM_POSIX + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include +#include "tssproperties.h" + +#include "tssdev.h" + +/* local prototypes */ + +static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext); +static uint32_t TSS_Dev_SendCommand(int dev_fd, const uint8_t *buffer, uint16_t length, + const char *message); +static uint32_t TSS_Dev_ReceiveResponse(int dev_fd, uint8_t *buffer, uint32_t *length); + +/* global configuration */ + +extern int tssVverbose; +extern int tssVerbose; + +/* TSS_Dev_Transmit() transmits the command and receives the response. + + Can return device transmit and receive packet errors, but normally returns the TPM response code. +*/ + +TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + TPM_RC rc = 0; + + /* open on first transmit */ + if (tssContext->tssFirstTransmit) { + if (rc == 0) { + rc = TSS_Dev_Open(tssContext); + } + if (rc == 0) { + tssContext->tssFirstTransmit = FALSE; + } + } + /* send the command to the device. Error if the device send fails. */ + if (rc == 0) { + rc = TSS_Dev_SendCommand(tssContext->dev_fd, commandBuffer, written, message); + } + /* receive the response from the dev_fd. Returns dev_fd errors, malformed response errors. + Else returns the TPM response code. */ + if (rc == 0) { + rc = TSS_Dev_ReceiveResponse(tssContext->dev_fd, responseBuffer, read); + } + return rc; +} + +/* TSS_Dev_Open() opens the TPM device (through the device driver) */ + +static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext) +{ + uint32_t rc = 0; + + if (rc == 0) { + if (tssVverbose) printf("TSS_Dev_Open: Opening %s\n", tssContext->tssDevice); + tssContext->dev_fd = open(tssContext->tssDevice, O_RDWR); + if (tssContext->dev_fd < 0) { + if (tssVerbose) printf("TSS_Dev_Open: Error opening %s\n", tssContext->tssDevice); + rc = TSS_RC_NO_CONNECTION; + } + } + return rc; +} + +/* TSS_Dev_SendCommand() sends the TPM command buffer to the device. + + Returns an error if the device write fails. +*/ + +static uint32_t TSS_Dev_SendCommand(int dev_fd, + const uint8_t *buffer, uint16_t length, + const char *message) +{ + uint32_t rc = 0; + int irc; + + if (message != NULL) { + if (tssVverbose) printf("TSS_Dev_SendCommand: %s\n", message); + } + if ((rc == 0) && tssVverbose) { + TSS_PrintAll("TSS_Dev_SendCommand", + buffer, length); + } + if (rc == 0) { + irc = write(dev_fd, buffer, length); + if (irc < 0) { + if (tssVerbose) printf("TSS_Dev_SendCommand: write error %d %s\n", + errno, strerror(errno)); + rc = TSS_RC_BAD_CONNECTION; + } + } + return rc; +} + +/* TSS_Dev_ReceiveResponse() reads a response buffer from the device. 'buffer' must be at least + MAX_RESPONSE_SIZE bytes. + + Returns TPM packet error code. + + Validates that the packet length and the packet responseSize match +*/ + +static uint32_t TSS_Dev_ReceiveResponse(int dev_fd, uint8_t *buffer, uint32_t *length) +{ + uint32_t rc = 0; + int irc; /* read() return code, negative is error, positive is length */ + uint32_t responseSize = 0; /* from TPM packet response stream */ + + if (tssVverbose) printf("TSS_Dev_ReceiveResponse:\n"); + /* read the TPM device */ + if (rc == 0) { + irc = read(dev_fd, buffer, MAX_RESPONSE_SIZE); + if (irc <= 0) { + rc = TSS_RC_BAD_CONNECTION; + if (irc < 0) { + if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read error %d %s\n", + errno, strerror(errno)); + } + } + } + /* read() is successful, trace the response */ + if ((rc == 0) && tssVverbose) { + TSS_PrintAll("TSS_Dev_ReceiveResponse", + buffer, irc); + } + /* verify that there is at least a tag, responseSize, and responseCode in TPM response */ + if (rc == 0) { + if ((unsigned int)irc < (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(uint32_t))) { + if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read bytes %u < header\n", irc); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* get responseSize from the packet */ + if (rc == 0) { + responseSize = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST))); + /* sanity check against the length actually received, the return code */ + if ((uint32_t)irc != responseSize) { + if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read bytes %u != responseSize %u\n", + (uint32_t)irc, responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + /* if there was no lower level failure, return the TPM packet responseCode */ + if (rc == 0) { + rc = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST)+ sizeof(uint32_t))); + } + *length = responseSize; + if (tssVverbose) printf("TSS_Dev_ReceiveResponse: rc %08x\n", rc); + return rc; +} + +TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext) +{ + if (tssVverbose) printf("TSS_Dev_Close: Closing %s\n", tssContext->tssDevice); + close(tssContext->dev_fd); + return 0; +} + +#endif /* TPM_POSIX */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tssdev.h b/libstb/tss2/ibmtpm20tss/utils/tssdev.h new file mode 100644 index 000000000000..73d4bfc01b29 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssdev.h @@ -0,0 +1,64 @@ +/********************************************************************************/ +/* */ +/* Linux Device Transmit and Receive Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssdev.h 1015 2017-06-07 13:16:34Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is not a public header. It should not be used by applications. */ + +#ifndef TSSDEV_H +#define TSSDEV_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message); + TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext); + +#ifdef __cplusplus +} +#endif + +#endif + + + diff --git a/libstb/tss2/ibmtpm20tss/utils/tssdevskiboot.c b/libstb/tss2/ibmtpm20tss/utils/tssdevskiboot.c new file mode 100644 index 000000000000..24d4379855a0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssdevskiboot.c @@ -0,0 +1,195 @@ +/********************************************************************************/ +/* */ +/* Skiboot Transmit and Receive Utilities */ +/* */ +/* (c) Copyright IBM Corporation 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include + +#include +#include +#include +#include +#include + +#include +#include + +/* global configuration */ + +extern int tssVerbose; +extern int tssVverbose; + +/* + * TSS_Dev_Transmit() transmits the command and receives the response in + * skiboot. + * Can return device transmit and receive packet errors, but normally returns + * the TPM response code. +*/ +TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *length, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + TPM_RC rc = 0; + size_t responseSize; + + /* skiboot driver's transmit function expects a size_t value as buffer + * length instead of uint32_t used in this function header, so this + * variable exists just for type compatibility. + */ + size_t buffer_length; + + if (message != NULL) { + if (tssVverbose) printf("TSS_Skiboot_Transmit: %s\n", message); + } + if ((rc == 0) && tssVverbose) { + TSS_PrintAll("TSS_Skiboot_Transmit: Command ", + commandBuffer, written); + } + + /* we don't need to open a device as it is done in user space but we + * need to be sure a device and the driver are available for use. + */ + if (rc == 0) { + if (tssContext->tssFirstTransmit) { + tssContext->tpm_device = tpm_get_device(); + if (tssContext->tpm_device == NULL) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: TPM device not set\n"); + rc = TSS_RC_NO_CONNECTION; + } + if (rc == 0) { + tssContext->tpm_driver = tpm_get_driver(); + if (tssContext->tpm_driver == NULL) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: TPM driver not set\n"); + rc = TSS_RC_NO_CONNECTION; + } + } + } + } + + if (rc == 0 ) { + tssContext->tssFirstTransmit = FALSE; + } + + /* + * Let's issue compilation issue if eventually MAX_COMMAND_SIZE becomes + * potentially greater than MAX_RESPONSE_SIZE + */ +#if MAX_COMMAND_SIZE > MAX_RESPONSE_SIZE +#error "MAX_COMMAND_SIZE cannot be greater than MAX_RESPONSE_SIZE. Potential overflow on the buffer for Command and Response" +#endif + if (rc == 0) { + if (written > MAX_RESPONSE_SIZE) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: Response Overflow. TPM wrote %u bytes, Max response size is %u ", + written, MAX_RESPONSE_SIZE); + rc = TSS_RC_BAD_CONNECTION; + } + } + + /* + * the buffer used to send the command will be overwritten and store the + * response data after TPM execution. So here we copy the contents of + * commandBuffer to responseBuffer, using the latter to perform the + * operation and storing the response and keeping the former safe. + */ + if (rc == 0) { + /* + * skiboot driver checks for overflow, so we need to share the + * max response size to length. In the response length will + * contain the length of the response buffer. + */ + buffer_length = MAX_RESPONSE_SIZE; + + memcpy(responseBuffer, commandBuffer, written); + rc = tssContext->tpm_driver->transmit(tssContext->tpm_device, + responseBuffer, written, &buffer_length); + /* now that we have buffer length set we save it to length so it + * can be used by the callers + */ + *length = buffer_length; + + if (rc != 0) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: receive error %u\n", rc); + rc = TSS_RC_BAD_CONNECTION; + } + } + + if (rc == 0) { + if (tssVverbose) + TSS_PrintAll("TSS_Skiboot_Transmit: Response", responseBuffer, *length); + + /* verify that there is at least a tag, responseSize, and responseCode */ + if (*length < (sizeof(TPM_ST) + (2 * sizeof(uint32_t)))) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: received %u bytes < header\n", *length); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + + /* + * length and the response size in the response body should match. Check + * it here. + */ + if (rc == 0) { + responseSize = ntohl(*(uint32_t *)(responseBuffer + sizeof(TPM_ST))); + if (responseSize != *length) { + if (tssVerbose) + printf("TSS_Skiboot_Transmit: Bytes read (%u) and Buffer responseSize field (%lu) don't match\n", + *length, responseSize); + rc = TSS_RC_MALFORMED_RESPONSE; + } + } + + /* + * Now we need to get the actual return code from the response buffer + * and deliver it to the upper layers + */ + if (rc == 0) + rc = ntohl(*(uint32_t *)(responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t))); + + if (tssVverbose) + printf("TSS_Skiboot_Transmit: Response Code: %08x", rc); + + return rc; +} + +TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext) +{ + tssContext = tssContext; + return 0; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssfile.c b/libstb/tss2/ibmtpm20tss/utils/tssfile.c new file mode 100644 index 000000000000..3c200d59893d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssfile.c @@ -0,0 +1,321 @@ +/********************************************************************************/ +/* */ +/* TSS and Application File Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#include +#include +#include +#include + +extern int tssVerbose; +extern int tssVverbose; + +/* TSS_File_Open() opens the 'filename' for 'mode' + */ + +int TSS_File_Open(FILE **file, + const char *filename, + const char* mode) +{ + int rc = 0; + + if (rc == 0) { + *file = fopen(filename, mode); + if (*file == NULL) { + if (tssVerbose) printf("TSS_File_Open: Error opening %s for %s, %s\n", + filename, mode, strerror(errno)); + rc = TSS_RC_FILE_OPEN; + } + } + return rc; +} + +/* TSS_File_ReadBinaryFile() reads 'filename'. The results are put into 'data', which must be freed + by the caller. 'length' indicates the number of bytes read. + +*/ + +TPM_RC TSS_File_ReadBinaryFile(unsigned char **data, /* must be freed by caller */ + size_t *length, + const char *filename) +{ + int rc = 0; + long lrc; + size_t src; + int irc; + FILE *file = NULL; + + *data = NULL; + *length = 0; + /* open the file */ + if (rc == 0) { + rc = TSS_File_Open(&file, filename, "rb"); /* closed @1 */ + } + /* determine the file length */ + if (rc == 0) { + irc = fseek(file, 0L, SEEK_END); /* seek to end of file */ + if (irc == -1L) { + if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to end of %s\n", + filename); + rc = TSS_RC_FILE_SEEK; + } + } + if (rc == 0) { + lrc = ftell(file); /* get position in the stream */ + if (lrc == -1L) { + if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error ftell'ing %s\n", filename); + rc = TSS_RC_FILE_FTELL; + } + else { + *length = (size_t)lrc; /* save the length */ + } + } + if (rc == 0) { + irc = fseek(file, 0L, SEEK_SET); /* seek back to the beginning of the file */ + if (irc == -1L) { + if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to beginning of %s\n", + filename); + rc = TSS_RC_FILE_SEEK; + } + } + /* allocate a buffer for the actual data */ + if ((rc == 0) && (*length != 0)) { + rc = TSS_Malloc(data, *length); + } + /* read the contents of the file into the data buffer */ + if ((rc == 0) && *length != 0) { + src = fread(*data, 1, *length, file); + if (src != *length) { + if (tssVerbose) + printf("TSS_File_ReadBinaryFile: Error reading %s, %u bytes, got %lu\n", + filename, (unsigned int)*length, (unsigned long)src); + rc = TSS_RC_FILE_READ; + } + } + if (file != NULL) { + irc = fclose(file); /* @1 */ + if (irc != 0) { + if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error closing %s\n", + filename); + rc = TSS_RC_FILE_CLOSE; + } + } + if (rc != 0) { + if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error reading %s\n", filename); + free(*data); + *data = NULL; + } + return rc; +} + +/* TSS_File_WriteBinaryFile() writes 'data' of 'length' to 'filename' + */ + +TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data, + size_t length, + const char *filename) +{ + long rc = 0; + size_t src; + int irc; + FILE *file = NULL; + + /* open the file */ + if (rc == 0) { + rc = TSS_File_Open(&file, filename, "wb"); /* closed @1 */ + } + /* write the contents of the data buffer into the file */ + if (rc == 0) { + src = fwrite(data, 1, length, file); + if (src != length) { + if (tssVerbose) + printf("TSS_File_WriteBinaryFile: Error writing %s, %lu bytes, got %lu\n", + filename, (unsigned long)length, (unsigned long)src); + rc = TSS_RC_FILE_WRITE; + } + } + if (file != NULL) { + irc = fclose(file); /* @1 */ + if (irc != 0) { + if (tssVerbose) printf("TSS_File_WriteBinaryFile: Error closing %s\n", + filename); + rc = TSS_RC_FILE_CLOSE; + } + } + return rc; +} + +/* TSS_File_ReadStructure() is a general purpose "read a structure" function. + + It reads the filename, and then unmarshals the structure using "unmarshalFunction". +*/ + +TPM_RC TSS_File_ReadStructure(void *structure, + UnmarshalFunction_t unmarshalFunction, + const char *filename) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; /* for the free */ + uint8_t *buffer1 = NULL; /* for unmarshaling */ + size_t length = 0; + + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + filename); + } + if (rc == 0) { + uint32_t ilength = length; + buffer1 = buffer; + rc = unmarshalFunction(structure, &buffer1, &ilength); + } + free(buffer); /* @1 */ + return rc; +} + +/* TSS_File_ReadStructureFlag() is a general purpose "read a structure" function. + + It reads the filename, and then unmarshals the structure using "unmarshalFunction". + + It is similar to TSS_File_ReadStructure() but is used when the structure unmarshal function + requires the allowNull flag. +*/ + +TPM_RC TSS_File_ReadStructureFlag(void *structure, + UnmarshalFunctionFlag_t unmarshalFunction, + BOOL allowNull, + const char *filename) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; /* for the free */ + uint8_t *buffer1 = NULL; /* for unmarshaling */ + size_t length = 0; + + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + filename); + } + if (rc == 0) { + uint32_t ilength = length; + buffer1 = buffer; + rc = unmarshalFunction(structure, &buffer1, &ilength, allowNull); + } + free(buffer); /* @1 */ + return rc; +} + +/* TSS_File_WriteStructure() is a general purpose "write a structure" function. + + It marshals the structure using "marshalFunction", and then writes it to filename. +*/ + +TPM_RC TSS_File_WriteStructure(void *structure, + MarshalFunction_t marshalFunction, + const char *filename) +{ + TPM_RC rc = 0; + uint16_t written = 0; + uint8_t *buffer = NULL; /* for the free */ + + if (rc == 0) { + rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ + &written, + structure, + marshalFunction); + } + if (rc == 0) { + rc = TSS_File_WriteBinaryFile(buffer, + written, + filename); + } + free(buffer); /* @1 */ + return rc; +} + +/* TSS_File_Read2B() reads 'filename' and copies the data to 'tpm2b', checking targetSize + + */ + +TPM_RC TSS_File_Read2B(TPM2B *tpm2b, + uint16_t targetSize, + const char *filename) +{ + TPM_RC rc = 0; + uint8_t *buffer = NULL; + size_t length = 0; + + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ + &length, + filename); + } + if (rc == 0) { + if (length > 0xffff) { /* overflow TPM2B uint16_t */ + if (tssVerbose) printf("TSS_File_Read2B: size %u greater than 0xffff\n", + (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + /* copy it into the TPM2B */ + if (rc == 0) { + rc = TSS_TPM2B_Create(tpm2b, buffer, (uint16_t)length, targetSize); + } + free(buffer); /* @1 */ + return rc; +} + +/* FIXME need to add - ignore failure if does not exist */ + +TPM_RC TSS_File_DeleteFile(const char *filename) +{ + TPM_RC rc = 0; + int irc; + + if (rc == 0) { + irc = remove(filename); + if (irc != 0) { + rc = TSS_RC_FILE_REMOVE; + } + } + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssmarshal.c b/libstb/tss2/ibmtpm20tss/utils/tssmarshal.c new file mode 100644 index 000000000000..957a1ac8ee9d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssmarshal.c @@ -0,0 +1,7768 @@ +/********************************************************************************/ +/* */ +/* TSS Marshal and Unmarshal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include + +#include +#include +#include +#include + +/* This file holds: + + --------------------------------------- + + Recommended functions - with an unsigned size + + * Primary marshal functions TSS_primary_Marshalu + * Primary unmarshal functions TSS_primary_Unmarshalu in Unmarshal.c + * TPM 2.0 structure marshal functions TSS_structure_Marshalu + * TPM 2.0 structure unmarshal functions TSS_structure_Unmarshalu in Unmarshal.c + * TPM 2.0 command marshal functions TSS_command_In_Marshalu + TPM 2.0 command unmarshal functions command_In_Unmarshal + * TPM 2.0 response unmarshal functions TSS_response_Out_Unmarshalu + + --------------------------------------- + + Deprecated functions - with a signed size + + * Primary marshal functions TSS_primary_Marshal + * Primary unmarshal functions primary_Unmarshal in Unmarshal.c + * TPM 2.0 structure marshal functions TSS_structure_Marshal + * TPM 2.0 structure unmarshal functions structure_Unmarshal in Unmarshal.c + * TPM 2.0 command marshal functions TSS_command_In_Marshal + * TPM 2.0 response unmarshal functions TSS_response_Out_Unmarshal + + * are exposed in /tss2/ +*/ + +/* The marshaling function prototype pattern is: + + Return: + + An extra return code, TSS_RC_INSUFFICIENT_BUFFER, indicates that the supplied buffer size is too + small. The TPM functions assert. + + 'source' is the structure to be marshaled. + 'written' is the __additional__ number of bytes written. + 'buffer' is the buffer written. + ' size' is the remaining size of the buffer. + + If 'buffer' is NULL, 'written' is updated but no marshaling is performed. This is used in a two + pass pattern, where the first pass returns the size of the buffer to be malloc'ed. + + If 'size' is NULL, the source is marshaled without a size check. The caller must ensure that + the buffer is sufficient, often due to a malloc after the first pass. */ + +/* Marshal functions shared by TPM 1.2 and TPM 2.0 */ + +/* The functions with the _Marshalu suffix are preferred. They use an unsigned size. The functions + with _Marshalu are deprecated. */ + +TPM_RC +TSS_UINT8_Marshalu(const UINT8 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { /* if buffer is NULL, don't marshal, just return written */ + /* if size is NULL, ignore it, else check sufficient */ + if ((size == NULL) || (*size >= sizeof(UINT8))) { + /* marshal, move the buffer */ + (*buffer)[0] = *source; + *buffer += sizeof(UINT8); + /* is size was supplied, update it */ + if (size != NULL) { + *size -= sizeof(UINT8); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(UINT8); + return rc; +} + +TPM_RC +TSS_INT8_Marshalu(const INT8 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + rc = TSS_UINT8_Marshalu((const UINT8 *)source, written, buffer, size); + return rc; +} + +TPM_RC +TSS_UINT16_Marshalu(const UINT16 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sizeof(uint16_t))) { + + (*buffer)[0] = (BYTE)((*source >> 8) & 0xff); + (*buffer)[1] = (BYTE)((*source >> 0) & 0xff); + *buffer += sizeof(uint16_t); + + if (size != NULL) { + *size -= sizeof(uint16_t); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(uint16_t); + return rc; +} + +TPM_RC +TSS_UINT32_Marshalu(const UINT32 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sizeof(uint32_t))) { + + (*buffer)[0] = (BYTE)((*source >> 24) & 0xff); + (*buffer)[1] = (BYTE)((*source >> 16) & 0xff); + (*buffer)[2] = (BYTE)((*source >> 8) & 0xff); + (*buffer)[3] = (BYTE)((*source >> 0) & 0xff); + *buffer += sizeof(uint32_t); + + if (size != NULL) { + *size -= sizeof(uint32_t); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(uint32_t); + return rc; +} + +TPM_RC +TSS_INT32_Marshalu(const INT32 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + rc = TSS_UINT32_Marshalu((const UINT32 *)source, written, buffer, size); + return rc; +} + +TPM_RC +TSS_UINT64_Marshalu(const UINT64 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sizeof(UINT64))) { + + (*buffer)[0] = (BYTE)((*source >> 56) & 0xff); + (*buffer)[1] = (BYTE)((*source >> 48) & 0xff); + (*buffer)[2] = (BYTE)((*source >> 40) & 0xff); + (*buffer)[3] = (BYTE)((*source >> 32) & 0xff); + (*buffer)[4] = (BYTE)((*source >> 24) & 0xff); + (*buffer)[5] = (BYTE)((*source >> 16) & 0xff); + (*buffer)[6] = (BYTE)((*source >> 8) & 0xff); + (*buffer)[7] = (BYTE)((*source >> 0) & 0xff); + *buffer += sizeof(UINT64); + + if (size != NULL) { + *size -= sizeof(UINT64); + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sizeof(UINT64); + return rc; +} + +TPM_RC +TSS_Array_Marshalu(const BYTE *source, uint16_t sourceSize, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (buffer != NULL) { + if ((size == NULL) || (*size >= sourceSize)) { + memcpy(*buffer, source, sourceSize); + + *buffer += sourceSize; + + if (size != NULL) { + *size -= sourceSize; + } + } + else { + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + *written += sourceSize; + return rc; +} + + +#ifdef TPM_TPM20 + +/* + TPM 2.0 Command parameter marshaling +*/ + +TPM_RC +TSS_Startup_In_Marshalu(const Startup_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_SU_Marshalu(&source->startupType, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Shutdown_In_Marshalu(const Shutdown_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_SU_Marshalu(&source->shutdownType, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SelfTest_In_Marshalu(const SelfTest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->fullTest, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_IncrementalSelfTest_In_Marshalu(const IncrementalSelfTest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPML_ALG_Marshalu(&source->toTest, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_StartAuthSession_In_Marshalu(const StartAuthSession_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->tpmKey, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->bind, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceCaller, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->encryptedSalt, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_SE_Marshalu(&source->sessionType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_Marshalu(&source->symmetric, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->authHash, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyRestart_In_Marshalu(const PolicyRestart_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->sessionHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Create_In_Marshalu(const Create_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->creationPCR, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Load_In_Marshalu(const Load_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PRIVATE_Marshalu(&source->inPrivate, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_LoadExternal_In_Marshalu(const LoadExternal_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + /* optional parameter, use size as flag */ + if (source->inPrivate.b.size == 0) { /* not present */ + uint16_t zero = 0; + rc = TSS_UINT16_Marshalu(&zero, written, buffer, size); + } + else { + rc = TSS_TPM2B_SENSITIVE_Marshalu(&source->inPrivate, written, buffer, size); + } + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ReadPublic_In_Marshalu(const ReadPublic_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ActivateCredential_In_Marshalu(const ActivateCredential_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->activateHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ID_OBJECT_Marshalu(&source->credentialBlob, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->secret, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_MakeCredential_In_Marshalu(const MakeCredential_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->credential, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Unseal_In_Marshalu(const Unseal_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->itemHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ObjectChangeAuth_In_Marshalu(const ObjectChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_CreateLoaded_In_Marshalu(const CreateLoaded_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_TEMPLATE_Marshalu(&source->inPublic, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Duplicate_In_Marshalu(const Duplicate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->newParentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->encryptionKeyIn, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetricAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Rewrap_In_Marshalu(const Rewrap_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->oldParent, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->newParent, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PRIVATE_Marshalu(&source->inDuplicate, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->name, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->inSymSeed, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Import_In_Marshalu(const Import_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->encryptionKey, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_Marshalu(&source->objectPublic, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PRIVATE_Marshalu(&source->duplicate, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->inSymSeed, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetricAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_RSA_Encrypt_In_Marshalu(const RSA_Encrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->message, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_RSA_DECRYPT_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->label, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_RSA_Decrypt_In_Marshalu(const RSA_Decrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->cipherText, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_RSA_DECRYPT_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->label, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECDH_KeyGen_In_Marshalu(const ECDH_KeyGen_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECDH_ZGen_In_Marshalu(const ECDH_ZGen_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inPoint, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECC_Parameters_In_Marshalu(const ECC_Parameters_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ZGen_2Phase_In_Marshalu(const ZGen_2Phase_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyA, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inQsB, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inQeB, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->counter, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_EncryptDecrypt_In_Marshalu(const EncryptDecrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->decrypt, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_CIPHER_MODE_Marshalu(&source->mode, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_IV_Marshalu(&source->ivIn, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->inData, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_EncryptDecrypt2_In_Marshalu(const EncryptDecrypt2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->inData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->decrypt, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_CIPHER_MODE_Marshalu(&source->mode, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_IV_Marshalu(&source->ivIn, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Hash_In_Marshalu(const Hash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->data, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_HMAC_In_Marshalu(const HMAC_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetRandom_In_Marshalu(const GetRandom_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->bytesRequested, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_StirRandom_In_Marshalu(const StirRandom_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->inData, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_HMAC_Start_In_Marshalu(const HMAC_Start_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_HashSequenceStart_In_Marshalu(const HashSequenceStart_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SequenceUpdate_In_Marshalu(const SequenceUpdate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SequenceComplete_In_Marshalu(const SequenceComplete_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_EventSequenceComplete_In_Marshalu(const EventSequenceComplete_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Certify_In_Marshalu(const Certify_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_CertifyCreation_In_Marshalu(const CertifyCreation_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->creationHash, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_TK_CREATION_Marshalu(&source->creationTicket, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_CertifyX509_In_Marshalu(const CertifyX509_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->reserved, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->partialCertificate, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Quote_In_Marshalu(const Quote_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->PCRselect, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetSessionAuditDigest_In_Marshalu(const GetSessionAuditDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyAdminHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_SH_HMAC_Marshalu(&source->sessionHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetCommandAuditDigest_In_Marshalu(const GetCommandAuditDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetTime_In_Marshalu(const GetTime_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyAdminHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Commit_In_Marshalu(const Commit_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->P1, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->s2, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->y2, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_EC_Ephemeral_In_Marshalu(const EC_Ephemeral_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_VerifySignature_In_Marshalu(const VerifySignature_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIGNATURE_Marshalu(&source->signature, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Sign_In_Marshalu(const Sign_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_TK_HASHCHECK_Marshalu(&source->validation, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SetCommandCodeAuditStatus_In_Marshalu(const SetCommandCodeAuditStatus_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->auditAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->setList, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->clearList, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Extend_In_Marshalu(const PCR_Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_VALUES_Marshalu(&source->digests, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Event_In_Marshalu(const PCR_Event_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_EVENT_Marshalu(&source->eventData, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Read_In_Marshalu(const PCR_Read_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelectionIn, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Allocate_In_Marshalu(const PCR_Allocate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrAllocation, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_SetAuthPolicy_In_Marshalu(const PCR_SetAuthPolicy_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrNum, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_SetAuthValue_In_Marshalu(const PCR_SetAuthValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->auth, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Reset_In_Marshalu(const PCR_Reset_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicySigned_In_Marshalu(const PolicySigned_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->authObject, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size); + } + if (rc == 0) { + rc = TSS_INT32_Marshalu(&source->expiration, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIGNATURE_Marshalu(&source->auth, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicySecret_In_Marshalu(const PolicySecret_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size); + } + if (rc == 0) { + rc = TSS_INT32_Marshalu(&source->expiration, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyTicket_In_Marshalu(const PolicyTicket_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_TIMEOUT_Marshalu(&source->timeout, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->authName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_TK_AUTH_Marshalu(&source->ticket, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyOR_In_Marshalu(const PolicyOR_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_DIGEST_Marshalu(&source->pHashList, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyPCR_In_Marshalu(const PolicyPCR_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrs, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyLocality_In_Marshalu(const PolicyLocality_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_LOCALITY_Marshalu(&source->locality, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyNV_In_Marshalu(const PolicyNV_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_OPERAND_Marshalu(&source->operandB, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_EO_Marshalu(&source->operation, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyCounterTimer_In_Marshalu(const PolicyCounterTimer_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_OPERAND_Marshalu(&source->operandB, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_EO_Marshalu(&source->operation, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyCommandCode_In_Marshalu(const PolicyCommandCode_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_CC_Marshalu(&source->code, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyPhysicalPresence_In_Marshalu(const PolicyPhysicalPresence_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyCpHash_In_Marshalu(const PolicyCpHash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyNameHash_In_Marshalu(const PolicyNameHash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->nameHash, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyDuplicationSelect_In_Marshalu(const PolicyDuplicationSelect_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->newParentName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->includeObject, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyAuthorize_In_Marshalu(const PolicyAuthorize_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->approvedPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->keySign, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_TK_VERIFIED_Marshalu(&source->checkTicket, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyAuthValue_In_Marshalu(const PolicyAuthValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyPassword_In_Marshalu(const PolicyPassword_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyGetDigest_In_Marshalu(const PolicyGetDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyNvWritten_In_Marshalu(const PolicyNvWritten_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->writtenSet, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyTemplate_In_Marshalu(const PolicyTemplate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->templateHash, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyAuthorizeNV_In_Marshalu(const PolicyAuthorizeNV_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_CreatePrimary_In_Marshalu(const CreatePrimary_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->primaryHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->creationPCR, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_HierarchyControl_In_Marshalu(const HierarchyControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_ENABLES_Marshalu(&source->enable, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->state, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SetPrimaryPolicy_In_Marshalu(const SetPrimaryPolicy_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ChangePPS_In_Marshalu(const ChangePPS_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ChangeEPS_In_Marshalu(const ChangeEPS_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_Clear_In_Marshalu(const Clear_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_CLEAR_Marshalu(&source->authHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ClearControl_In_Marshalu(const ClearControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_CLEAR_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->disable, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_HierarchyChangeAuth_In_Marshalu(const HierarchyChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_DictionaryAttackLockReset_In_Marshalu(const DictionaryAttackLockReset_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_LOCKOUT_Marshalu(&source->lockHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_DictionaryAttackParameters_In_Marshalu(const DictionaryAttackParameters_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_LOCKOUT_Marshalu(&source->lockHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->newMaxTries, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->newRecoveryTime, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->lockoutRecovery, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_PP_Commands_In_Marshalu(const PP_Commands_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->setList, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->clearList, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_SetAlgorithmSet_In_Marshalu(const SetAlgorithmSet_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->algorithmSet, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ContextSave_In_Marshalu(const ContextSave_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_CONTEXT_Marshalu(&source->saveHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ContextLoad_In_Marshalu(const ContextLoad_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_CONTEXT_Marshalu(&source->context, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_FlushContext_In_Marshalu(const FlushContext_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_CONTEXT_Marshalu(&source->flushHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_EvictControl_In_Marshalu(const EvictControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_PERSISTENT_Marshalu(&source->persistentHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ClockSet_In_Marshalu(const ClockSet_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->newTime, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_ClockRateAdjust_In_Marshalu(const ClockRateAdjust_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_CLOCK_ADJUST_Marshalu(&source->rateAdjust, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetCapability_In_Marshalu(const GetCapability_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_CAP_Marshalu(&source->capability, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->property, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->propertyCount, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TestParms_In_Marshalu(const TestParms_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMT_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_DefineSpace_In_Marshalu(const NV_DefineSpace_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NV_PUBLIC_Marshalu(&source->publicInfo, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_UndefineSpace_In_Marshalu(const NV_UndefineSpace_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_UndefineSpaceSpecial_In_Marshalu(const NV_UndefineSpaceSpecial_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->platform, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_ReadPublic_In_Marshalu(const NV_ReadPublic_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Write_In_Marshalu(const NV_Write_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->data, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Increment_In_Marshalu(const NV_Increment_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Extend_In_Marshalu(const NV_Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->data, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_SetBits_In_Marshalu(const NV_SetBits_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->bits, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_WriteLock_In_Marshalu(const NV_WriteLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_GlobalWriteLock_In_Marshalu(const NV_GlobalWriteLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Read_In_Marshalu(const NV_Read_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_ReadLock_In_Marshalu(const NV_ReadLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_ChangeAuth_In_Marshalu(const NV_ChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Certify_In_Marshalu(const NV_Certify_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + return rc; +} + +/* + TPM 2.0 Response parameter unmarshaling +*/ + +TPM_RC +TSS_IncrementalSelfTest_Out_Unmarshalu(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_ALG_Unmarshalu(&target->toDoList, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetTestResult_Out_Unmarshalu(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + uint32_t parameterSize; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->outData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_RC_Unmarshalu(&target->testResult, buffer, size); + } + return rc; +} +TPM_RC +TSS_StartAuthSession_Out_Unmarshalu(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(&target->sessionHandle, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size); + } + return rc; +} +TPM_RC +TSS_Create_Out_Unmarshalu(Create_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size); + } + return rc; +} +TPM_RC +TSS_Load_Out_Unmarshalu(Load_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + return rc; +} +TPM_RC +TSS_LoadExternal_Out_Unmarshalu(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + return rc; +} +TPM_RC +TSS_ReadPublic_Out_Unmarshalu(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedName, buffer, size); + } + return rc; +} +TPM_RC +TSS_ActivateCredential_Out_Unmarshalu(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->certInfo, buffer, size); + } + return rc; +} +TPM_RC +TSS_MakeCredential_Out_Unmarshalu(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ID_OBJECT_Unmarshalu(&target->credentialBlob, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->secret, buffer, size); + } + return rc; +} +TPM_RC +TSS_Unseal_Out_Unmarshalu(Unseal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->outData, buffer, size); + } + return rc; +} +TPM_RC +TSS_ObjectChangeAuth_Out_Unmarshalu(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size); + } + return rc; +} +TPM_RC +TSS_CreateLoaded_Out_Unmarshalu(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + return rc; +} +TPM_RC +TSS_Duplicate_Out_Unmarshalu(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKeyOut, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->duplicate, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->outSymSeed, buffer, size); + } + return rc; +} +TPM_RC +TSS_Rewrap_Out_Unmarshalu(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outDuplicate, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->outSymSeed, buffer, size); + } + return rc; +} +TPM_RC +TSS_Import_Out_Unmarshalu(Import_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size); + } + return rc; +} +TPM_RC +TSS_RSA_Encrypt_Out_Unmarshalu(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->outData, buffer, size); + } + return rc; +} +TPM_RC +TSS_RSA_Decrypt_Out_Unmarshalu(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->message, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECDH_KeyGen_Out_Unmarshalu(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->zPoint, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->pubPoint, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECDH_ZGen_Out_Unmarshalu(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outPoint, buffer, size); + } + return rc; +} +TPM_RC +TSS_ECC_Parameters_Out_Unmarshalu(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(&target->parameters, buffer, size); + } + return rc; +} +TPM_RC +TSS_ZGen_2Phase_Out_Unmarshalu(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outZ1, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outZ2, buffer, size); + } + return rc; +} +TPM_RC +TSS_EncryptDecrypt_Out_Unmarshalu(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->outData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_IV_Unmarshalu(&target->ivOut, buffer, size); + } + return rc; +} +TPM_RC +TSS_EncryptDecrypt2_Out_Unmarshalu(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + return TSS_EncryptDecrypt_Out_Unmarshalu((EncryptDecrypt_Out *)target, tag, buffer, size); +} +TPM_RC +TSS_Hash_Out_Unmarshalu(Hash_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->outHash, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size); + } + return rc; +} +TPM_RC +TSS_HMAC_Out_Unmarshalu(HMAC_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->outHMAC, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetRandom_Out_Unmarshalu(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->randomBytes, buffer, size); + } + return rc; +} +TPM_RC +TSS_HMAC_Start_Out_Unmarshalu(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_OBJECT_Unmarshalu(&target->sequenceHandle, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + return rc; +} +TPM_RC +TSS_HashSequenceStart_Out_Unmarshalu(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_OBJECT_Unmarshalu(&target->sequenceHandle, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + return rc; +} +TPM_RC +TSS_SequenceComplete_Out_Unmarshalu(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->result, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size); + } + return rc; +} +TPM_RC +TSS_EventSequenceComplete_Out_Unmarshalu(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->results, buffer, size); + } + return rc; +} +TPM_RC +TSS_Certify_Out_Unmarshalu(Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_CertifyCreation_Out_Unmarshalu(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_CertifyX509_Out_Unmarshalu(CertifyX509_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->addedToCertificate, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->tbsDigest, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_Quote_Out_Unmarshalu(Quote_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->quoted, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_GetSessionAuditDigest_Out_Unmarshalu(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->auditInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_GetCommandAuditDigest_Out_Unmarshalu(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->auditInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_GetTime_Out_Unmarshalu(GetTime_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->timeInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} +TPM_RC +TSS_Commit_Out_Unmarshalu(Commit_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->K, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->L, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->E, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size); + } + return rc; +} +TPM_RC +TSS_EC_Ephemeral_Out_Unmarshalu(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->Q, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size); + } + return rc; +} +TPM_RC +TSS_VerifySignature_Out_Unmarshalu(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_VERIFIED_Unmarshalu(&target->validation, buffer, size); + } + return rc; +} +TPM_RC +TSS_Sign_Out_Unmarshalu(Sign_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, NO); + } + return rc; +} +TPM_RC +TSS_PCR_Event_Out_Unmarshalu(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size); + } + return rc; +} +TPM_RC +TSS_PCR_Read_Out_Unmarshalu(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->pcrUpdateCounter, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelectionOut, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPML_DIGEST_Unmarshalu(&target->pcrValues, buffer, size, 0); + } + return rc; +} +TPM_RC +TSS_PCR_Allocate_Out_Unmarshalu(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->allocationSuccess, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->maxPCR, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->sizeNeeded, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_UINT32_Unmarshalu(&target->sizeAvailable, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicySigned_Out_Unmarshalu(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->policyTicket, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicySecret_Out_Unmarshalu(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->policyTicket, buffer, size); + } + return rc; +} +TPM_RC +TSS_PolicyGetDigest_Out_Unmarshalu(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->policyDigest, buffer, size); + } + return rc; +} +TPM_RC +TSS_CreatePrimary_Out_Unmarshalu(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size); + } + return rc; +} +TPM_RC +TSS_ContextSave_Out_Unmarshalu(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CONTEXT_Unmarshalu(&target->context, buffer, size); + } + return rc; +} +TPM_RC +TSS_ContextLoad_Out_Unmarshalu(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_DH_CONTEXT_Unmarshalu(&target->loadedHandle, buffer, size, NO); + } + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + return rc; +} +TPM_RC +TSS_ReadClock_Out_Unmarshalu(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_TIME_INFO_Unmarshalu(&target->currentTime, buffer, size); + } + return rc; +} +TPM_RC +TSS_GetCapability_Out_Unmarshalu(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMI_YES_NO_Unmarshalu(&target->moreData, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMS_CAPABILITY_DATA_Unmarshalu(&target->capabilityData, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_ReadPublic_Out_Unmarshalu(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NV_PUBLIC_Unmarshalu(&target->nvPublic, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_NAME_Unmarshalu(&target->nvName, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Read_Out_Unmarshalu(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size); + } + return rc; +} +TPM_RC +TSS_NV_Certify_Out_Unmarshalu(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + uint32_t parameterSize = 0; + if (rc == TPM_RC_SUCCESS) { + if (tag == TPM_ST_SESSIONS) { + rc = TSS_UINT32_Unmarshalu(¶meterSize, buffer, size); + } + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size); + } + if (rc == TPM_RC_SUCCESS) { + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES); + } + return rc; +} + +/* + TPM 2.0 Structure marshaling +*/ + +TPM_RC +TSS_TPM2B_Marshalu(const TPM2B *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&(source->size), written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->buffer, source->size, written, buffer, size); + } + return rc; +} + +/* Table 5 - Definition of Types for Documentation Clarity */ + +TPM_RC +TSS_TPM_KEY_BITS_Marshalu(const TPM_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ + +TPM_RC +TSS_TPM_GENERATED_Marshalu(const TPM_GENERATED *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ + +TPM_RC +TSS_TPM_ALG_ID_Marshalu(const TPM_ALG_ID *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 10 - Definition of (uint16_t) {ECC} TPM_ECC_CURVE Constants */ + +#ifdef TPM_ALG_ECC +TPM_RC +TSS_TPM_ECC_CURVE_Marshalu(const TPM_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} +#endif + +/* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) */ + +TPM_RC +TSS_TPM_RC_Marshalu(const TPM_RC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ + +TPM_RC +TSS_TPM_CLOCK_ADJUST_Marshalu(const TPM_CLOCK_ADJUST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_INT8_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 19 - Definition of (UINT16) TPM_EO Constants */ + +TPM_RC +TSS_TPM_EO_Marshalu(const TPM_EO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 20 - Definition of (UINT16) TPM_ST Constants */ + +TPM_RC +TSS_TPM_ST_Marshalu(const TPM_ST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 21 - Definition of (UINT16) TPM_SU Constants */ + +TPM_RC +TSS_TPM_SU_Marshalu(const TPM_ST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 22 - Definition of (UINT8) TPM_SE Constants */ + +TPM_RC +TSS_TPM_SE_Marshalu(const TPM_SE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 23 - Definition of (UINT32) TPM_CAP Constants */ + +TPM_RC +TSS_TPM_CAP_Marshalu(const TPM_CAP *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 24 - Definition of (UINT32) TPM_PT Constants */ + +TPM_RC +TSS_TPM_PT_Marshalu(const TPM_PT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants */ + +TPM_RC +TSS_TPM_PT_PCR_Marshalu(const TPM_PT_PCR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 27 - Definition of Types for Handles */ + +TPM_RC +TSS_TPM_HANDLE_Marshalu(const TPM_HANDLE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */ + +TPM_RC +TSS_TPMA_ALGORITHM_Marshalu(const TPMA_ALGORITHM *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */ + +TPM_RC +TSS_TPMA_OBJECT_Marshalu(const TPMA_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 33 - Definition of (UINT8) TPMA_SESSION Bits */ + +TPM_RC +TSS_TPMA_SESSION_Marshalu(const TPMA_SESSION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits */ + +TPM_RC +TSS_TPMA_LOCALITY_Marshalu(const TPMA_LOCALITY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ + +TPM_RC +TSS_TPM_CC_Marshalu(const TPM_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ + +TPM_RC +TSS_TPMA_CC_Marshalu(const TPMA_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */ + +TPM_RC +TSS_TPMI_YES_NO_Marshalu(const TPMI_YES_NO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ + +TPM_RC +TSS_TPMI_DH_OBJECT_Marshalu(const TPMI_DH_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ + +TPM_RC +TSS_TPMI_DH_PERSISTENT_Marshalu(const TPMI_DH_PERSISTENT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ + +TPM_RC +TSS_TPMI_DH_ENTITY_Marshalu(const TPMI_DH_ENTITY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ + +TPM_RC +TSS_TPMI_DH_PCR_Marshalu(const TPMI_DH_PCR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ + +TPM_RC +TSS_TPMI_SH_AUTH_SESSION_Marshalu(const TPMI_SH_AUTH_SESSION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ + +TPM_RC +TSS_TPMI_SH_HMAC_Marshalu(const TPMI_SH_HMAC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ + +TPM_RC +TSS_TPMI_SH_POLICY_Marshalu(const TPMI_SH_POLICY*source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ + +TPM_RC +TSS_TPMI_DH_CONTEXT_Marshalu(const TPMI_DH_CONTEXT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type */ + +TPM_RC +TSS_TPMI_DH_SAVED_Marshalu(const TPMI_DH_SAVED *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ + +TPM_RC +TSS_TPMI_RH_HIERARCHY_Marshalu(const TPMI_RH_HIERARCHY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ + +TPM_RC +TSS_TPMI_RH_ENABLES_Marshalu(const TPMI_RH_ENABLES *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ + +TPM_RC +TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(const TPMI_RH_HIERARCHY_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_POLICY Type */ + +TPM_RC +TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(const TPMI_RH_HIERARCHY_POLICY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ + +TPM_RC +TSS_TPMI_RH_PLATFORM_Marshalu(const TPMI_RH_PLATFORM *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ + +TPM_RC +TSS_TPMI_RH_ENDORSEMENT_Marshalu(const TPMI_RH_ENDORSEMENT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ + +TPM_RC +TSS_TPMI_RH_PROVISION_Marshalu(const TPMI_RH_PROVISION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ + +TPM_RC +TSS_TPMI_RH_CLEAR_Marshalu(const TPMI_RH_CLEAR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ + +TPM_RC +TSS_TPMI_RH_NV_AUTH_Marshalu(const TPMI_RH_NV_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ + +TPM_RC +TSS_TPMI_RH_LOCKOUT_Marshalu(const TPMI_RH_LOCKOUT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ + +TPM_RC +TSS_TPMI_RH_NV_INDEX_Marshalu(const TPMI_RH_NV_INDEX *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + +TPM_RC +TSS_TPMI_ALG_HASH_Marshalu(const TPMI_ALG_HASH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_Marshalu(const TPMI_ALG_SYM *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_OBJECT_Marshalu(const TPMI_ALG_SYM_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ + +TPM_RC +TSS_TPMI_ALG_SYM_MODE_Marshalu(const TPMI_ALG_SYM_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + +TPM_RC +TSS_TPMI_ALG_KDF_Marshalu(const TPMI_ALG_KDF *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_SIG_SCHEME_Marshalu(const TPMI_ALG_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ + +TPM_RC +TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(const TPMI_ECC_KEY_EXCHANGE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ + +TPM_RC +TSS_TPMI_ST_COMMAND_TAG_Marshalu(const TPMI_ST_COMMAND_TAG *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 71 - Definition of (TPM_ALG_ID) TPMI_ALG_MAC_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_MAC_SCHEME_Marshalu(const TPMI_ALG_MAC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 72 - Definition of (TPM_ALG_ID) TPMI_ALG_CIPHER_MODE Type */ + +TPM_RC +TSS_TPMI_ALG_CIPHER_MODE_Marshalu(const TPMI_ALG_CIPHER_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 70 - Definition of TPMU_HA Union */ + +TPM_RC +TSS_TPMU_HA_Marshalu(const TPMU_HA *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + + switch (selector) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->sha1[0], SHA1_DIGEST_SIZE, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->sha256[0], SHA256_DIGEST_SIZE, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->sha384[0], SHA384_DIGEST_SIZE, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->sha512[0], SHA512_DIGEST_SIZE, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM3_256 + case TPM_ALG_SM3_256: + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->sm3_256[0], SM3_256_DIGEST_SIZE, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 71 - Definition of TPMT_HA Structure */ + +TPM_RC +TSS_TPMT_HA_Marshalu(const TPMT_HA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_HA_Marshalu(&source->digest, written, buffer, size, source->hashAlg); + } + return rc; +} + +/* Table 72 - Definition of TPM2B_DIGEST Structure */ + +TPM_RC +TSS_TPM2B_DIGEST_Marshalu(const TPM2B_DIGEST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 73 - Definition of TPM2B_DATA Structure */ + +TPM_RC +TSS_TPM2B_DATA_Marshalu(const TPM2B_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 74 - Definition of Types for TPM2B_NONCE */ + +TPM_RC +TSS_TPM2B_NONCE_Marshalu(const TPM2B_NONCE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 75 - Definition of Types for TPM2B_AUTH */ + +TPM_RC +TSS_TPM2B_AUTH_Marshalu(const TPM2B_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 76 - Definition of Types for TPM2B_OPERAND */ + +TPM_RC +TSS_TPM2B_OPERAND_Marshalu(const TPM2B_OPERAND *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 77 - Definition of TPM2B_EVENT Structure */ + +TPM_RC +TSS_TPM2B_EVENT_Marshalu(const TPM2B_EVENT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */ + +TPM_RC +TSS_TPM2B_MAX_BUFFER_Marshalu(const TPM2B_MAX_BUFFER *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */ + +TPM_RC +TSS_TPM2B_MAX_NV_BUFFER_Marshalu(const TPM2B_MAX_NV_BUFFER *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 80 - Definition of TPM2B_TIMEOUT Structure */ + +TPM_RC +TSS_TPM2B_TIMEOUT_Marshalu(const TPM2B_TIMEOUT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 81 - Definition of TPM2B_IV Structure */ + +TPM_RC +TSS_TPM2B_IV_Marshalu(const TPM2B_IV *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 83 - Definition of TPM2B_NAME Structure */ + +TPM_RC +TSS_TPM2B_NAME_Marshalu(const TPM2B_NAME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ + +TPM_RC +TSS_TPMS_PCR_SELECTION_Marshalu(const TPMS_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->sizeofSelect, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->pcrSelect[0], source->sizeofSelect, written, buffer, size); + } + return rc; +} + +/* Table 88 - Definition of TPMT_TK_CREATION Structure */ + +TPM_RC +TSS_TPMT_TK_CREATION_Marshalu(const TPMT_TK_CREATION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + return rc; +} + +/* Table 89 - Definition of TPMT_TK_VERIFIED Structure */ + +TPM_RC +TSS_TPMT_TK_VERIFIED_Marshalu(const TPMT_TK_VERIFIED *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + return rc; +} + +/* Table 90 - Definition of TPMT_TK_AUTH Structure */ + +TPM_RC +TSS_TPMT_TK_AUTH_Marshalu(const TPMT_TK_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + return rc; +} + +/* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ + +TPM_RC +TSS_TPMT_TK_HASHCHECK_Marshalu(const TPMT_TK_HASHCHECK *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size); + } + return rc; +} + +/* Table 92 - Definition of TPMS_ALG_PROPERTY Structure */ + +TPM_RC +TSS_TPMS_ALG_PROPERTY_Marshalu(const TPMS_ALG_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(&source->alg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_ALGORITHM_Marshalu(&source->algProperties, written, buffer, size); + } + return rc; +} + +/* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure */ + +TPM_RC +TSS_TPMS_TAGGED_PROPERTY_Marshalu(const TPMS_TAGGED_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_PT_Marshalu(&source->property, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->value, written, buffer, size); + } + return rc; +} + +/* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ + +TPM_RC +TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(const TPMS_TAGGED_PCR_SELECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_PT_PCR_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->sizeofSelect, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(&source->pcrSelect[0], source->sizeofSelect, written, buffer, size); + } + return rc; +} + +/* Table 95 - Definition of TPML_CC Structure */ + +TPM_RC +TSS_TPML_CC_Marshalu(const TPML_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPM_CC_Marshalu(&source->commandCodes[i], written, buffer, size); + } + } + return rc; +} + +/* Table 96 - Definition of TPML_CCA Structure */ + +TPM_RC +TSS_TPML_CCA_Marshalu(const TPML_CCA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMA_CC_Marshalu(&source->commandAttributes[i], written, buffer, size); + } + } + return rc; +} + +/* Table 97 - Definition of TPML_ALG Structure */ + +TPM_RC +TSS_TPML_ALG_Marshalu(const TPML_ALG *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(&source->algorithms[i], written, buffer, size); + } + } + return rc; +} + +/* Table 98 - Definition of TPML_HANDLE Structure */ + +TPM_RC +TSS_TPML_HANDLE_Marshalu(const TPML_HANDLE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPM_HANDLE_Marshalu(&source->handle[i], written, buffer, size); + } + } + return rc; +} + +/* Table 99 - Definition of TPML_DIGEST Structure */ + +TPM_RC +TSS_TPML_DIGEST_Marshalu(const TPML_DIGEST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->digests[i], written, buffer, size); + } + } + return rc; +} + +/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ + +TPM_RC +TSS_TPML_DIGEST_VALUES_Marshalu(const TPML_DIGEST_VALUES *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMT_HA_Marshalu(&source->digests[i], written, buffer, size); + } + } + return rc; +} + +/* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + +TPM_RC +TSS_TPML_PCR_SELECTION_Marshalu(const TPML_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMS_PCR_SELECTION_Marshalu(&source->pcrSelections[i], written, buffer, size); + } + } + return rc; +} + +/* Table 103 - Definition of TPML_ALG_PROPERTY Structure */ + +TPM_RC +TSS_TPML_ALG_PROPERTY_Marshalu(const TPML_ALG_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMS_ALG_PROPERTY_Marshalu(&source->algProperties[i], written, buffer, size); + } + } + return rc; +} + +/* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ + +TPM_RC +TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(const TPML_TAGGED_TPM_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMS_TAGGED_PROPERTY_Marshalu(&source->tpmProperty[i], written, buffer, size); + } + } + return rc; +} + +/* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ + +TPM_RC +TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(const TPML_TAGGED_PCR_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(&source->pcrProperty[i], written, buffer, size); + } + } + return rc; +} + +/* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure */ + +TPM_RC +TSS_TPML_ECC_CURVE_Marshalu(const TPML_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint32_t i; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size); + } + for (i = 0 ; i < source->count ; i++) { + if (rc == 0) { + rc = TSS_TPM_ECC_CURVE_Marshalu(&source->eccCurves[i], written, buffer, size); + } + } + return rc; +} + +/* Table 107 - Definition of TPMU_CAPABILITIES Union */ + +TPM_RC +TSS_TPMU_CAPABILITIES_Marshalu(const TPMU_CAPABILITIES *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { + case TPM_CAP_ALGS: + if (rc == 0) { + rc = TSS_TPML_ALG_PROPERTY_Marshalu(&source->algorithms, written, buffer, size); + } + break; + case TPM_CAP_HANDLES: + if (rc == 0) { + rc = TSS_TPML_HANDLE_Marshalu(&source->handles, written, buffer, size); + } + break; + case TPM_CAP_COMMANDS: + if (rc == 0) { + rc = TSS_TPML_CCA_Marshalu(&source->command, written, buffer, size); + } + break; + case TPM_CAP_PP_COMMANDS: + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->ppCommands, written, buffer, size); + } + break; + case TPM_CAP_AUDIT_COMMANDS: + if (rc == 0) { + rc = TSS_TPML_CC_Marshalu(&source->auditCommands, written, buffer, size); + } + break; + case TPM_CAP_PCRS: + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->assignedPCR, written, buffer, size); + } + break; + case TPM_CAP_TPM_PROPERTIES: + if (rc == 0) { + rc = TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(&source->tpmProperties, written, buffer, size); + } + break; + case TPM_CAP_PCR_PROPERTIES: + if (rc == 0) { + rc = TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(&source->pcrProperties, written, buffer, size); + } + break; + case TPM_CAP_ECC_CURVES: + if (rc == 0) { + rc = TSS_TPML_ECC_CURVE_Marshalu(&source->eccCurves, written, buffer, size); + } + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure */ + +TPM_RC +TSS_TPMS_CAPABILITY_DATA_Marshalu(const TPMS_CAPABILITY_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_CAP_Marshalu(&source->capability, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_CAPABILITIES_Marshalu(&source->data, written, buffer, size, source->capability); + } + return rc; +} + +/* Table 109 - Definition of TPMS_CLOCK_INFO Structure */ + +TPM_RC +TSS_TPMS_CLOCK_INFO_Marshalu(const TPMS_CLOCK_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->clock, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->resetCount, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->restartCount, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->safe, written, buffer, size); + } + return rc; +} + +/* Table 110 - Definition of TPMS_TIME_INFO Structure */ + +TPM_RC +TSS_TPMS_TIME_INFO_Marshalu(const TPMS_TIME_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->time, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMS_CLOCK_INFO_Marshalu(&source->clockInfo, written, buffer, size); + } + return rc; +} + +/* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure */ + +TPM_RC +TSS_TPMS_TIME_ATTEST_INFO_Marshalu(const TPMS_TIME_ATTEST_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_TIME_INFO_Marshalu(&source->time, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->firmwareVersion, written, buffer, size); + } + return rc; +} + +/* Table 112 - Definition of TPMS_CERTIFY_INFO Structure */ + +TPM_RC +TSS_TPMS_CERTIFY_INFO_Marshalu(const TPMS_CERTIFY_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->name, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->qualifiedName, written, buffer, size); + } + return rc; +} + +/* Table 113 - Definition of TPMS_QUOTE_INFO Structure */ + +TPM_RC +TSS_TPMS_QUOTE_INFO_Marshalu(const TPMS_QUOTE_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelect, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size); + } + return rc; +} + +/* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ + +TPM_RC +TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(const TPMS_COMMAND_AUDIT_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->auditCounter, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(&source->digestAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->auditDigest, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->commandDigest, written, buffer, size); + } + return rc; +} + +/* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ + +TPM_RC +TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(const TPMS_SESSION_AUDIT_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_YES_NO_Marshalu(&source->exclusiveSession, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->sessionDigest, written, buffer, size); + } + return rc; +} + +/* Table 116 - Definition of TPMS_CREATION_INFO Structure */ + +TPM_RC +TSS_TPMS_CREATION_INFO_Marshalu(const TPMS_CREATION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->creationHash, written, buffer, size); + } + return rc; +} + +/* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure */ + +TPM_RC +TSS_TPMS_NV_CERTIFY_INFO_Marshalu(const TPMS_NV_CERTIFY_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->indexName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->nvContents, written, buffer, size); + } + return rc; +} + +/* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ + +TPM_RC +TSS_TPMI_ST_ATTEST_Marshalu(const TPMI_ST_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ST_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 119 - Definition of TPMU_ATTEST Union */ + +TPM_RC +TSS_TPMU_ATTEST_Marshalu(const TPMU_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { + case TPM_ST_ATTEST_CERTIFY: + if (rc == 0) { + rc = TSS_TPMS_CERTIFY_INFO_Marshalu(&source->certify, written, buffer, size); + } + break; + case TPM_ST_ATTEST_CREATION: + if (rc == 0) { + rc = TSS_TPMS_CREATION_INFO_Marshalu(&source->creation, written, buffer, size); + } + break; + case TPM_ST_ATTEST_QUOTE: + if (rc == 0) { + rc = TSS_TPMS_QUOTE_INFO_Marshalu(&source->quote, written, buffer, size); + } + break; + case TPM_ST_ATTEST_COMMAND_AUDIT: + if (rc == 0) { + rc = TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(&source->commandAudit, written, buffer, size); + } + break; + case TPM_ST_ATTEST_SESSION_AUDIT: + if (rc == 0) { + rc = TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(&source->sessionAudit, written, buffer, size); + } + break; + case TPM_ST_ATTEST_TIME: + if (rc == 0) { + rc = TSS_TPMS_TIME_ATTEST_INFO_Marshalu(&source->time, written, buffer, size); + } + break; + case TPM_ST_ATTEST_NV: + if (rc == 0) { + rc = TSS_TPMS_NV_CERTIFY_INFO_Marshalu(&source->nv, written, buffer, size); + } + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 120 - Definition of TPMS_ATTEST Structure */ + +TPM_RC +TSS_TPMS_ATTEST_Marshalu(const TPMS_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_GENERATED_Marshalu(&source->magic, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ST_ATTEST_Marshalu(&source->type, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->qualifiedSigner, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->extraData, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMS_CLOCK_INFO_Marshalu(&source->clockInfo, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->firmwareVersion, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_ATTEST_Marshalu(&source->attested, written, buffer, size,source->type); + } + return rc; +} + +/* Table 121 - Definition of TPM2B_ATTEST Structure */ + +TPM_RC +TSS_TPM2B_ATTEST_Marshalu(const TPM2B_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 122 - Definition of TPMS_AUTH_COMMAND Structure */ + +TPM_RC +TSS_TPMS_AUTH_COMMAND_Marshalu(const TPMS_AUTH_COMMAND *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_SH_AUTH_SESSION_Marshalu(&source->sessionHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NONCE_Marshalu(&source->nonce, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_SESSION_Marshalu(&source->sessionAttributes, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->hmac, written, buffer, size); + } + return rc; +} + +/* Table 124 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ + +TPM_RC +TSS_TPMI_AES_KEY_BITS_Marshalu(const TPMI_AES_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ + +TPM_RC +TSS_TPMU_SYM_KEY_BITS_Marshalu(const TPMU_SYM_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch(selector) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: + if (rc == 0) { + rc = TSS_TPMI_AES_KEY_BITS_Marshalu(&source->aes, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM4 + case TPM_ALG_SM4: + if (rc == 0) { + rc = TSS_TPMI_SM4_KEY_BITS_Marshalu(&source->sm4, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_CAMELLIA + case TPM_ALG_CAMELLIA: + if (rc == 0) { + rc = TSS_TPMI_CAMELLIA_KEY_BITS_Marshalu(&source->camellia, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->xorr, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + return rc; + } + return rc; +} + +/* Table 126 - Definition of TPMU_SYM_MODE Union */ + +TPM_RC +TSS_TPMU_SYM_MODE_Marshalu(const TPMU_SYM_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: + if (rc == 0) { + rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->aes, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM4 + case TPM_ALG_SM4: + if (rc == 0) { + rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->sm4, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_CAMELLIA + case TPM_ALG_CAMELLIA: + if (rc == 0) { + rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->camellia, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 128 - Definition of TPMT_SYM_DEF Structure */ + +TPM_RC +TSS_TPMT_SYM_DEF_Marshalu(const TPMT_SYM_DEF *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_SYM_Marshalu(&source->algorithm, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SYM_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size, source->algorithm); + } + if (rc == 0) { + rc = TSS_TPMU_SYM_MODE_Marshalu(&source->mode, written, buffer, size, source->algorithm); + } + return rc; +} + +/* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + +TPM_RC +TSS_TPMT_SYM_DEF_OBJECT_Marshalu(const TPMT_SYM_DEF_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_SYM_OBJECT_Marshalu(&source->algorithm, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SYM_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size, source->algorithm); + } + if (rc == 0) { + rc = TSS_TPMU_SYM_MODE_Marshalu(&source->mode, written, buffer, size, source->algorithm); + } + return rc; +} + +/* Table 130 - Definition of TPM2B_SYM_KEY Structure */ + +TPM_RC +TSS_TPM2B_SYM_KEY_Marshalu(const TPM2B_SYM_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 134 - Definition of TPM2B_LABEL Structure */ + +TPM_RC +TSS_TPM2B_LABEL_Marshalu(const TPM2B_LABEL *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 139 - Definition of TPMS_DERIVE Structure */ + +TPM_RC +TSS_TPMS_DERIVE_Marshalu(const TPMS_DERIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_LABEL_Marshalu(&source->label, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_LABEL_Marshalu(&source->context, written, buffer, size); + } + return rc; +} + +/* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */ + +TPM_RC +TSS_TPMS_SYMCIPHER_PARMS_Marshalu(const TPMS_SYMCIPHER_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->sym, written, buffer, size); + } + return rc; +} + +/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_DATA_Marshalu(const TPM2B_SENSITIVE_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure */ + +TPM_RC +TSS_TPMS_SENSITIVE_CREATE_Marshalu(const TPMS_SENSITIVE_CREATE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->userAuth, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->data, written, buffer, size); + } + return rc; +} + +/* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_CREATE_Marshalu(const TPM2B_SENSITIVE_CREATE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMS_SENSITIVE_CREATE_Marshalu(&source->sensitive, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); /* backfill 2B size */ + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + +TPM_RC +TSS_TPMS_SCHEME_HASH_Marshalu(const TPMS_SCHEME_HASH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + return rc; +} + +/* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ + +TPM_RC +TSS_TPMS_SCHEME_ECDAA_Marshalu(const TPMS_SCHEME_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->count, written, buffer, size); + } + return rc; +} + +/* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(const TPMI_ALG_KEYEDHASH_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + +TPM_RC +TSS_TPMS_SCHEME_HMAC_Marshalu(const TPMS_SCHEME_HMAC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 139 - Definition of TPMS_SCHEME_XOR Structure */ + +TPM_RC +TSS_TPMS_SCHEME_XOR_Marshalu(const TPMS_SCHEME_XOR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_KDF_Marshalu(&source->kdf, written, buffer, size); + } + return rc; +} + +/* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + +TPM_RC +TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(const TPMU_SCHEME_KEYEDHASH *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HMAC_Marshalu(&source->hmac, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_XOR_Marshalu(&source->xorr, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + +TPM_RC +TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(const TPMT_KEYEDHASH_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(&source->details, written, buffer, size, source->scheme); + } + return rc; +} + +/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(const TPMS_SIG_SCHEME_RSASSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(const TPMS_SIG_SCHEME_RSAPSS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(const TPMS_SIG_SCHEME_ECDSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SIG_SCHEME_SM2_Marshalu(const TPMS_SIG_SCHEME_SM2 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(const TPMS_SIG_SCHEME_ECSCHNORR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(const TPMS_SIG_SCHEME_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_ECDAA_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 144 - Definition of TPMU_SIG_SCHEME Union */ + +TPM_RC +TSS_TPMU_SIG_SCHEME_Marshalu(const TPMU_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(&source->rsassa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(&source->rsapss, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(&source->ecdsa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(&source->ecdaa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_SM2_Marshalu(&source->sm2, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(&source->ecSchnorr, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HMAC_Marshalu(&source->hmac, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ + +TPM_RC +TSS_TPMT_SIG_SCHEME_Marshalu(const TPMT_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_SIG_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SIG_SCHEME_Marshalu(&source->details, written, buffer, size,source->scheme); + } + return rc; +} + +/* Table 146 - Definition of Types for {RSA} Encryption Schemes */ + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(const TPMS_ENC_SCHEME_OAEP *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 146 - Definition of Types for {RSA} Encryption Schemes */ + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(const TPMS_ENC_SCHEME_RSAES *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + source = source; + written = written; + buffer = buffer; + size = size; + return 0; +} + +/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ + +TPM_RC +TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(const TPMS_KEY_SCHEME_ECDH *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(const TPMS_KEY_SCHEME_ECMQV *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ + +TPM_RC +TSS_TPMS_SCHEME_MGF1_Marshalu(const TPMS_SCHEME_MGF1 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(const TPMS_SCHEME_KDF1_SP800_56A *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SCHEME_KDF2_Marshalu(const TPMS_SCHEME_KDF2 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(const TPMS_SCHEME_KDF1_SP800_108 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 149 - Definition of TPMU_KDF_SCHEME Union */ + +TPM_RC +TSS_TPMU_KDF_SCHEME_Marshalu(const TPMU_KDF_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_MGF1 + case TPM_ALG_MGF1: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_MGF1_Marshalu(&source->mgf1, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_KDF1_SP800_56A + case TPM_ALG_KDF1_SP800_56A: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(&source->kdf1_SP800_56a, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_KDF2 + case TPM_ALG_KDF2: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_KDF2_Marshalu(&source->kdf2, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_KDF1_SP800_108 + case TPM_ALG_KDF1_SP800_108: + if (rc == 0) { + rc = TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(&source->kdf1_sp800_108, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} +/* Table 150 - Definition of TPMT_KDF_SCHEME Structure */ + +TPM_RC +TSS_TPMT_KDF_SCHEME_Marshalu(const TPMT_KDF_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_KDF_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_KDF_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme); + } + return rc; +} + +/* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ + +TPM_RC +TSS_TPMU_ASYM_SCHEME_Marshalu(const TPMU_ASYM_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_ECDH + case TPM_ALG_ECDH: + if (rc == 0) { + rc = TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(&source->ecdh, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECMQV + case TPM_ALG_ECMQV: + if (rc == 0) { + rc = TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(&source->ecmqvh, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(&source->rsassa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(&source->rsapss, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(&source->ecdsa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(&source->ecdaa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_SM2_Marshalu(&source->sm2, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + if (rc == 0) { + rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(&source->ecSchnorr, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSAES + case TPM_ALG_RSAES: + if (rc == 0) { + rc = TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(&source->rsaes, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_OAEP + case TPM_ALG_OAEP: + if (rc == 0) { + rc = TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(&source->oaep, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_RSA_SCHEME_Marshalu(const TPMI_ALG_RSA_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ + +TPM_RC +TSS_TPMT_RSA_SCHEME_Marshalu(const TPMT_RSA_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_RSA_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme); + } + return rc; +} + +/* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ + +TPM_RC +TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(const TPMI_ALG_RSA_DECRYPT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + +TPM_RC +TSS_TPMT_RSA_DECRYPT_Marshalu(const TPMT_RSA_DECRYPT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme); + } + return rc; +} + +/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ + +TPM_RC +TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(const TPM2B_PUBLIC_KEY_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ + +TPM_RC +TSS_TPMI_RSA_KEY_BITS_Marshalu(const TPMI_RSA_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ + +TPM_RC +TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(const TPM2B_PRIVATE_KEY_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ + +TPM_RC +TSS_TPM2B_ECC_PARAMETER_Marshalu(const TPM2B_ECC_PARAMETER *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */ + +TPM_RC +TSS_TPMS_ECC_POINT_Marshalu(const TPMS_ECC_POINT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->x, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->y, written, buffer, size); + } + return rc; +} + +/* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */ + +TPM_RC +TSS_TPM2B_ECC_POINT_Marshalu(const TPM2B_ECC_POINT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMS_ECC_POINT_Marshalu(&source->point, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +/* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ + +TPM_RC +TSS_TPMI_ALG_ECC_SCHEME_Marshalu(const TPMI_ALG_ECC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + +TPM_RC +TSS_TPMI_ECC_CURVE_Marshalu(const TPMI_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ECC_CURVE_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ + +TPM_RC +TSS_TPMT_ECC_SCHEME_Marshalu(const TPMT_ECC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_ECC_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme); + } + return rc; +} + +/* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ + +TPM_RC +TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(const TPMS_ALGORITHM_DETAIL_ECC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->keySize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_KDF_SCHEME_Marshalu(&source->kdf, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_ECC_SCHEME_Marshalu(&source->sign, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->p, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->a, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->b, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->gX, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->gY, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->n, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->h, written, buffer, size); + } + return rc; +} + +/* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ + +TPM_RC +TSS_TPMS_SIGNATURE_RSA_Marshalu(const TPMS_SIGNATURE_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->sig, written, buffer, size); + } + return rc; +} + +/* Table 169 - Definition of Types for {RSA} Signature */ + +TPM_RC +TSS_TPMS_SIGNATURE_RSASSA_Marshalu(const TPMS_SIGNATURE_RSASSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, size); + } + return rc; +} +TPM_RC +TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(const TPMS_SIGNATURE_RSAPSS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ + +TPM_RC +TSS_TPMS_SIGNATURE_ECC_Marshalu(const TPMS_SIGNATURE_ECC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->signatureR, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->signatureS, written, buffer, size); + } + return rc; +} + +/* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ + +TPM_RC +TSS_TPMS_SIGNATURE_ECDSA_Marshalu(const TPMS_SIGNATURE_ECDSA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_ECDAA_Marshalu(const TPMS_SIGNATURE_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_SM2_Marshalu(const TPMS_SIGNATURE_SM2 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(const TPMS_SIGNATURE_ECSCHNORR *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 172 - Definition of TPMU_SIGNATURE Union */ + +TPM_RC +TSS_TPMU_SIGNATURE_Marshalu(const TPMU_SIGNATURE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_RSASSA_Marshalu(&source->rsassa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(&source->rsapss, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecdsa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecdaa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->sm2, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + if (rc == 0) { + rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecschnorr, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + if (rc == 0) { + rc = TSS_TPMT_HA_Marshalu(&source->hmac, written, buffer, size); + } + break; +#endif + case TPM_ALG_NULL: + break; + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 173 - Definition of TPMT_SIGNATURE Structure */ + +TPM_RC +TSS_TPMT_SIGNATURE_Marshalu(const TPMT_SIGNATURE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_SIG_SCHEME_Marshalu(&source->sigAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SIGNATURE_Marshalu(&source->signature, written, buffer, size, source->sigAlg); + } + return rc; +} + +/* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ + +TPM_RC +TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(const TPM2B_ENCRYPTED_SECRET *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + +TPM_RC +TSS_TPMI_ALG_PUBLIC_Marshalu(const TPMI_ALG_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* Table 177 - Definition of TPMU_PUBLIC_ID Union */ + +TPM_RC +TSS_TPMU_PUBLIC_ID_Marshalu(const TPMU_PUBLIC_ID *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->keyedHash, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->sym, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + if (rc == 0) { + rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->rsa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + if (rc == 0) { + rc = TSS_TPMS_ECC_POINT_Marshalu(&source->ecc, written, buffer, size); + } + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + +TPM_RC +TSS_TPMS_KEYEDHASH_PARMS_Marshalu(const TPMS_KEYEDHASH_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + return rc; +} + +/* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */ + +TPM_RC +TSS_TPMS_RSA_PARMS_Marshalu(const TPMS_RSA_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetric, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_RSA_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RSA_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->exponent, written, buffer, size); + } + return rc; +} +/* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */ + +TPM_RC +TSS_TPMS_ECC_PARMS_Marshalu(const TPMS_ECC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetric, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_ECC_SCHEME_Marshalu(&source->scheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMT_KDF_SCHEME_Marshalu(&source->kdf, written, buffer, size); + } + return rc; +} + +/* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ + +TPM_RC +TSS_TPMU_PUBLIC_PARMS_Marshalu(const TPMU_PUBLIC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + if (rc == 0) { + rc = TSS_TPMS_KEYEDHASH_PARMS_Marshalu(&source->keyedHashDetail, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + if (rc == 0) { + rc = TSS_TPMS_SYMCIPHER_PARMS_Marshalu(&source->symDetail, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + if (rc == 0) { + rc = TSS_TPMS_RSA_PARMS_Marshalu(&source->rsaDetail, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + if (rc == 0) { + rc = TSS_TPMS_ECC_PARMS_Marshalu(&source->eccDetail, written, buffer, size); + } + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */ + +TPM_RC +TSS_TPMT_PUBLIC_PARMS_Marshalu(const TPMT_PUBLIC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type); + } + return rc; +} + +/* Table 184 - Definition of TPMT_PUBLIC Structure */ + +TPM_RC +TSS_TPMT_PUBLIC_Marshalu(const TPMT_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_OBJECT_Marshalu(&source->objectAttributes, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type); + } + if (rc == 0) { + rc = TSS_TPMU_PUBLIC_ID_Marshalu(&source->unique, written, buffer, size, source->type); + } + return rc; +} + +/* Table 184 - Definition of TPMT_PUBLIC Structure - special marshaling for derived object template */ + +TPM_RC +TSS_TPMT_PUBLIC_D_Marshalu(const TPMT_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_OBJECT_Marshalu(&source->objectAttributes, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type); + } + /* if derived from a derivation parent, marshal a TPMS_DERIVE structure */ + if (rc == 0) { + rc = TSS_TPMS_DERIVE_Marshalu(&source->unique.derive, written, buffer, size); + } + return rc; +} + +/* Table 185 - Definition of TPM2B_PUBLIC Structure */ + +TPM_RC +TSS_TPM2B_PUBLIC_Marshalu(const TPM2B_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMT_PUBLIC_Marshalu(&source->publicArea, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +TPM_RC +TSS_TPM2B_TEMPLATE_Marshalu(const TPM2B_TEMPLATE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ + +TPM_RC +TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(const TPMU_SENSITIVE_COMPOSITE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + if (rc == 0) { + rc = TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(&source->rsa, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + if (rc == 0) { + rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->ecc, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + if (rc == 0) { + rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->bits, written, buffer, size); + } + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + if (rc == 0) { + rc = TSS_TPM2B_SYM_KEY_Marshalu(&source->sym, written, buffer, size); + } + break; +#endif + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +/* Table 188 - Definition of TPMT_SENSITIVE Structure */ + +TPM_RC +TSS_TPMT_SENSITIVE_Marshalu(const TPMT_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->sensitiveType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_AUTH_Marshalu(&source->authValue, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->seedValue, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(&source->sensitive, written, buffer, size, source->sensitiveType); + } + return rc; +} + +/* Table 189 - Definition of TPM2B_SENSITIVE Structure */ + +TPM_RC +TSS_TPM2B_SENSITIVE_Marshalu(const TPM2B_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMT_SENSITIVE_Marshalu(&source->t.sensitiveArea, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +/* Table 191 - Definition of TPM2B_PRIVATE Structure */ + +TPM_RC +TSS_TPM2B_PRIVATE_Marshalu(const TPM2B_PRIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 193 - Definition of TPM2B_ID_OBJECT Structure */ + +TPM_RC +TSS_TPM2B_ID_OBJECT_Marshalu(const TPM2B_ID_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 196 - Definition of (UINT32) TPMA_NV Bits */ + +TPM_RC +TSS_TPMA_NV_Marshalu(const TPMA_NV *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size); + } + return rc; +} + +/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ + +TPM_RC +TSS_TPMS_NV_PUBLIC_Marshalu(const TPMS_NV_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_NV_Marshalu(&source->attributes, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->dataSize, written, buffer, size); + } + return rc; +} + +/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ + +TPM_RC +TSS_TPM2B_NV_PUBLIC_Marshalu(const TPM2B_NV_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMS_NV_PUBLIC_Marshalu(&source->nvPublic, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ + +TPM_RC +TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(const TPM2B_CONTEXT_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ + +TPM_RC +TSS_TPM2B_CONTEXT_DATA_Marshalu(const TPM2B_CONTEXT_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size); + } + return rc; +} + +/* Table 202 - Definition of TPMS_CONTEXT Structure */ + +TPM_RC +TSS_TPMS_CONTEXT_Marshalu(const TPMS_CONTEXT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT64_Marshalu(&source->sequence, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_DH_SAVED_Marshalu(&source->savedHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_CONTEXT_DATA_Marshalu(&source->contextBlob, written, buffer, size); + } + return rc; +} + +/* Table 204 - Definition of TPMS_CREATION_DATA Structure */ + +TPM_RC +TSS_TPMS_CREATION_DATA_Marshalu(const TPMS_CREATION_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelect, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPMA_LOCALITY_Marshalu(&source->locality, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_ALG_ID_Marshalu(&source->parentNameAlg, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->parentName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_NAME_Marshalu(&source->parentQualifiedName, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size); + } + return rc; +} + +/* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ + +TPM_RC +TSS_TPM2B_CREATION_DATA_Marshalu(const TPM2B_CREATION_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint16_t); + } + if (rc == 0) { + rc = TSS_TPMS_CREATION_DATA_Marshalu(&source->creationData, &sizeWritten, buffer, size); + } + if (rc == 0) { + *written += sizeWritten; + if (buffer != NULL) { + rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size); + } + else { + *written += sizeof(uint16_t); + } + } + return rc; +} + +#ifndef TPM_TSS_NODEPRECATED + +/* Deprecated functions that use a sized value for the size parameter. The recommended functions + use an unsigned value. + +*/ + +TPM_RC +TSS_UINT8_Marshal(const UINT8 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_UINT8_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_INT8_Marshal(const INT8 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_INT8_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_UINT16_Marshal(const UINT16 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_UINT16_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_UINT32_Marshal(const UINT32 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_UINT32_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_INT32_Marshal(const INT32 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_INT32_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_UINT64_Marshal(const UINT64 *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_UINT64_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Array_Marshal(const BYTE *source, uint16_t sourceSize, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Array_Marshalu(source, sourceSize, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_GENERATED_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ALG_ID_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_RC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CLOCK_ADJUST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_EO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_ST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_SU_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_SE_Marshal(const TPM_SE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_SE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CAP_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_PT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_PT_PCR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_HANDLE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_ALGORITHM_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_SESSION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_LOCALITY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM_CC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_CC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_YES_NO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_PERSISTENT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_ENTITY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_PCR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_SH_AUTH_SESSION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_SH_HMAC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_SH_POLICY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_DH_CONTEXT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_HIERARCHY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_ENABLES_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_PLATFORM_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_ENDORSEMENT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_PROVISION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_CLEAR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_NV_AUTH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_LOCKOUT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RH_NV_INDEX_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_HASH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_SYM_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_SYM_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_SYM_MODE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_KDF_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ST_COMMAND_TAG_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_MAC_SCHEME_Marshal(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_MAC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_CIPHER_MODE_Marshal(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_CIPHER_MODE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_HA_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_HA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NONCE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_AUTH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_OPERAND_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_EVENT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_MAX_BUFFER_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_MAX_NV_BUFFER_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_TIMEOUT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_IV_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NAME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_PCR_SELECTION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_CREATION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_VERIFIED_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_AUTH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_TK_HASHCHECK_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ALG_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TAGGED_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_CC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_CCA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ALG_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_HANDLE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_DIGEST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_DIGEST_VALUES_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_PCR_SELECTION_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ALG_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPML_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_CAPABILITIES_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CAPABILITY_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CLOCK_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TIME_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_TIME_ATTEST_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CERTIFY_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_QUOTE_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CREATION_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_NV_CERTIFY_INFO_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ST_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_AUTH_COMMAND_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_AES_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SYM_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SYM_MODE_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SYM_DEF_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SYM_DEF_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SYM_KEY_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_LABEL_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_DERIVE_Marshal(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_DERIVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SYMCIPHER_PARMS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SENSITIVE_CREATE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_CREATE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_HMAC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_XOR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_SM2_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(source, written, buffer, (uint32_t *)size); +} + +/* NOTE: Marked as const function in header */ + +TPM_RC +TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_MGF1_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF2_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_KDF_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_KDF_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_ASYM_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_RSA_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_RSA_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_RSA_DECRYPT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_RSA_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ECC_PARAMETER_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ECC_POINT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ECC_POINT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_ECC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_ECC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSASSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECDSA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_SM2_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SIGNATURE_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SIGNATURE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMI_ALG_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_PUBLIC_ID_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_KEYEDHASH_PARMS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_RSA_PARMS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_ECC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_PUBLIC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_PUBLIC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_PUBLIC_D_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_TEMPLATE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) +{ + return TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(source, written, buffer, (uint32_t *)size, selector); +} +TPM_RC +TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMT_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_PRIVATE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_ID_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMA_NV_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_NV_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_NV_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CONTEXT_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CONTEXT_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPMS_CREATION_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) +{ + return TSS_TPM2B_CREATION_DATA_Marshalu(source, written, buffer, (uint32_t *)size); +} + + + +TPM_RC +TSS_Startup_In_Marshal(const Startup_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Startup_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Shutdown_In_Marshal(const Shutdown_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Shutdown_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SelfTest_In_Marshal(const SelfTest_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SelfTest_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_IncrementalSelfTest_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_StartAuthSession_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyRestart_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Create_In_Marshal(const Create_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Create_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Load_In_Marshal(const Load_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Load_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_LoadExternal_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ReadPublic_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ActivateCredential_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_MakeCredential_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Unseal_In_Marshal(const Unseal_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Unseal_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ObjectChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_CreateLoaded_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Duplicate_In_Marshal(const Duplicate_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Duplicate_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Rewrap_In_Marshal(const Rewrap_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Rewrap_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Import_In_Marshal(const Import_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Import_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_RSA_Encrypt_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_RSA_Decrypt_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ECDH_KeyGen_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ECDH_ZGen_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ECC_Parameters_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ZGen_2Phase_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_EncryptDecrypt_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_EncryptDecrypt2_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Hash_In_Marshal(const Hash_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Hash_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HMAC_In_Marshal(const HMAC_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_HMAC_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetRandom_In_Marshal(const GetRandom_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_GetRandom_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_StirRandom_In_Marshal(const StirRandom_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_StirRandom_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_HMAC_Start_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_HashSequenceStart_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SequenceUpdate_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SequenceComplete_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_EventSequenceComplete_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Certify_In_Marshal(const Certify_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Certify_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_CertifyCreation_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Quote_In_Marshal(const Quote_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Quote_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_GetSessionAuditDigest_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_GetCommandAuditDigest_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetTime_In_Marshal(const GetTime_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_GetTime_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Commit_In_Marshal(const Commit_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Commit_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_EC_Ephemeral_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_VerifySignature_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Sign_In_Marshal(const Sign_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Sign_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SetCommandCodeAuditStatus_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Extend_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Event_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Read_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Allocate_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_SetAuthPolicy_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_SetAuthValue_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Reset_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicySigned_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicySecret_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyTicket_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyOR_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyPCR_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyLocality_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyNV_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyCounterTimer_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyCommandCode_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyPhysicalPresence_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyCpHash_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyNameHash_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyDuplicationSelect_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyAuthorize_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyAuthValue_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyPassword_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyGetDigest_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyNvWritten_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyTemplate_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyAuthorizeNV_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_CreatePrimary_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_HierarchyControl_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SetPrimaryPolicy_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ChangePPS_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ChangeEPS_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Clear_In_Marshal(const Clear_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_Clear_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ClearControl_In_Marshal(const ClearControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ClearControl_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_HierarchyChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_DictionaryAttackLockReset_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_DictionaryAttackParameters_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_PP_Commands_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_SetAlgorithmSet_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ContextSave_In_Marshal(const ContextSave_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ContextSave_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ContextLoad_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_FlushContext_In_Marshal(const FlushContext_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_FlushContext_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EvictControl_In_Marshal(const EvictControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_EvictControl_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ClockSet_In_Marshal(const ClockSet_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ClockSet_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_ClockRateAdjust_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetCapability_In_Marshal(const GetCapability_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_GetCapability_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_TestParms_In_Marshal(const TestParms_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_TestParms_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_DefineSpace_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_UndefineSpace_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_UndefineSpaceSpecial_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_ReadPublic_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Write_In_Marshal(const NV_Write_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Write_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Increment_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Extend_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_SetBits_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_WriteLock_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_GlobalWriteLock_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Read_In_Marshal(const NV_Read_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Read_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_ReadLock_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_ChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, uint16_t *written, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Certify_In_Marshalu(source, written, buffer, (uint32_t *)size); +} + + + +TPM_RC +TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_IncrementalSelfTest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetTestResult_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_StartAuthSession_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Create_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Load_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_LoadExternal_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ReadPublic_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ActivateCredential_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_MakeCredential_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Unseal_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ObjectChangeAuth_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_CreateLoaded_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Duplicate_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Rewrap_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Import_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_RSA_Encrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_RSA_Decrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ECDH_KeyGen_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ECDH_ZGen_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ECC_Parameters_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ZGen_2Phase_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_EncryptDecrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_EncryptDecrypt2_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Hash_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_HMAC_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetRandom_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_HMAC_Start_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_HashSequenceStart_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_SequenceComplete_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_EventSequenceComplete_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Certify_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_CertifyCreation_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Quote_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetSessionAuditDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetCommandAuditDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetTime_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Commit_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_EC_Ephemeral_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_VerifySignature_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_Sign_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Event_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Read_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PCR_Allocate_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PolicySigned_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PolicySecret_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_PolicyGetDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_CreatePrimary_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ContextSave_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ContextLoad_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_ReadClock_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_GetCapability_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_NV_ReadPublic_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Read_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} +TPM_RC +TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size) +{ + return TSS_NV_Certify_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} + +#endif /* TPM_TSS_NODEPRECATED */ +#endif /* TPM 2.0 */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c b/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c new file mode 100644 index 000000000000..43d6b553b4bb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssmarshal12.c @@ -0,0 +1,1136 @@ +/********************************************************************************/ +/* */ +/* TSS Marshal and Unmarshal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssmarshal12.c 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifdef TPM_TPM12 + +#include + +#include +#include +#include +#include +#include +#include + +/* The marshaling functions are slightly different from the TPM side. The TPM assumes that all + structures are trusted, and so has no error checking. The TSS side makes no such assumption. + + The prototype pattern is: + + Return: + + An extra return code, TSS_RC_INSUFFICIENT_BUFFER, indicates that the supplied buffer size is too + small. The TPM functions assert. + + 'source' is the structure to be marshaled, the same as the TPM functions. + 'written' is the __additional__ number of bytes written, the value that the TPM returns. + 'buffer' is the buffer written, the same as the TPM functions. + ' size' is the remaining size of the buffer, the same as the TPM functions. + + If 'buffer' is NULL, 'written' is updated but no marshaling is performed. This is used in a two + pass pattern, where the first pass returns the size of the buffer to be malloc'ed. + + If 'size' is NULL, the source is unmarshaled without a size check. The caller must ensure that + the buffer is sufficient, often due to a malloc after the first pass. */ + +/*Unmarshal + Command parameter marshaling +*/ + +TPM_RC +TSS_ActivateIdentity_In_Marshalu(const ActivateIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->idKeyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->blobSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->blob, source->blobSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_CreateEndorsementKeyPair_In_Marshalu(const CreateEndorsementKeyPair_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_Array_Marshalu(source->antiReplay, TPM_NONCE_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Marshalu(&source->keyInfo, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_CreateWrapKey_In_Marshalu(const CreateWrapKey_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->dataUsageAuth, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->dataMigrationAuth, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Marshalu(&source->keyInfo, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Extend_In_Marshalu(const Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->pcrNum, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->inDigest, SHA1_DIGEST_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_FlushSpecific_In_Marshalu(const FlushSpecific_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->handle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->resourceType, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_GetCapability12_In_Marshalu(const GetCapability12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->capArea, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->subCapSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->subCap, source->subCapSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_LoadKey2_In_Marshalu(const LoadKey2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->parentHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Marshalu(&source->inKey, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_MakeIdentity_In_Marshalu(const MakeIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_Array_Marshalu(source->identityAuth, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->labelPrivCADigest, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Marshalu(&source->idKeyParams, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_DefineSpace12_In_Marshalu(const NV_DefineSpace12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_NV_DATA_PUBLIC_Marshalu(&source->pubInfo, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->encAuth, SHA1_DIGEST_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_ReadValueAuth_In_Marshalu(const NV_ReadValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_ReadValue_In_Marshalu(const NV_ReadValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_WriteValue_In_Marshalu(const NV_WriteValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->data, source->dataSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_WriteValueAuth_In_Marshalu(const NV_WriteValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->data, source->dataSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OwnerReadInternalPub_In_Marshalu(const OwnerReadInternalPub_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OwnerSetDisable_In_Marshalu(const OwnerSetDisable_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->disableState, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OSAP_In_Marshalu(const OSAP_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->entityType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->entityValue, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->nonceOddOSAP, SHA1_DIGEST_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_PcrRead12_In_Marshalu(const PcrRead12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_PCR_Reset12_In_Marshalu(const PCR_Reset12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->pcrSelection, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Quote2_In_Marshalu(const Quote2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->externalData, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->targetPCR, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->addVersion, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_ReadPubek_In_Marshalu(const ReadPubek_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_Array_Marshalu(source->antiReplay, TPM_NONCE_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Sign12_In_Marshalu(const Sign12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->areaToSignSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->areaToSign, source->areaToSignSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Startup12_In_Marshalu(const Startup12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_STARTUP_TYPE_Marshalu(&source->startupType, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TakeOwnership_In_Marshalu(const TakeOwnership_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->protocolID, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->encOwnerAuthSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->encOwnerAuth, source->encOwnerAuthSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->encSrkAuthSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->encSrkAuth, source->encSrkAuthSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY12_Marshalu(&source->srkParams, written, buffer, size); + } + return rc; +} + +/* + Response parameter unmarshaling +*/ + +TPM_RC +TSS_ActivateIdentity_Out_Unmarshalu(ActivateIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_SYMMETRIC_KEY_Unmarshalu(&target->symmetricKey, buffer, size); + } + return rc; +} + +TPM_RC +TSS_CreateEndorsementKeyPair_Out_Unmarshalu(CreateEndorsementKeyPair_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_PUBKEY_Unmarshalu(&target->pubEndorsementKey, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->checksum, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_CreateWrapKey_Out_Unmarshalu(CreateWrapKey_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->wrappedKey, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Extend_Out_Unmarshalu(Extend_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->outDigest, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_GetCapability12_Out_Unmarshalu(GetCapability12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->respSize, buffer, size); + } + if (rc == 0) { + if (target->respSize > sizeof(target->resp)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->resp, target->respSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_LoadKey2_Out_Unmarshalu(LoadKey2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->inkeyHandle, buffer, size); + } + return rc; +} + +TPM_RC +TSS_MakeIdentity_Out_Unmarshalu(MakeIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->idKey, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->identityBindingSize, buffer, size); + } + if (rc == 0) { + if (target->identityBindingSize > sizeof(target->identityBinding)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->identityBinding, target->identityBindingSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_ReadValueAuth_Out_Unmarshalu(NV_ReadValueAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + } + if (rc == 0) { + if (target->dataSize > sizeof(target->data)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NV_ReadValue_Out_Unmarshalu(NV_ReadValue_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size); + } + if (rc == 0) { + if (target->dataSize > sizeof(target->data)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OIAP_Out_Unmarshalu(OIAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OSAP_Out_Unmarshalu(OSAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->nonceEvenOSAP, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_OwnerReadInternalPub_Out_Unmarshalu(OwnerReadInternalPub_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_PUBKEY_Unmarshalu(&target->publicPortion, buffer, size); + } + return rc; +} + +TPM_RC +TSS_PcrRead12_Out_Unmarshalu(PcrRead12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->outDigest, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Quote2_Out_Unmarshalu(Quote2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrData, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->versionInfoSize, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_CAP_VERSION_INFO_Unmarshalu(&target->versionInfo, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->sigSize, buffer, size); + } + if (rc == 0) { + if (target->sigSize > sizeof(target->sig)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->sig, target->sigSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_Sign12_Out_Unmarshalu(Sign12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_UINT32_Unmarshalu(&target->sigSize, buffer, size); + } + if (rc == 0) { + if (target->sigSize > sizeof(target->sig)) { + rc = TPM_RC_SIZE; + } + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->sig, target->sigSize, buffer, size); + } + return rc; +} + +TPM_RC +TSS_ReadPubek_Out_Unmarshalu(ReadPubek_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_PUBKEY_Unmarshalu(&target->pubEndorsementKey, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Unmarshalu(target->checksum, SHA1_DIGEST_SIZE, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TakeOwnership_Out_Unmarshalu(TakeOwnership_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + tag = tag; + if (rc == 0) { + rc = TSS_TPM_KEY12_Unmarshalu(&target->srkPub, buffer, size); + } + return rc; +} + +/* + Structure marshaling +*/ + +TPM_RC +TSS_TPM_STARTUP_TYPE_Marshalu(const TPM_STARTUP_TYPE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(source, written, buffer, size); + } + return rc; +} + +/* 5.0 */ + + +TPM_RC +TSS_TPM_VERSION_Marshalu(const TPM_VERSION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->major, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->minor, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->revMajor, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->revMinor, written, buffer, size); + } + return rc; +} + +/* 8.0 */ + +TPM_RC +TSS_TPM_PCR_SELECTION_Marshalu(const TPM_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->sizeOfSelect, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->pcrSelect, source->sizeOfSelect, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_PCR_INFO_LONG; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->localityAtCreation, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->localityAtRelease, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->creationPCRSelection, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->releasePCRSelection, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->digestAtCreation, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->digestAtRelease, SHA1_DIGEST_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_PCR_INFO_SHORT_Marshalu(const TPM_PCR_INFO_SHORT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->pcrSelection, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->localityAtRelease, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->digestAtRelease, SHA1_DIGEST_SIZE, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint32_t); /* skip size */ + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_LONG_Marshalu(source, &sizeWritten, buffer, size); + } + if (rc == 0) { + uint32_t sizeWritten32; + *written += sizeWritten; + sizeWritten32 = sizeWritten; /* back fill size */ + if (buffer != NULL) { + rc = TSS_UINT32_Marshalu(&sizeWritten32, written, &sizePtr, size); + } + else { + *written += sizeof(uint32_t); + } + } + return rc; +} + +/* 9.0 */ + +TPM_RC +TSS_TPM_SYMMETRIC_KEY_Marshalu(const TPM_SYMMETRIC_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->algId, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->encScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->data, source->size, written, buffer, size); + } + return rc; +} + +/* 10.0 */ + +TPM_RC +TSS_TPM_RSA_KEY_PARMS_Marshalu(const TPM_RSA_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyLength, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->numPrimes, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->exponentSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->exponent, source->exponentSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + switch (selector) { + case TPM_ALG_RSA: /* A structure of type TPM_RSA_KEY_PARMS */ + rc = TSS_TPM_RSA_KEY_PARMS_Marshalu(&source->rsaParms, written, buffer, size); + break; + case TPM_ALG_AES128: /* A structure of type TPM_SYMMETRIC_KEY_PARMS */ + /* not implemented yet */ + default: + rc = TPM_RC_SELECTOR; + } + return rc; +} + +TPM_RC +TSS_TPM4B_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) +{ + TPM_RC rc = 0; + uint16_t sizeWritten = 0; /* of structure */ + BYTE *sizePtr; + + if (buffer != NULL) { + sizePtr = *buffer; + *buffer += sizeof(uint32_t); /* skip size */ + } + if (rc == 0) { + rc = TSS_TPMU_PARMS_Marshalu(source, &sizeWritten, buffer, size, selector); + } + if (rc == 0) { + uint32_t sizeWritten32; + *written += sizeWritten; + sizeWritten32 = sizeWritten; /* back fill size */ + if (buffer != NULL) { + rc = TSS_UINT32_Marshalu(&sizeWritten32, written, &sizePtr, size); + } + else { + *written += sizeof(uint32_t); + } + } + return rc; +} + +TPM_RC +TSS_TPM_KEY_PARMS_Marshalu(const TPM_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->algorithmID, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->encScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->sigScheme, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM4B_TPMU_PARMS_Marshalu(&source->parms, written, buffer, size, source->algorithmID); + } + return rc; +} + +TPM_RC +TSS_TPM_STORE_PUBKEY_Marshalu(const TPM_STORE_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyLength, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->key, source->keyLength, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_KEY12_PUBKEY_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_PUBKEY_Marshalu(const TPM_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_KEY12_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_KEY12; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + uint16_t fill = 0; + rc = TSS_UINT16_Marshalu(&fill, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->keyUsage, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->keyFlags, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->authDataUsage, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(&source->PCRInfo, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->encData, written, buffer, size); + } + return rc; +} + +/* 11.0 */ + +TPM_RC +TSS_TPM_QUOTE_INFO2_Marshalu(const TPM_QUOTE_INFO2 *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_QUOTE_INFO2; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->fixed, 4, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->externalData, TPM_NONCE_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->infoShort, written, buffer, size); + } + return rc; +} + +/* 12.0 */ + +TPM_RC +TSS_TPM_EK_BLOB_Marshalu(const TPM_EK_BLOB *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_EK_BLOB; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->ekType, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->blobSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->blob, source->blobSize, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_EK_BLOB_ACTIVATE_Marshalu(const TPM_EK_BLOB_ACTIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_EK_BLOB_ACTIVATE; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_SYMMETRIC_KEY_Marshalu(&source->sessionKey, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->idDigest, SHA1_DIGEST_SIZE, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfo, written, buffer, size); + } + return rc; +} + +/* 19.0 */ + +TPM_RC +TSS_TPM_NV_ATTRIBUTES_Marshalu(const TPM_NV_ATTRIBUTES *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_NV_ATTRIBUTES; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->attributes, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_TPM_NV_DATA_PUBLIC_Marshalu(const TPM_NV_DATA_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + uint16_t tag = TPM_TAG_NV_DATA_PUBLIC; + rc = TSS_UINT16_Marshalu(&tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->nvIndex, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfoRead, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfoWrite, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_NV_ATTRIBUTES_Marshalu(&source->permission, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->bReadSTClear, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->bWriteSTClear, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->bWriteDefine, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size); + } + return rc; +} + +/* 21.0 */ + +TPM_RC +TSS_TPM_CAP_VERSION_INFO_Marshalu(const TPM_CAP_VERSION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->tag, written, buffer, size); + } + if (rc == 0) { + rc = TSS_TPM_VERSION_Marshalu(&source->version, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->specLevel, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT8_Marshalu(&source->errataRev, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->tpmVendorID, 4, written, buffer, size); + } + if (rc == 0) { + rc = TSS_UINT16_Marshalu(&source->vendorSpecificSize, written, buffer, size); + } + if (rc == 0) { + rc = TSS_Array_Marshalu(source->vendorSpecific, source->vendorSpecificSize, written, buffer, size); + } + return rc; +} ; + +#endif /* TPM_TPM12 */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tssntc.c b/libstb/tss2/ibmtpm20tss/utils/tssntc.c new file mode 100644 index 000000000000..2b76602e6bbc --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssntc.c @@ -0,0 +1,128 @@ +/********************************************************************************/ +/* */ +/* TPM2 Nuvoton Proprietary Commands */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssntc.c 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2017 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include +#include +#include +#include "tssntc.h" + +/* Marshal and Unmarshal Functions */ + +TPM_RC +TSS_NTC2_CFG_STRUCT_Unmarshalu(NTC2_CFG_STRUCT *target, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + + /* assumes that the NTC2_CFG_STRUCT structure are all uint8_t so that there are no endian + issues */ + if (rc == TPM_RC_SUCCESS) { + rc = TSS_Array_Unmarshalu((BYTE *)target, sizeof(NTC2_CFG_STRUCT), buffer, size); + } + return rc; +} + +TPM_RC +TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_Array_Marshalu((BYTE *)source, sizeof(NTC2_CFG_STRUCT), written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NTC2_PreConfig_In_Unmarshalu(NTC2_PreConfig_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]) +{ + TPM_RC rc = TPM_RC_SUCCESS; + handles = handles; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_NTC2_CFG_STRUCT_Unmarshalu(&target->preConfig, buffer, size); + if (rc != TPM_RC_SUCCESS) { + rc += RC_NTC2_PreConfig_preConfig; + } + } + return rc; +} + +TPM_RC +TSS_NTC2_PreConfig_In_Marshalu(NTC2_PreConfig_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = 0; + if (rc == 0) { + rc = TSS_NTC2_CFG_STRUCT_Marshal(&source->preConfig, written, buffer, size); + } + return rc; +} + +TPM_RC +TSS_NTC2_GetConfig_Out_Unmarshalu(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size) +{ + TPM_RC rc = TPM_RC_SUCCESS; + tag = tag; + + if (rc == TPM_RC_SUCCESS) { + rc = TSS_NTC2_CFG_STRUCT_Unmarshalu(&target->preConfig, buffer, size); + } + return rc; +} + +/* These functions are deprecated. They were adapted from the TPM side, but the signed size + caused static analysis tool warnings. */ + +TPM_RC +NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size) +{ + return TSS_NTC2_CFG_STRUCT_Unmarshalu(target, buffer, (uint32_t *)size); +} +TPM_RC +NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) +{ + return TSS_NTC2_PreConfig_In_Unmarshalu(target, buffer, (uint32_t *)size, handles); +} +TPM_RC +TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) +{ + return TSS_NTC2_GetConfig_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssntc.h b/libstb/tss2/ibmtpm20tss/utils/tssntc.h new file mode 100644 index 000000000000..e9cf1e4e6766 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssntc.h @@ -0,0 +1,81 @@ +/********************************************************************************/ +/* */ +/* Nuvoton Command Common Routines */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssntc.h 1285 2018-07-27 18:33:41Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSSNTC2_H +#define TSSNTC2_H + +#include +#include +#include +#include + +#include +#include "Commands_fp.h" + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC + TSS_NTC2_CFG_STRUCT_Unmarshalu(NTC2_CFG_STRUCT *target, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NTC2_PreConfig_In_Unmarshalu(NTC2_PreConfig_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]); + TPM_RC + TSS_NTC2_PreConfig_In_Marshalu(NTC2_PreConfig_In *source, uint16_t *written, BYTE **buffer, uint32_t *size); + TPM_RC + TSS_NTC2_GetConfig_Out_Unmarshalu(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size); + + /* These functions are deprecated. They were adapted from the TPM side, but the signed size + caused static analysis tool warnings. */ + + TPM_RC + NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size); + TPM_RC + NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); + TPM_RC + TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssprint.c b/libstb/tss2/ibmtpm20tss/utils/tssprint.c new file mode 100644 index 000000000000..d9f45cd3ac25 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssprint.c @@ -0,0 +1,2350 @@ +/********************************************************************************/ +/* */ +/* Structure Print and Scan Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#include +#include + +#include + +extern int tssVerbose; + +#ifdef TPM_TSS_NO_PRINT + +/* false to compile out printf */ +int tssSwallowRc = 0; +/* function prototype to match the printf prototype */ +int TSS_SwallowPrintf(const char *format, ...) +{ + format = format; + return 0; +} + +#endif + +#ifndef TPM_TSS_NOFILE +/* TSS_Array_Scan() converts a string to a binary array */ + +uint32_t TSS_Array_Scan(unsigned char **data, /* output binary, freed by caller */ + size_t *len, + const char *string) /* input string */ +{ + uint32_t rc = 0; + size_t strLength; + + if (rc == 0) { + strLength = strlen(string); + if ((strLength %2) != 0) { + if (tssVerbose) printf("TSS_Array_Scan: Error, string length %lu is not even\n", + (unsigned long)strLength); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + if (rc == 0) { + *len = strLength / 2; /* safe because already tested for even number of bytes */ + rc = TSS_Malloc(data, (*len) + 8); + } + if (rc == 0) { + unsigned int i; + for (i = 0 ; i < *len ; i++) { + unsigned int tmpint; + int irc = sscanf(string + (2*i), "%2x", &tmpint); + *((*data)+i) = tmpint; + if (irc != 1) { + if (tssVerbose) printf("TSS_Array_Scan: invalid hexascii\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + } + return rc; +} +#endif /* TPM_TSS_NOFILE */ + +/* TSS_PrintAll() prints 'string', the length, and then the entire byte array + */ + +void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length) +{ + TSS_PrintAlli(string, 1, buff, length); +} + +/* TSS_PrintAlli() prints 'string', the length, and then the entire byte array + + Each line indented 'indent' spaces. +*/ + +void TSS_PrintAlli(const char *string, unsigned int indent, const unsigned char* buff, uint32_t length) +{ + TSS_PrintAllLogLevel(LOGLEVEL_DEBUG, string, indent, buff, length); +} + +/* TSS_PrintAllLogLevel() prints based on loglevel the 'string', the length, and then the entire + byte array + + loglevel LOGLEVEL_DEBUG prints the length and prints the array with a newline every 16 bytes. + otherwise prints no length and prints the array with no newlines. + +*/ + +void TSS_PrintAllLogLevel(uint32_t loglevel, const char *string, unsigned int indent, + const unsigned char* buff, uint32_t length) +{ + uint32_t i; + if (buff != NULL) { + if (loglevel == LOGLEVEL_DEBUG) { + printf("%*s" "%s length %u\n" "%*s", indent, "", string, length, indent, ""); + } + else { + printf("%*s" "%s" "%*s", indent, "", string, indent, ""); + } + for (i = 0 ; i < length ; i++) { + if ((loglevel == LOGLEVEL_DEBUG) && i && !( i % 16 )) { + printf("\n" "%*s", indent, ""); + } + printf("%.2x ",buff[i]); + } + printf("\n"); + } + else { + printf("%*s" "%s null\n", indent, "", string); + } + return; +} + +#ifndef TPM_TSS_NO_PRINT +#ifdef TPM_TPM20 + +void TSS_TPM2B_Print(const char *string, unsigned int indent, TPM2B *source) +{ + TSS_PrintAlli(string, indent, source->buffer, source->size); + return; +} + +/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ + +void TSS_TPM_ALG_ID_Print(const char *string, TPM_ALG_ID source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case ALG_RSA_VALUE: + printf("%s TPM_ALG_RSA\n", string); + break; + case ALG_TDES_VALUE: + printf("%s TPM_ALG_TDES\n", string); + break; + case ALG_SHA1_VALUE: + printf("%s TPM_ALG_SHA1\n", string); + break; + case ALG_HMAC_VALUE: + printf("%s TPM_ALG_HMAC\n", string); + break; + case ALG_AES_VALUE: + printf("%s TPM_ALG_AES\n", string); + break; + case ALG_MGF1_VALUE: + printf("%s TPM_ALG_MGF1\n", string); + break; + case ALG_KEYEDHASH_VALUE: + printf("%s TPM_ALG_KEYEDHASH\n", string); + break; + case ALG_XOR_VALUE: + printf("%s TPM_ALG_XOR\n", string); + break; + case ALG_SHA256_VALUE: + printf("%s TPM_ALG_SHA256\n", string); + break; + case ALG_SHA384_VALUE: + printf("%s TPM_ALG_SHA384\n", string); + break; + case ALG_SHA512_VALUE: + printf("%s TPM_ALG_SHA512\n", string); + break; + case ALG_NULL_VALUE: + printf("%s TPM_ALG_NULL\n", string); + break; + case ALG_SM3_256_VALUE: + printf("%s TPM_ALG_SM3_256\n", string); + break; + case ALG_SM4_VALUE: + printf("%s TPM_ALG_SM4\n", string); + break; + case ALG_RSASSA_VALUE: + printf("%s TPM_ALG_RSASSA\n", string); + break; + case ALG_RSAES_VALUE: + printf("%s TPM_ALG_RSAES\n", string); + break; + case ALG_RSAPSS_VALUE: + printf("%s TPM_ALG_RSAPSS\n", string); + break; + case ALG_OAEP_VALUE: + printf("%s TPM_ALG_OAEP\n", string); + break; + case ALG_ECDSA_VALUE: + printf("%s TPM_ALG_ECDSA\n", string); + break; + case ALG_ECDH_VALUE: + printf("%s TPM_ALG_ECDH\n", string); + break; + case ALG_ECDAA_VALUE: + printf("%s TPM_ALG_ECDAA\n", string); + break; + case ALG_SM2_VALUE: + printf("%s TPM_ALG_SM2\n", string); + break; + case ALG_ECSCHNORR_VALUE: + printf("%s TPM_ALG_ECSCHNORR\n", string); + break; + case ALG_ECMQV_VALUE: + printf("%s TPM_ALG_ECMQV\n", string); + break; + case ALG_KDF1_SP800_56A_VALUE: + printf("%s TPM_ALG_KDF1_SP800_56A\n", string); + break; + case ALG_KDF2_VALUE: + printf("%s TPM_ALG_KDF2\n", string); + break; + case ALG_KDF1_SP800_108_VALUE: + printf("%s TPM_ALG_KDF1_SP800_108\n", string); + break; + case ALG_ECC_VALUE: + printf("%s TPM_ALG_ECC\n", string); + break; + case ALG_SYMCIPHER_VALUE: + printf("%s TPM_ALG_SYMCIPHER\n", string); + break; + case ALG_CAMELLIA_VALUE: + printf("%s TPM_ALG_CAMELLIA\n", string); + break; + case ALG_SHA3_256_VALUE: + printf("%s TPM_ALG_SHA3_256\n", string); + break; + case ALG_SHA3_384_VALUE: + printf("%s TPM_ALG_SHA3_384\n", string); + break; + case ALG_SHA3_512_VALUE: + printf("%s TPM_ALG_SHA3_512\n", string); + break; + case ALG_CMAC_VALUE: + printf("%s TPM_ALG_CMAC\n", string); + break; + case ALG_CTR_VALUE: + printf("%s TPM_ALG_CTR\n", string); + break; + case ALG_OFB_VALUE: + printf("%s TPM_ALG_OFB\n", string); + break; + case ALG_CBC_VALUE: + printf("%s TPM_ALG_CBC\n", string); + break; + case ALG_CFB_VALUE: + printf("%s TPM_ALG_CFB\n", string); + break; + case ALG_ECB_VALUE: + printf("%s TPM_ALG_ECB\n", string); + break; + default: + printf("%s TPM_ALG_ID value %04hx unknown\n", string, source); + } + return; +} + +/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ + +void TSS_TPM_ECC_CURVE_Print(const char *string, TPM_ECC_CURVE source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_ECC_NONE: + printf("%s TPM_ECC_NONE\n", string); + break; + case TPM_ECC_NIST_P192: + printf("%s TPM_ECC_NIST_P192\n", string); + break; + case TPM_ECC_NIST_P224: + printf("%s TPM_ECC_NIST_P224\n", string); + break; + case TPM_ECC_NIST_P256: + printf("%s TPM_ECC_NIST_P256\n", string); + break; + case TPM_ECC_NIST_P384: + printf("%s TPM_ECC_NIST_P384\n", string); + break; + case TPM_ECC_NIST_P521: + printf("%s TPM_ECC_NIST_P521\n", string); + break; + case TPM_ECC_BN_P256: + printf("%s TPM_ECC_BN_P256\n", string); + break; + case TPM_ECC_BN_P638: + printf("%s TPM_ECC_BN_P638\n", string); + break; + case TPM_ECC_SM2_P256: + printf("%s TPM_ECC_SM2_P256\n", string); + break; + default: + printf("%s TPM_ECC_CURVE value %04hx unknown\n", string, source); + } + return; +} + +/* Table 100 - Definition of TPMS_TAGGED_POLICY Structure */ + +void TSS_TPMS_TAGGED_POLICY_Print(TPMS_TAGGED_POLICY *source, unsigned int indent) +{ + TSS_TPM_HANDLE_Print("handle", source->handle, indent); + TSS_TPMT_HA_Print(&source->policyHash, indent); + return; +} + +/* Table 12 - Definition of (UINT32) TPM_CC Constants (Numeric Order) */ + +void TSS_TPM_CC_Print(const char *string, TPM_CC source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_CC_NV_UndefineSpaceSpecial: + printf("%s TPM_CC_NV_UndefineSpaceSpecial\n", string); + break; + case TPM_CC_EvictControl: + printf("%s TPM_CC_EvictControl\n", string); + break; + case TPM_CC_HierarchyControl: + printf("%s TPM_CC_HierarchyControl\n", string); + break; + case TPM_CC_NV_UndefineSpace: + printf("%s TPM_CC_NV_UndefineSpace\n", string); + break; + case TPM_CC_ChangeEPS: + printf("%s TPM_CC_ChangeEPS\n", string); + break; + case TPM_CC_ChangePPS: + printf("%s TPM_CC_ChangePPS\n", string); + break; + case TPM_CC_Clear: + printf("%s TPM_CC_Clear\n", string); + break; + case TPM_CC_ClearControl: + printf("%s TPM_CC_ClearControl\n", string); + break; + case TPM_CC_ClockSet: + printf("%s TPM_CC_ClockSet\n", string); + break; + case TPM_CC_HierarchyChangeAuth: + printf("%s TPM_CC_HierarchyChangeAuth\n", string); + break; + case TPM_CC_NV_DefineSpace: + printf("%s TPM_CC_NV_DefineSpace\n", string); + break; + case TPM_CC_PCR_Allocate: + printf("%s TPM_CC_PCR_Allocate\n", string); + break; + case TPM_CC_PCR_SetAuthPolicy: + printf("%s TPM_CC_PCR_SetAuthPolicy\n", string); + break; + case TPM_CC_PP_Commands: + printf("%s TPM_CC_PP_Commands\n", string); + break; + case TPM_CC_SetPrimaryPolicy: + printf("%s TPM_CC_SetPrimaryPolicy\n", string); + break; +#if 0 + case TPM_CC_FieldUpgradeStart: + printf("%s TPM_CC_FieldUpgradeStart\n", string); + break; +#endif + case TPM_CC_ClockRateAdjust: + printf("%s TPM_CC_ClockRateAdjust\n", string); + break; + case TPM_CC_CreatePrimary: + printf("%s TPM_CC_CreatePrimary\n", string); + break; + case TPM_CC_NV_GlobalWriteLock: + printf("%s TPM_CC_NV_GlobalWriteLock\n", string); + break; + case TPM_CC_GetCommandAuditDigest: + printf("%s TPM_CC_GetCommandAuditDigest\n", string); + break; + case TPM_CC_NV_Increment: + printf("%s TPM_CC_NV_Increment\n", string); + break; + case TPM_CC_NV_SetBits: + printf("%s TPM_CC_NV_SetBits\n", string); + break; + case TPM_CC_NV_Extend: + printf("%s TPM_CC_NV_Extend\n", string); + break; + case TPM_CC_NV_Write: + printf("%s TPM_CC_NV_Write\n", string); + break; + case TPM_CC_NV_WriteLock: + printf("%s TPM_CC_NV_WriteLock\n", string); + break; + case TPM_CC_DictionaryAttackLockReset: + printf("%s TPM_CC_DictionaryAttackLockReset\n", string); + break; + case TPM_CC_DictionaryAttackParameters: + printf("%s TPM_CC_DictionaryAttackParameters\n", string); + break; + case TPM_CC_NV_ChangeAuth: + printf("%s TPM_CC_NV_ChangeAuth\n", string); + break; + case TPM_CC_PCR_Event: + printf("%s TPM_CC_PCR_Event\n", string); + break; + case TPM_CC_PCR_Reset: + printf("%s TPM_CC_PCR_Reset\n", string); + break; + case TPM_CC_SequenceComplete: + printf("%s TPM_CC_SequenceComplete\n", string); + break; + case TPM_CC_SetAlgorithmSet: + printf("%s TPM_CC_SetAlgorithmSet\n", string); + break; + case TPM_CC_SetCommandCodeAuditStatus: + printf("%s TPM_CC_SetCommandCodeAuditStatus\n", string); + break; +#if 0 + case TPM_CC_FieldUpgradeData: + printf("%s TPM_CC_FieldUpgradeData\n", string); + break; +#endif + case TPM_CC_IncrementalSelfTest: + printf("%s TPM_CC_IncrementalSelfTest\n", string); + break; + case TPM_CC_SelfTest: + printf("%s TPM_CC_SelfTest\n", string); + break; + case TPM_CC_Startup: + printf("%s TPM_CC_Startup\n", string); + break; + case TPM_CC_Shutdown: + printf("%s TPM_CC_Shutdown\n", string); + break; + case TPM_CC_StirRandom: + printf("%s TPM_CC_StirRandom\n", string); + break; + case TPM_CC_ActivateCredential: + printf("%s TPM_CC_ActivateCredential\n", string); + break; + case TPM_CC_Certify: + printf("%s TPM_CC_Certify\n", string); + break; + case TPM_CC_PolicyNV: + printf("%s TPM_CC_PolicyNV\n", string); + break; + case TPM_CC_CertifyCreation: + printf("%s TPM_CC_CertifyCreation\n", string); + break; + case TPM_CC_Duplicate: + printf("%s TPM_CC_Duplicate\n", string); + break; + case TPM_CC_GetTime: + printf("%s TPM_CC_GetTime\n", string); + break; + case TPM_CC_GetSessionAuditDigest: + printf("%s TPM_CC_GetSessionAuditDigest\n", string); + break; + case TPM_CC_NV_Read: + printf("%s TPM_CC_NV_Read\n", string); + break; + case TPM_CC_NV_ReadLock: + printf("%s TPM_CC_NV_ReadLock\n", string); + break; + case TPM_CC_ObjectChangeAuth: + printf("%s TPM_CC_ObjectChangeAuth\n", string); + break; + case TPM_CC_PolicySecret: + printf("%s TPM_CC_PolicySecret\n", string); + break; + case TPM_CC_Rewrap: + printf("%s TPM_CC_Rewrap\n", string); + break; + case TPM_CC_Create: + printf("%s TPM_CC_Create\n", string); + break; + case TPM_CC_ECDH_ZGen: + printf("%s TPM_CC_ECDH_ZGen\n", string); + break; + case TPM_CC_HMAC: + printf("%s TPM_CC_HMAC\n", string); + break; +#if 0 + case TPM_CC_MAC: + printf("%s TPM_CC_MAC\n", string); + break; +#endif + case TPM_CC_Import: + printf("%s TPM_CC_Import\n", string); + break; + case TPM_CC_Load: + printf("%s TPM_CC_Load\n", string); + break; + case TPM_CC_Quote: + printf("%s TPM_CC_Quote\n", string); + break; + case TPM_CC_RSA_Decrypt: + printf("%s TPM_CC_RSA_Decrypt\n", string); + break; + case TPM_CC_HMAC_Start: + printf("%s TPM_CC_HMAC_Start\n", string); + break; +#if 0 + case TPM_CC_MAC_Start: + printf("%s TPM_CC_MAC_Start\n", string); + break; +#endif + case TPM_CC_SequenceUpdate: + printf("%s TPM_CC_SequenceUpdate\n", string); + break; + case TPM_CC_Sign: + printf("%s TPM_CC_Sign\n", string); + break; + case TPM_CC_Unseal: + printf("%s TPM_CC_Unseal\n", string); + break; + case TPM_CC_PolicySigned: + printf("%s TPM_CC_PolicySigned\n", string); + break; + case TPM_CC_ContextLoad: + printf("%s TPM_CC_ContextLoad\n", string); + break; + case TPM_CC_ContextSave: + printf("%s TPM_CC_ContextSave\n", string); + break; + case TPM_CC_ECDH_KeyGen: + printf("%s TPM_CC_ECDH_KeyGen\n", string); + break; + case TPM_CC_EncryptDecrypt: + printf("%s TPM_CC_EncryptDecrypt\n", string); + break; + case TPM_CC_FlushContext: + printf("%s TPM_CC_FlushContext\n", string); + break; + case TPM_CC_LoadExternal: + printf("%s TPM_CC_LoadExternal\n", string); + break; + case TPM_CC_MakeCredential: + printf("%s TPM_CC_MakeCredential\n", string); + break; + case TPM_CC_NV_ReadPublic: + printf("%s TPM_CC_NV_ReadPublic\n", string); + break; + case TPM_CC_PolicyAuthorize: + printf("%s TPM_CC_PolicyAuthorize\n", string); + break; + case TPM_CC_PolicyAuthValue: + printf("%s TPM_CC_PolicyAuthValue\n", string); + break; + case TPM_CC_PolicyCommandCode: + printf("%s TPM_CC_PolicyCommandCode\n", string); + break; + case TPM_CC_PolicyCounterTimer: + printf("%s TPM_CC_PolicyCounterTimer\n", string); + break; + case TPM_CC_PolicyCpHash: + printf("%s TPM_CC_PolicyCpHash\n", string); + break; + case TPM_CC_PolicyLocality: + printf("%s TPM_CC_PolicyLocality\n", string); + break; + case TPM_CC_PolicyNameHash: + printf("%s TPM_CC_PolicyNameHash\n", string); + break; + case TPM_CC_PolicyOR: + printf("%s TPM_CC_PolicyOR\n", string); + break; + case TPM_CC_PolicyTicket: + printf("%s TPM_CC_PolicyTicket\n", string); + break; + case TPM_CC_ReadPublic: + printf("%s TPM_CC_ReadPublic\n", string); + break; + case TPM_CC_RSA_Encrypt: + printf("%s TPM_CC_RSA_Encrypt\n", string); + break; + case TPM_CC_StartAuthSession: + printf("%s TPM_CC_StartAuthSession\n", string); + break; + case TPM_CC_VerifySignature: + printf("%s TPM_CC_VerifySignature\n", string); + break; + case TPM_CC_ECC_Parameters: + printf("%s TPM_CC_ECC_Parameters\n", string); + break; +#if 0 + case TPM_CC_FirmwareRead: + printf("%s TPM_CC_FirmwareRead\n", string); + break; +#endif + case TPM_CC_GetCapability: + printf("%s TPM_CC_GetCapability\n", string); + break; + case TPM_CC_GetRandom: + printf("%s TPM_CC_GetRandom\n", string); + break; + case TPM_CC_GetTestResult: + printf("%s TPM_CC_GetTestResult\n", string); + break; + case TPM_CC_Hash: + printf("%s TPM_CC_Hash\n", string); + break; + case TPM_CC_PCR_Read: + printf("%s TPM_CC_PCR_Read\n", string); + break; + case TPM_CC_PolicyPCR: + printf("%s TPM_CC_PolicyPCR\n", string); + break; + case TPM_CC_PolicyRestart: + printf("%s TPM_CC_PolicyRestart\n", string); + break; + case TPM_CC_ReadClock: + printf("%s TPM_CC_ReadClock\n", string); + break; + case TPM_CC_PCR_Extend: + printf("%s TPM_CC_PCR_Extend\n", string); + break; + case TPM_CC_PCR_SetAuthValue: + printf("%s TPM_CC_PCR_SetAuthValue\n", string); + break; + case TPM_CC_NV_Certify: + printf("%s TPM_CC_NV_Certify\n", string); + break; + case TPM_CC_EventSequenceComplete: + printf("%s TPM_CC_EventSequenceComplete\n", string); + break; + case TPM_CC_HashSequenceStart: + printf("%s TPM_CC_HashSequenceStart\n", string); + break; + case TPM_CC_PolicyPhysicalPresence: + printf("%s TPM_CC_PolicyPhysicalPresence\n", string); + break; + case TPM_CC_PolicyDuplicationSelect: + printf("%s TPM_CC_PolicyDuplicationSelect\n", string); + break; + case TPM_CC_PolicyGetDigest: + printf("%s TPM_CC_PolicyGetDigest\n", string); + break; + case TPM_CC_TestParms: + printf("%s TPM_CC_TestParms\n", string); + break; + case TPM_CC_Commit: + printf("%s TPM_CC_Commit\n", string); + break; + case TPM_CC_PolicyPassword: + printf("%s TPM_CC_PolicyPassword\n", string); + break; + case TPM_CC_ZGen_2Phase: + printf("%s TPM_CC_ZGen_2Phase\n", string); + break; + case TPM_CC_EC_Ephemeral: + printf("%s TPM_CC_EC_Ephemeral\n", string); + break; + case TPM_CC_PolicyNvWritten: + printf("%s TPM_CC_PolicyNvWritten\n", string); + break; + case TPM_CC_PolicyTemplate: + printf("%s TPM_CC_PolicyTemplate\n", string); + break; + case TPM_CC_CreateLoaded: + printf("%s TPM_CC_CreateLoaded\n", string); + break; + case TPM_CC_PolicyAuthorizeNV: + printf("%s TPM_CC_PolicyAuthorizeNV\n", string); + break; + case TPM_CC_EncryptDecrypt2: + printf("%s TPM_CC_EncryptDecrypt2\n", string); + break; +#if 0 + case TPM_CC_AC_GetCapability: + printf("%s TPM_CC_AC_GetCapability\n", string); + break; + case TPM_CC_AC_Send: + printf("%s TPM_CC_AC_Send\n", string); + break; + case TPM_CC_Policy_AC_SendSelect: + printf("%s TPM_CC_Policy_AC_SendSelect\n", string); + break; +#endif + default: + printf("%s TPM_CC value %08x unknown\n", string, source); + } + return; +} + +/* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ + +void TSS_TPM_CLOCK_ADJUST_Print(const char *string, TPM_CLOCK_ADJUST source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_CLOCK_COARSE_SLOWER: + printf("%s TPM_CLOCK_COARSE_SLOWER\n", string); + break; + case TPM_CLOCK_MEDIUM_SLOWER: + printf("%s TPM_CLOCK_MEDIUM_SLOWER\n", string); + break; + case TPM_CLOCK_FINE_SLOWER: + printf("%s TPM_CLOCK_FINE_SLOWER\n", string); + break; + case TPM_CLOCK_NO_CHANGE: + printf("%s TPM_CLOCK_NO_CHANGE\n", string); + break; + case TPM_CLOCK_FINE_FASTER: + printf("%s TPM_CLOCK_FINE_FASTER\n", string); + break; + case TPM_CLOCK_MEDIUM_FASTER: + printf("%s TPM_CLOCK_MEDIUM_FASTER\n", string); + break; + case TPM_CLOCK_COARSE_FASTER: + printf("%s TPM_CLOCK_COARSE_FASTER\n", string); + break; + default: + printf("%s TPM_CLOCK_ADJUST value %d unknown\n", string, source); + } + return; +} + +/* Table 18 - Definition of (UINT16) TPM_EO Constants */ + +void TSS_TPM_EO_Print(const char *string, TPM_EO source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_EO_EQ: + printf("%s TPM_EO_EQ\n", string); + break; + case TPM_EO_NEQ: + printf("%s TPM_EO_NEQ\n", string); + break; + case TPM_EO_SIGNED_GT: + printf("%s TPM_EO_SIGNED_GT\n", string); + break; + case TPM_EO_UNSIGNED_GT: + printf("%s TPM_EO_UNSIGNED_GT\n", string); + break; + case TPM_EO_SIGNED_LT: + printf("%s TPM_EO_SIGNED_LT\n", string); + break; + case TPM_EO_UNSIGNED_LT: + printf("%s TPM_EO_UNSIGNED_LT\n", string); + break; + case TPM_EO_SIGNED_GE: + printf("%s TPM_EO_SIGNED_GE\n", string); + break; + case TPM_EO_UNSIGNED_GE: + printf("%s TPM_EO_UNSIGNED_GE\n", string); + break; + case TPM_EO_SIGNED_LE: + printf("%s TPM_EO_SIGNED_LE\n", string); + break; + case TPM_EO_UNSIGNED_LE: + printf("%s TPM_EO_UNSIGNED_LE\n", string); + break; + case TPM_EO_BITSET: + printf("%s TPM_EO_BITSET\n", string); + break; + case TPM_EO_BITCLEAR: + printf("%s TPM_EO_BITCLEAR\n", string); + break; + default: + printf("%s TPM_EO value %04hx unknown\n", string, source); + } + return; +} + +/* Table 19 - Definition of (UINT16) TPM_ST Constants */ + +void TSS_TPM_ST_Print(const char *string, TPM_ST source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_ST_RSP_COMMAND: + printf("%s TPM_ST_RSP_COMMAND\n", string); + break; + case TPM_ST_NULL: + printf("%s TPM_ST_NULL\n", string); + break; + case TPM_ST_NO_SESSIONS: + printf("%s TPM_ST_NO_SESSIONS\n", string); + break; + case TPM_ST_SESSIONS: + printf("%s TPM_ST_SESSIONS\n", string); + break; + case TPM_ST_ATTEST_NV: + printf("%s TPM_ST_ATTEST_NV\n", string); + break; + case TPM_ST_ATTEST_COMMAND_AUDIT: + printf("%s TPM_ST_ATTEST_COMMAND_AUDIT\n", string); + break; + case TPM_ST_ATTEST_SESSION_AUDIT: + printf("%s TPM_ST_ATTEST_SESSION_AUDIT\n", string); + break; + case TPM_ST_ATTEST_CERTIFY: + printf("%s TPM_ST_ATTEST_CERTIFY\n", string); + break; + case TPM_ST_ATTEST_QUOTE: + printf("%s TPM_ST_ATTEST_QUOTE\n", string); + break; + case TPM_ST_ATTEST_TIME: + printf("%s TPM_ST_ATTEST_TIME\n", string); + break; + case TPM_ST_ATTEST_CREATION: + printf("%s TPM_ST_ATTEST_CREATION\n", string); + break; + case TPM_ST_ATTEST_NV_DIGEST: + printf("%s TPM_ST_ATTEST_NV_DIGEST\n", string); + break; + case TPM_ST_CREATION: + printf("%s TPM_ST_CREATION\n", string); + break; + case TPM_ST_VERIFIED: + printf("%s TPM_ST_VERIFIED\n", string); + break; + case TPM_ST_AUTH_SECRET: + printf("%s TPM_ST_AUTH_SECRET\n", string); + break; + case TPM_ST_HASHCHECK: + printf("%s TPM_ST_HASHCHECK\n", string); + break; + case TPM_ST_AUTH_SIGNED: + printf("%s TPM_ST_AUTH_SIGNED\n", string); + break; + default: + printf("%s TPM_ST value %04hx unknown\n", string, source); + } + return; +} + +/* Table 20 - Definition of (UINT16) TPM_SU Constants */ + +void TSS_TPM_SU_Print(const char *string, TPM_SU source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_SU_CLEAR: + printf("%s TPM_SU_CLEAR\n", string); + break; + case TPM_SU_STATE: + printf("%s TPM_SU_STATE\n", string); + break; + default: + printf("%s TPM_SU value %04hx unknown\n", string, source); + } + return; +} + +/* Table 21 - Definition of (UINT8) TPM_SE Constants */ + +void TSS_TPM_SE_Print(const char *string, TPM_SE source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_SE_HMAC: + printf("%s TPM_SE_HMAC\n", string); + break; + case TPM_SE_POLICY: + printf("%s TPM_SE_POLICY\n", string); + break; + case TPM_SE_TRIAL: + printf("%s TPM_SE_TRIAL\n", string); + break; + default: + printf("%s TPM_SE value %02x unknown\n", string, source); + } + return; +} + +/* Table 22 - Definition of (UINT32) TPM_CAP Constants */ + +void TSS_TPM_CAP_Print(const char *string, TPM_CAP source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_CAP_ALGS: + printf("%s TPM_CAP_ALGS\n", string); + break; + case TPM_CAP_HANDLES: + printf("%s TPM_CAP_HANDLES\n", string); + break; + case TPM_CAP_COMMANDS: + printf("%s TPM_CAP_COMMANDS\n", string); + break; + case TPM_CAP_PP_COMMANDS: + printf("%s TPM_CAP_PP_COMMANDS\n", string); + break; + case TPM_CAP_AUDIT_COMMANDS: + printf("%s TPM_CAP_AUDIT_COMMANDS\n", string); + break; + case TPM_CAP_PCRS: + printf("%s TPM_CAP_PCRS\n", string); + break; + case TPM_CAP_TPM_PROPERTIES: + printf("%s TPM_CAP_TPM_PROPERTIES\n", string); + break; + case TPM_CAP_PCR_PROPERTIES: + printf("%s TPM_CAP_PCR_PROPERTIES\n", string); + break; + case TPM_CAP_ECC_CURVES: + printf("%s TPM_CAP_ECC_CURVES\n", string); + break; + case TPM_CAP_AUTH_POLICIES: + printf("%s TPM_CAP_AUTH_POLICIES\n", string); + break; + case TPM_CAP_VENDOR_PROPERTY: + printf("%s TPM_CAP_VENDOR_PROPERTY\n", string); + break; + default: + printf("%s TPM_CAP value %08x unknown\n", string, source); + } + return; +} + +/* Table 26 - Definition of Types for Handles */ + +void TSS_TPM_HANDLE_Print(const char *string, TPM_HANDLE source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_RH_SRK: + printf("%s TPM_RH_SRK\n", string); + break; + case TPM_RH_OWNER: + printf("%s TPM_RH_OWNER\n", string); + break; + case TPM_RH_REVOKE: + printf("%s TPM_RH_REVOKE\n", string); + break; + case TPM_RH_TRANSPORT: + printf("%s TPM_RH_TRANSPORT\n", string); + break; + case TPM_RH_OPERATOR: + printf("%s TPM_RH_OPERATOR\n", string); + break; + case TPM_RH_ADMIN: + printf("%s TPM_RH_ADMIN\n", string); + break; + case TPM_RH_EK: + printf("%s TPM_RH_EK\n", string); + break; + case TPM_RH_NULL: + printf("%s TPM_RH_NULL\n", string); + break; + case TPM_RH_UNASSIGNED: + printf("%s TPM_RH_UNASSIGNED\n", string); + break; + case TPM_RS_PW: + printf("%s TPM_RS_PW\n", string); + break; + case TPM_RH_LOCKOUT: + printf("%s TPM_RH_LOCKOUT\n", string); + break; + case TPM_RH_ENDORSEMENT: + printf("%s TPM_RH_ENDORSEMENT\n", string); + break; + case TPM_RH_PLATFORM: + printf("%s TPM_RH_PLATFORM\n", string); + break; + case TPM_RH_PLATFORM_NV: + printf("%s TPM_RH_PLATFORM_NV\n", string); + break; + default: + printf("%s TPM_HANDLE %08x\n", string, source); + } + return; +} + +/* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */ + +void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent) +{ + if (source.val & TPMA_ALGORITHM_ASYMMETRIC) printf("%*s" "TPMA_ALGORITHM: asymmetric\n", indent, ""); + if (source.val & TPMA_ALGORITHM_SYMMETRIC) printf("%*s" "TPMA_ALGORITHM: symmetric\n", indent, ""); + if (source.val & TPMA_ALGORITHM_HASH) printf("%*s" "TPMA_ALGORITHM: hash\n", indent, ""); + if (source.val & TPMA_ALGORITHM_OBJECT) printf("%*s" "TPMA_ALGORITHM: object\n", indent, ""); + if (source.val & TPMA_ALGORITHM_SIGNING) printf("%*s" "TPMA_ALGORITHM: signing\n", indent, ""); + if (source.val & TPMA_ALGORITHM_ENCRYPTING) printf("%*s" "TPMA_ALGORITHM: encrypting\n", indent, ""); + if (source.val & TPMA_ALGORITHM_METHOD) printf("%*s" "TPMA_ALGORITHM: method\n", indent, ""); + return; +} + +/* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */ + +void TSS_TPMA_OBJECT_Print(const char *string, TPMA_OBJECT source, unsigned int indent) +{ + printf("%*s%s: %08x\n", indent, "", string, source.val); + if (source.val & TPMA_OBJECT_FIXEDTPM) printf("%*s%s: fixedTpm\n", indent, "", string); + if (source.val & TPMA_OBJECT_STCLEAR) printf("%*s%s: stClear\n", indent, "", string); + if (source.val & TPMA_OBJECT_FIXEDPARENT) printf("%*s%s: fixedParent\n", indent, "", string); + if (source.val & TPMA_OBJECT_SENSITIVEDATAORIGIN) printf("%*s%s: sensitiveDataOrigin\n", indent, "", string); + if (source.val & TPMA_OBJECT_USERWITHAUTH) printf("%*s%s: userWithAuth\n", indent, "", string); + if (source.val & TPMA_OBJECT_ADMINWITHPOLICY) printf("%*s%s: adminWithPolicy\n", indent, "", string); + if (source.val & TPMA_OBJECT_NODA) printf("%*s%s: noDA\n", indent, "", string); + if (source.val & TPMA_OBJECT_ENCRYPTEDDUPLICATION) printf("%*s%s: encryptedDuplication\n", indent, "", string); + if (source.val & TPMA_OBJECT_RESTRICTED) printf("%*s%s: restricted\n", indent, "", string); + if (source.val & TPMA_OBJECT_DECRYPT) printf("%*s%s: decrypt\n", indent, "", string); + if (source.val & TPMA_OBJECT_SIGN) printf("%*s%s: sign\n", indent, "", string); + return; +} + +/* Table 32 - Definition of (UINT8) TPMA_SESSION Bits */ + +void TSS_TPMA_SESSION_Print(TPMA_SESSION source, unsigned int indent) +{ + + if (source.val & TPMA_SESSION_CONTINUESESSION) printf("%*s" "TPMA_SESSION: continue\n", indent, ""); + if (source.val & TPMA_SESSION_AUDITEXCLUSIVE) printf("%*s" "TPMA_SESSION: auditexclusive\n", indent, ""); + if (source.val & TPMA_SESSION_AUDITRESET) printf("%*s" "TPMA_SESSION: auditreset\n", indent, ""); + if (source.val & TPMA_SESSION_DECRYPT) printf("%*s" "TPMA_SESSION: decrypt\n", indent, ""); + if (source.val & TPMA_SESSION_ENCRYPT) printf("%*s" "TPMA_SESSION: encrypt\n", indent, ""); + if (source.val & TPMA_SESSION_AUDIT) printf("%*s" "TPMA_SESSION: audit\n", indent, ""); + return; +} + +/* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits */ + +void TSS_TPMA_LOCALITY_Print(TPMA_LOCALITY source, unsigned int indent) +{ + if (source.val & TPMA_LOCALITY_ZERO) printf("%*s" "TPMA_LOCALITY: zero\n", indent, ""); + if (source.val & TPMA_LOCALITY_ONE) printf("%*s" "TPMA_LOCALITY: one\n", indent, ""); + if (source.val & TPMA_LOCALITY_TWO) printf("%*s" "TPMA_LOCALITY: two\n", indent, ""); + if (source.val & TPMA_LOCALITY_THREE) printf("%*s" "TPMA_LOCALITY: three\n", indent, ""); + if (source.val & TPMA_LOCALITY_FOUR) printf("%*s" "TPMA_LOCALITY: four\n", indent, ""); + if (source.val & TPMA_LOCALITY_EXTENDED) printf("%*s" "TPMA_LOCALITY: extended\n", indent, ""); + return; +} + +/* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits */ + +void TSS_TPMA_PERMANENT_Print(TPMA_PERMANENT source, unsigned int indent) +{ + printf("%*s" "TPMA_PERMANENT: ownerAuthSet %s\n", indent, "", + (source.val & TPMA_PERMANENT_OWNERAUTHSET) ? "yes" : "no"); + printf("%*s" "TPMA_PERMANENT: endorsementAuthSet %s\n", indent, "", + (source.val & TPMA_PERMANENT_ENDORSEMENTAUTHSET) ? "yes" : "no"); + printf("%*s" "TPMA_PERMANENT: lockoutAuthSet %s\n", indent, "", + (source.val & TPMA_PERMANENT_LOCKOUTAUTHSET) ? "yes" : "no"); + printf("%*s" "TPMA_PERMANENT: disableClear %s\n", indent, "", + (source.val & TPMA_PERMANENT_DISABLECLEAR) ? "yes" : "no"); + printf("%*s" "TPMA_PERMANENT: inLockout %s\n", indent, "", + (source.val & TPMA_PERMANENT_INLOCKOUT) ? "yes" : "no"); + printf("%*s" "TPMA_PERMANENT: tpmGeneratedEPS %s\n", indent, "", + (source.val & TPMA_PERMANENT_TPMGENERATEDEPS) ? "yes" : "no"); + return; +} + +/* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits */ + +void TSS_TPMA_STARTUP_CLEAR_Print(TPMA_STARTUP_CLEAR source, unsigned int indent) +{ + printf("%*s" "TPMA_STARTUP_CLEAR: phEnable %s\n", indent, "", + (source.val & TPMA_STARTUP_CLEAR_PHENABLE) ? "yes" : "no"); + printf("%*s" "TPMA_STARTUP_CLEAR: shEnable %s\n", indent, "", + (source.val & TPMA_STARTUP_CLEAR_SHENABLE) ? "yes" : "no"); + printf("%*s" "TPMA_STARTUP_CLEAR: ehEnable %s\n", indent, "", + (source.val & TPMA_STARTUP_CLEAR_EHENABLE) ? "yes" : "no"); + printf("%*s" "TPMA_STARTUP_CLEAR: phEnableNV %s\n", indent, "", + (source.val & TPMA_STARTUP_CLEAR_PHENABLENV) ? "yes" : "no"); + printf("%*s" "TPMA_STARTUP_CLEAR: orderly %s\n", indent, "", + (source.val & TPMA_STARTUP_CLEAR_ORDERLY) ? "yes" : "no"); + return; +} + +/* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits */ + +void TSS_TPMA_MEMORY_Print(TPMA_MEMORY source, unsigned int indent) +{ + printf("%*s" "TPMA_MEMORY: sharedRAM %s\n", indent, "", + (source.val & TPMA_MEMORY_SHAREDRAM) ? "yes" : "no"); + printf("%*s" "TPMA_MEMORY: sharedNV %s\n", indent, "", + (source.val & TPMA_MEMORY_SHAREDNV) ? "yes" : "no"); + printf("%*s" "TPMA_MEMORY: objectCopiedToRam %s\n", indent, "", + (source.val & TPMA_MEMORY_OBJECTCOPIEDTORAM) ? "yes" : "no"); + return; +} + +/* Table 38 - Definition of (UINT32) TPMA_MODES Bits */ + +void TSS_TPMA_MODES_Print(TPMA_MODES source, unsigned int indent) +{ + printf("%*s" "TPMA_MODES: TPMA_MODES_FIPS_140_2 %s\n", indent, "", + (source.val & TPMA_MODES_FIPS_140_2) ? "yes" : "no"); + return; +} + +/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */ + +void TSS_TPMI_YES_NO_Print(const char *string, TPMI_YES_NO source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case NO: + printf("%s no\n", string); + break; + case YES: + printf("%s yes\n", string); + break; + default: + printf("%s TPMI_YES_NO %02x unknown\n", string, source); + } + return; +} + +/* Table 75 - Definition of TPMU_HA Union */ + + +void TSS_TPMU_HA_Print(TPMU_HA *source, uint32_t selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + TSS_PrintAlli("sha1", indent, source->sha1, SHA1_DIGEST_SIZE); + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + TSS_PrintAlli("sha256", indent, source->sha256, SHA256_DIGEST_SIZE); + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + TSS_PrintAlli("sha384", indent, source->sha384, SHA384_DIGEST_SIZE); + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + TSS_PrintAlli("sha512", indent, source->sha512, SHA512_DIGEST_SIZE); + break; +#endif +#ifdef TPM_ALG_SM3_256 + case TPM_ALG_SM3_256: + TSS_PrintAlli("sm3_256", indent, source->sm3_256, SM3_256_DIGEST_SIZE); + break; +#endif + case TPM_ALG_NULL: + break; + default: + printf("%*s" "TPMU_HA: selection %08x not implemented\n", indent, "", selector); + } + return; +} + +/* Table 76 - Definition of TPMT_HA Structure */ + +void TSS_TPMT_HA_Print(TPMT_HA *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2); + TSS_TPMU_HA_Print(&source->digest, source->hashAlg, indent+2); + return; +} + +/* Table 89 - Definition of TPMS_PCR_SELECT Structure */ + +void TSS_TPMS_PCR_SELECT_Print(TPMS_PCR_SELECT *source, unsigned int indent) +{ + printf("%*s" "TSS_TPMS_PCR_SELECT sizeofSelect %u\n", indent, "", source->sizeofSelect); + TSS_PrintAlli("pcrSelect", indent, source->pcrSelect, source->sizeofSelect); + return; +} + +/* Table 90 - Definition of TPMS_PCR_SELECTION Structure */ + +void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hash", source->hash, indent+2); + TSS_PrintAlli("TPMS_PCR_SELECTION", indent+2, + source->pcrSelect, + source->sizeofSelect); + return; +} + +/* Table 93 - Definition of TPMT_TK_CREATION Structure */ + +void TSS_TPMT_TK_CREATION_Print(TPMT_TK_CREATION *source, unsigned int indent) +{ + TSS_TPM_ST_Print("tag", source->tag, indent); + TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent); + TSS_TPM2B_Print("TPMT_TK_CREATION digest", indent, &source->digest.b); + return; +} + +/* Table 94 - Definition of TPMT_TK_VERIFIED Structure */ + +void TSS_TPMT_TK_VERIFIED_Print(TPMT_TK_VERIFIED *source, unsigned int indent) +{ + TSS_TPM_ST_Print("tag", source->tag, indent); + TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent); + TSS_TPM2B_Print("TPMT_TK_VERIFIED digest", indent, &source->digest.b); + return; +} + +/* Table 95 - Definition of TPMT_TK_AUTH Structure */ + +void TSS_TPMT_TK_AUTH_Print(TPMT_TK_AUTH *source, unsigned int indent) +{ + TSS_TPM_ST_Print("tag", source->tag, indent); + TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent); + TSS_TPM2B_Print("TPMT_TK_AUTH digest", indent, &source->digest.b); + return; +} + +/* Table 96 - Definition of TPMT_TK_HASHCHECK Structure */ + +void TSS_TPMT_TK_HASHCHECK_Print(TPMT_TK_HASHCHECK *source, unsigned int indent) +{ + TSS_TPM_ST_Print("tag", source->tag, indent); + TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent); + TSS_TPM2B_Print("TPMT_TK_AUTH digest", indent, &source->digest.b); + return; +} + +/* Table 101 - Definition of TPML_CC Structure */ + +void TSS_TPML_CC_Print(TPML_CC *source, unsigned int indent) +{ + uint32_t i; + printf("%*s" "TPML_CC count %u\n", indent, "", source->count); + for (i = 0 ; (i < source->count) ; i++) { + TSS_TPM_CC_Print("commandCode", source->commandCodes[i], indent); + } + return; +} + +/* Table 102 - Definition of TPML_PCR_SELECTION Structure */ + +void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent) +{ + uint32_t i; + printf("%*s" "TPML_PCR_SELECTION count %u\n", indent, "", source->count); + for (i = 0 ; (i < source->count) ; i++) { + TSS_TPMS_PCR_SELECTION_Print(&source->pcrSelections[i], indent); + } + return; +} + +/* Table 103 - Definition of TPML_ALG Structure */ + +void TSS_TPML_ALG_Print(TPML_ALG *source, unsigned int indent) +{ + uint32_t i; + printf("%*s" "TPML_ALG count %u\n", indent, "", source->count); + for (i = 0 ; (i < source->count) ; i++) { + TSS_TPM_ALG_ID_Print("algorithms", source->algorithms[i], indent); + } + return; +} + +/* Table 105 - Definition of TPML_DIGEST Structure */ + +void TSS_TPML_DIGEST_Print(TPML_DIGEST *source, unsigned int indent) +{ + uint32_t i; + printf("%*s" "TPML_DIGEST count %u\n", indent, "", source->count); + for (i = 0 ; (i < source->count) ; i++) { + TSS_TPM2B_Print("TPML_DIGEST digest", indent, &source->digests[i].b); + } + return; +} + +/* Table 106 - Definition of TPML_DIGEST_VALUES Structure */ + +void TSS_TPML_DIGEST_VALUES_Print(TPML_DIGEST_VALUES *source, unsigned int indent) +{ + uint32_t i; + printf("%*s" "TPML_DIGEST_VALUES count %u\n", indent, "", source->count); + for (i = 0 ; (i < source->count) ; i++) { + TSS_TPMT_HA_Print(&source->digests[i], indent); + } + return; +} + +/* Table 115 - Definition of TPMS_CLOCK_INFO Structure */ + +void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent) +{ + printf("%*s" "TPMS_CLOCK_INFO clock %"PRIu64"\n", indent, "", source->clock); + printf("%*s" "TPMS_CLOCK_INFO resetCount %u\n", indent, "", source->resetCount); + printf("%*s" "TPMS_CLOCK_INFO restartCount %u\n", indent, "", source->restartCount); + printf("%*s" "TPMS_CLOCK_INFO safe %x\n", indent, "", source->safe); + return; +} + +/* Table 116 - Definition of TPMS_TIME_INFO Structure */ + +void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent) +{ + uint64_t days; + uint64_t hours; + uint64_t minutes; + uint64_t seconds; + printf("%*s" "TPMS_TIME_INFO time %"PRIu64" msec", indent, "", source->time); + days = source->time/(1000 * 60 * 60 * 24); + hours = (source->time % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60); + minutes = (source->time % (1000 * 60 * 60)) / (1000 * 60); + seconds = (source->time % (1000 * 60)) / (1000); + printf(" - %"PRIu64" days %"PRIu64" hours %"PRIu64" minutes %"PRIu64" seconds\n", + days, hours, minutes, seconds); + TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2); + return; +} + +/* Table 117 - Definition of TPMS_TIME_ATTEST_INFO Structure */ + +void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent) +{ + TSS_TPMS_TIME_INFO_Print(&source->time, indent+2); + printf("%*s" "TPMS_TIME_ATTEST_INFO firmwareVersion %"PRIu64"\n", indent, "", source->firmwareVersion); + return; +} + +/* Table 118 - Definition of TPMS_CERTIFY_INFO Structure */ + +void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_CERTIFY_INFO name", indent, &source->name.b); + TSS_TPM2B_Print("TPMS_CERTIFY_INFO qualifiedName", indent, &source->qualifiedName.b); + return; +} + +/* Table 119 - Definition of TPMS_QUOTE_INFO Structure */ + +void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent) +{ + TSS_TPML_PCR_SELECTION_Print(&source->pcrSelect, indent+2); + TSS_TPM2B_Print("TPMS_QUOTE_INFO pcrDigest", indent+2, &source->pcrDigest.b); + return; +} + +/* Table 120 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ + +void TSS_TPMS_COMMAND_AUDIT_INFO_Print(TPMS_COMMAND_AUDIT_INFO *source, unsigned int indent) +{ + printf("%*s" "TPMS_COMMAND_AUDIT_INFO auditCounter %"PRIu64"\n", indent, "", source->auditCounter); + TSS_TPM_ALG_ID_Print("digestAlg", source->digestAlg, indent); + TSS_TPM2B_Print("TPMS_COMMAND_AUDIT_INFO auditDigest", indent, &source->auditDigest.b); + TSS_TPM2B_Print("TPMS_COMMAND_AUDIT_INFO commandDigest", indent, &source->commandDigest.b); + return; +} + +/* Table 121 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ + +void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent) +{ + printf("%*s" "TPMS_SESSION_AUDIT_INFO exclusiveSession %d\n", indent, "", + source->exclusiveSession); + TSS_TPM2B_Print("TPMS_SESSION_AUDIT_INFO sessionDigest", indent, &source->sessionDigest.b); + return; +} + +/* Table 122 - Definition of TPMS_CREATION_INFO Structure */ + +void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_CREATION_INFO objectName", indent, &source->objectName.b); + TSS_TPM2B_Print("TPMS_CREATION_INFO creationHash", indent, &source->creationHash.b); + return; +} + +/* Table 123 - Definition of TPMS_NV_CERTIFY_INFO Structure */ + +void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_NV_CERTIFY_INFO indexName", indent, &source->indexName.b); + printf("%*s" "TPMS_NV_CERTIFY_INFO offset %d\n", indent, "", source->offset); + TSS_TPM2B_Print("TPMS_NV_CERTIFY_INFO nvContents", indent, &source->nvContents.b); + return; +} + +/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure */ +void TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(TPMS_NV_DIGEST_CERTIFY_INFO *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_NV_DIGEST_CERTIFY_INFO indexName", indent, &source->indexName.b); + TSS_TPM2B_Print("TPMS_NV_DIGEST_CERTIFY_INFO nvDigest", indent, &source->nvDigest.b); + return; +} + +/* Table 124 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ + +void TSS_TPMI_ST_ATTEST_Print(const char *string, TPMI_ST_ATTEST selector, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (selector) { + case TPM_ST_ATTEST_CERTIFY: + printf("%s TPM_ST_ATTEST_CERTIFY\n", string); + break; + case TPM_ST_ATTEST_CREATION: + printf("%s TPM_ST_ATTEST_CREATION\n", string); + break; + case TPM_ST_ATTEST_QUOTE: + printf("%s TPM_ST_ATTEST_QUOTE\n", string); + break; + case TPM_ST_ATTEST_COMMAND_AUDIT: + printf("%s TPM_ST_ATTEST_COMMAND_AUDIT\n", string); + break; + case TPM_ST_ATTEST_SESSION_AUDIT: + printf("%s TPM_ST_ATTEST_SESSION_AUDIT\n", string); + break; + case TPM_ST_ATTEST_TIME: + printf("%s TPM_ST_ATTEST_TIME\n", string); + break; + case TPM_ST_ATTEST_NV: + printf("%s TPM_ST_ATTEST_NV\n", string); + break; + case TPM_ST_ATTEST_NV_DIGEST: + printf("%s TPM_ST_ATTEST_NV_DIGEST\n", string); + break; + default: + printf("%s TPMI_ST_ATTEST_Print: selection %04hx not implemented\n", string, selector); + } + return; +} + +/* Table 125 - Definition of TPMU_ATTEST Union */ + +void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent) +{ + switch (selector) { + case TPM_ST_ATTEST_CERTIFY: + TSS_TPMS_CERTIFY_INFO_Print(&source->certify, indent+2); + break; + case TPM_ST_ATTEST_CREATION: + TSS_TPMS_CREATION_INFO_Print(&source->creation, indent+2); + break; + case TPM_ST_ATTEST_QUOTE: + TSS_TPMS_QUOTE_INFO_Print(&source->quote, indent+2); + break; + case TPM_ST_ATTEST_COMMAND_AUDIT: + TSS_TPMS_COMMAND_AUDIT_INFO_Print(&source->commandAudit, indent+2); + break; + case TPM_ST_ATTEST_SESSION_AUDIT: + TSS_TPMS_SESSION_AUDIT_INFO_Print(&source->sessionAudit, indent+2); + break; + case TPM_ST_ATTEST_TIME: + TSS_TPMS_TIME_ATTEST_INFO_Print(&source->time, indent+2); + break; + case TPM_ST_ATTEST_NV: + TSS_TPMS_NV_CERTIFY_INFO_Print(&source->nv, indent+2); + break; + case TPM_ST_ATTEST_NV_DIGEST: + TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(&source->nvDigest, indent+2); + break; + default: + printf("%*s" "TPMU_ATTEST selection %04hx not implemented\n", indent, "", selector); + } + return; +} + +/* Table 126 - Definition of TPMS_ATTEST Structure */ + +void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent) +{ + printf("%*s" "TPMS_ATTEST magic %08x\n", indent+2, "", source->magic); + TSS_TPMI_ST_ATTEST_Print("type", source->type, indent+2); + TSS_TPM2B_Print("TPMS_ATTEST qualifiedSigner", indent+2, &source->qualifiedSigner.b); + TSS_TPM2B_Print("TPMS_ATTEST extraData", indent+2, &source->extraData.b); + TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2); + printf("%*s" "TPMS_ATTEST firmwareVersion %"PRIu64"\n", indent+2, "", source->firmwareVersion); + TSS_TPMU_ATTEST_Print(&source->attested, source->type, indent+2); + return; +} + +#if 0 /* Removed because it required a large stack allocation. The utilities didn't use it, but + rather did the unmarshal and print themselves. */ + +/* Table 127 - Definition of TPM2B_ATTEST Structure */ + +void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent) +{ + TPM_RC rc = 0; + TPMS_ATTEST attests; + uint32_t size; + uint8_t *buffer = NULL; + + /* unmarshal the TPMS_ATTEST from the TPM2B_ATTEST */ + if (rc == 0) { + buffer = source->t.attestationData; + size = source->t.size; + rc = TSS_TPMS_ATTEST_Unmarshalu(&attests, &buffer, &size); + } + if (rc == 0) { + TSS_TPMS_ATTEST_Print(&attests, indent+2); + } + else { + printf("%*s" "TPMS_ATTEST_Unmarshal failed\n", indent, ""); + } + return; +} +#endif + +/* Table 128 - Definition of TPMS_AUTH_COMMAND Structure */ + +void TSS_TPMS_AUTH_COMMAND_Print(TPMS_AUTH_COMMAND *source, unsigned int indent) +{ + TSS_TPM_HANDLE_Print("sessionHandle", source->sessionHandle, indent); + TSS_TPM2B_Print("TPMS_AUTH_COMMAND nonce", indent, &source->nonce.b); + TSS_TPMA_SESSION_Print(source->sessionAttributes, indent); + TSS_TPM2B_Print("TPMS_AUTH_COMMAND hmac", indent, &source->hmac.b); + return; +} + +/* Table 129 - Definition of TPMS_AUTH_RESPONSE Structure */ + +void TSS_TPMS_AUTH_RESPONSE_Print(TPMS_AUTH_RESPONSE *source, unsigned int indent) +{ + TSS_PrintAlli("TPMS_AUTH_RESPONSE nonce", indent, + source->nonce.t.buffer, + source->nonce.t.size); + TSS_TPMA_SESSION_Print(source->sessionAttributes, indent); + TSS_TPM2B_Print("TPMS_AUTH_RESPONSE hmac", indent, &source->hmac.b); + return; +} + +/* Table 130 - Definition of {!ALG.S} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ + +void TSS_TPM_KEY_BITS_Print(TPM_KEY_BITS source, unsigned int indent) +{ + printf("%*s" "TPM_KEY_BITS %u\n", indent, "", source); + return; +} + +/* Table 131 - Definition of TPMU_SYM_KEY_BITS Union */ + +void TSS_TPMU_SYM_KEY_BITS_Print(TPMU_SYM_KEY_BITS *source, TPMI_ALG_SYM selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_AES + case TPM_ALG_AES: + TSS_TPM_KEY_BITS_Print(source->aes, indent); + break; +#endif +#ifdef TPM_ALG_SM4 + case TPM_ALG_SM4: + TSS_TPM_KEY_BITS_Print(source->sm4, indent); + break; +#endif +#ifdef TPM_ALG_CAMELLIA + case TPM_ALG_CAMELLIA: + TSS_TPM_KEY_BITS_Print(source->camellia, indent); + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + TSS_TPM_ALG_ID_Print("xorr", source->xorr, indent); + break; +#endif + default: + printf("%*s" "TPMI_ALG_SYM value %04hx unknown\n", indent, "", selector); + } + + return; +} + +/* Table 134 - Definition of TPMT_SYM_DEF Structure */ + +void TSS_TPMT_SYM_DEF_Print(TPMT_SYM_DEF *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("algorithm", source->algorithm, indent); + TSS_TPMU_SYM_KEY_BITS_Print(&source->keyBits, source->algorithm, indent); + TSS_TPM_ALG_ID_Print("mode", source->mode.sym, indent); + return; +} + +/* Table 135 - Definition of TPMT_SYM_DEF_OBJECT Structure */ + +void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("algorithm", source->algorithm, indent+2); + if (source->algorithm != TPM_ALG_NULL) { + printf("%*s" "keyBits: %u\n", indent+2, "", source->keyBits.sym); + TSS_TPM_ALG_ID_Print("mode", source->mode.sym, indent+2); + } + return; +} + +/* Table 139 - Definition of TPMS_DERIVE Structure */ + +void TSS_TPMS_DERIVE_Print(TPMS_DERIVE *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_DERIVE label", indent, &source->label.b); + TSS_TPM2B_Print("TPMS_DERIVE context", indent, &source->context.b); + return; +} + +/* Table 143 - Definition of TPMS_SENSITIVE_CREATE Structure */ + +void TSS_TPMS_SENSITIVE_CREATE_Print(TPMS_SENSITIVE_CREATE *source, unsigned int indent) +{ + TSS_TPM2B_Print("userAuth", indent, &source->userAuth.b); + TSS_TPM2B_Print("data", indent, &source->data.b); + return; +} + +/* Table 144 - Definition of TPM2B_SENSITIVE_CREATE Structure */ + +void TSS_TPM2B_SENSITIVE_CREATE_Print(const char *string, TPM2B_SENSITIVE_CREATE *source, unsigned int indent) +{ + printf("%*s" "%s\n", indent, "", string); + TSS_TPMS_SENSITIVE_CREATE_Print(&source->sensitive, indent+2); + return; +} + +/* Table 146 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ + +void TSS_TPMS_SCHEME_ECDAA_Print(TPMS_SCHEME_ECDAA *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2); + printf("%*s" "TPMS_SCHEME_ECDAA count %u\n", indent+2, "", source->count); + return; +} + +/* Table 149 - Definition of TPMS_SCHEME_XOR Structure */ + +void TSS_TPMS_SCHEME_XOR_Print(TPMS_SCHEME_XOR *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2); + TSS_TPM_ALG_ID_Print("kdf", source->kdf, indent+2); + return; +} + +/* Table 150 - Definition of TPMU_SCHEME_KEYEDHASH Union */ + +void TSS_TPMU_SCHEME_KEYEDHASH_Print(TPMU_SCHEME_KEYEDHASH *source, TPMI_ALG_KEYEDHASH_SCHEME selector, + unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + TSS_TPM_ALG_ID_Print("hmac", source->hmac.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_XOR + case TPM_ALG_XOR: + TSS_TPMS_SCHEME_XOR_Print(&source->xorr, indent+2); + break; +#endif + default: + printf("%*s" "TPMU_SCHEME_KEYEDHASH selection %04hx not implemented\n", indent, "", selector); + } + return; +} + +/* Table 151 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + +void TSS_TPMT_KEYEDHASH_SCHEME_Print(TPMT_KEYEDHASH_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPMU_SCHEME_KEYEDHASH_Print(&source->details, source->scheme, indent+2); + } + return; +} + +/* Table 154 - Definition of TPMU_SIG_SCHEME Union */ + +void TSS_TPMU_SIG_SCHEME_Print(TPMU_SIG_SCHEME *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + TSS_TPM_ALG_ID_Print("rsassa", source->rsassa.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + TSS_TPM_ALG_ID_Print("rsapss", source->rsapss.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + TSS_TPM_ALG_ID_Print("ecdsa", source->ecdsa.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + TSS_TPMS_SCHEME_ECDAA_Print(&source->ecdaa, indent+2); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + TSS_TPM_ALG_ID_Print("sm2", source->sm2.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + TSS_TPM_ALG_ID_Print("ecSchnorr", source->ecSchnorr.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + TSS_TPM_ALG_ID_Print("hmac", source->hmac.hashAlg, indent+2); + break; +#endif + default: + printf("%*s" "TPMU_SIG_SCHEME selection %04hx not implemented\n", indent, "", selector); + } + return; +} + +/* Table " Definition", 155 - Definition of TPMT_SIG_SCHEME Structure */ + +void TSS_TPMT_SIG_SCHEME_Print(TPMT_SIG_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPMU_SIG_SCHEME_Print(&source->details, source->scheme, indent+2); + } + return; +} + +/* Table 160 - Definition of TPMT_KDF_SCHEME Structure */ + +void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPM_ALG_ID_Print("details", source->details.mgf1.hashAlg, indent+2); + } + return; +} + +/* Table 162 - Definition of TPMU_ASYM_SCHEME Union */ + +void TSS_TPMU_ASYM_SCHEME_Print(TPMU_ASYM_SCHEME *source, TPMI_ALG_ASYM_SCHEME selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_ECDH + case TPM_ALG_ECDH: + TSS_TPM_ALG_ID_Print("ecdh", source->ecdh.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECMQV + case TPM_ALG_ECMQV: + TSS_TPM_ALG_ID_Print("ecmqvh", source->ecmqvh.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + TSS_TPM_ALG_ID_Print("rsassa", source->rsassa.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + TSS_TPM_ALG_ID_Print("rsapss", source->rsapss.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + TSS_TPM_ALG_ID_Print("ecdsa", source->ecdsa.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + TSS_TPMS_SCHEME_ECDAA_Print(&source->ecdaa, indent+2); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + TSS_TPM_ALG_ID_Print("sm2", source->sm2.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + TSS_TPM_ALG_ID_Print("ecSchnorr", source->ecSchnorr.hashAlg, indent+2); + break; +#endif +#ifdef TPM_ALG_RSAES + case TPM_ALG_RSAES: + break; +#endif +#ifdef TPM_ALG_OAEP + case TPM_ALG_OAEP: + TSS_TPM_ALG_ID_Print("oaep", source->oaep.hashAlg, indent+2); + break; +#endif + default: + printf("%*s" "TPMU_ASYM_SCHEME selection %04hx not implemented\n", indent, "", selector); + } + return; +} + +/* Table 163 - Definition of TPMT_ASYM_SCHEME Structure <> */ + +void TSS_TPMT_ASYM_SCHEME_Print(TPMT_ASYM_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPMU_ASYM_SCHEME_Print(&source->details, source->scheme, indent+2); + } + return; +} + +/* Table 165 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ + +void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPM_ALG_ID_Print("details", source->details.anySig.hashAlg, indent+2); + } + return; +} + +/* Table 167 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ + +void TSS_TPMT_RSA_DECRYPT_Print(TPMT_RSA_DECRYPT *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPMU_ASYM_SCHEME_Print(&source->details, source->scheme, indent+2); + } + return; +} + +/* Table 169 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ + +void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent) +{ + printf("%*s" "TPM_KEY_BITS keyBits: %u\n", indent, "", source); + return; +} + +/* Table 172 - Definition of {ECC} TPMS_ECC_POINT Structure */ + +void TSS_TPMS_ECC_POINT_Print(TPMS_ECC_POINT *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_ECC_POINT x", indent+2, &source->x.b); + TSS_TPM2B_Print("TPMS_ECC_POINT y", indent+2, &source->y.b); + return; +} + +/* Table 173 - Definition of {ECC} TPM2B_ECC_POINT Structure */ + +void TSS_TPM2B_ECC_POINT_Print(const char *string, TPM2B_ECC_POINT *source, unsigned int indent) +{ + printf("%*s" "%s\n", indent, "", string); + TSS_TPMS_ECC_POINT_Print(&source->point, indent); + return; +} + +/* Table 175 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + +void TSS_TPMI_ECC_CURVE_Print(const char *string, TPMI_ECC_CURVE source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { + case TPM_ECC_BN_P256: + printf("%s TPM_ECC_BN_P256\n", string); + break; + case TPM_ECC_NIST_P256: + printf("%s TPM_ECC_NIST_P256\n", string); + break; + case TPM_ECC_NIST_P384: + printf("%s TPM_ECC_NIST_P384\n", string); + break; + default: + printf("%s TPMI_ECC_CURVE %04hx unknown\n", string, source); + } + return; +} + +/* Table 176 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ + +void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2); + if (source->scheme != TPM_ALG_NULL) { + TSS_TPM_ALG_ID_Print("details", source->details.anySig.hashAlg, indent+2); + } + return; +} + +/* Table 177 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ + +void TSS_TPMS_ALGORITHM_DETAIL_ECC_Print(TPMS_ALGORITHM_DETAIL_ECC *source, unsigned int indent) +{ + TSS_TPM_ECC_CURVE_Print("curveID", source->curveID, indent+2); + printf("%*s" "TPMS_ALGORITHM_DETAIL_ECC keySize %u\n", indent+2, "", source->keySize); + TSS_TPMT_KDF_SCHEME_Print(&source->kdf, indent+2); + TSS_TPMT_ECC_SCHEME_Print(&source->sign, indent+2); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC p", indent, &source->p.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC a", indent, &source->a.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC b", indent, &source->b.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC gX", indent, &source->gX.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC gY", indent, &source->gY.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC n", indent, &source->n.b); + TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC h", indent, &source->h.b); + return; +} + +/* Table 178 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ + +void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hash", source->hash, indent+2); + TSS_TPM2B_Print("TPMS_SIGNATURE_RSA sig", indent+2, &source->sig.b); + return; +} + +/* Table 179 - Definition of Types for {RSA} Signature */ + +void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent) +{ + TSS_TPMS_SIGNATURE_RSA_Print(source, indent+2); + return; +} + +/* Table 180 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ + +void TSS_TPMS_SIGNATURE_ECC_Print(TPMS_SIGNATURE_ECC *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("hash", source->hash, indent); + TSS_TPM2B_Print("TPMS_SIGNATURE_ECC signatureR", indent, &source->signatureR.b); + TSS_TPM2B_Print("TPMS_SIGNATURE_ECC signatureS", indent, &source->signatureS.b); + return; +} + +/* Table 182 - Definition of TPMU_SIGNATURE Union */ + +void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_RSASSA + case TPM_ALG_RSASSA: + TSS_TPMS_SIGNATURE_RSA_Print(&source->rsassa, indent+2); + break; +#endif +#ifdef TPM_ALG_RSAPSS + case TPM_ALG_RSAPSS: + TSS_TPMS_SIGNATURE_RSA_Print(&source->rsapss, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDSA + case TPM_ALG_ECDSA: + TSS_TPMS_SIGNATURE_ECC_Print(&source->ecdsa, indent+2); + break; +#endif +#ifdef TPM_ALG_ECDAA + case TPM_ALG_ECDAA: + TSS_TPMS_SIGNATURE_ECC_Print(&source->ecdaa, indent+2); + break; +#endif +#ifdef TPM_ALG_SM2 + case TPM_ALG_SM2: + TSS_TPMS_SIGNATURE_ECC_Print(&source->sm2, indent+2); + break; +#endif +#ifdef TPM_ALG_ECSCHNORR + case TPM_ALG_ECSCHNORR: + TSS_TPMS_SIGNATURE_ECC_Print(&source->ecschnorr, indent+2); + break; +#endif +#ifdef TPM_ALG_HMAC + case TPM_ALG_HMAC: + TSS_TPMT_HA_Print(&source->hmac, indent+2); + break; +#endif + default: + printf("%*s" "TPMU_SIGNATURE selection %04hx not implemented\n", indent, "", selector); + + } +} + +/* Table 183 - Definition of TPMT_SIGNATURE Structure */ + +void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("sigAlg", source->sigAlg, indent+2); + if (source->sigAlg != TPM_ALG_NULL) { + TSS_TPMU_SIGNATURE_Print(&source->signature, source->sigAlg, indent); + } + return; +} + +/* Table 186 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + +void TSS_TPMI_ALG_PUBLIC_Print(const char *string, TPMI_ALG_PUBLIC source, unsigned int indent) +{ + printf("%*s", indent, ""); + switch (source) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + printf("%s TPM_ALG_KEYEDHASH\n", string); + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + printf("%s TPM_ALG_RSA\n", string); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + printf("%s TPM_ALG_ECC\n", string); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + printf("%s TPM_ALG_SYMCIPHER\n", string); + break; +#endif + default: + printf("%s selection %04hx not implemented\n", string, source); + } + return; +} + +/* Table 187 - Definition of TPMU_PUBLIC_ID Union */ + +void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + TSS_TPM2B_Print("TPM_ALG_KEYEDHASH keyedHash", indent, &source->keyedHash.b); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + TSS_TPM2B_Print("TPM_ALG_SYMCIPHER sym", indent, &source->sym.b); + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + TSS_TPM2B_Print("TPM_ALG_RSA rsa", indent, &source->rsa.b); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + TSS_TPM2B_Print("TPM_ALG_ECC x", indent, &source->ecc.x.b); + TSS_TPM2B_Print("TPM_ALG_ECC y", indent, &source->ecc.y.b); + break; +#endif + default: + printf("%*s" "TPMU_PUBLIC_ID_Print: selection %04hx not implemented\n", indent, "", selector); + } + return; +} + +/* Table 188 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + +void TSS_TPMS_KEYEDHASH_PARMS_Print(TPMS_KEYEDHASH_PARMS *source, unsigned int indent) +{ + TSS_TPMT_KEYEDHASH_SCHEME_Print(&source->scheme, indent); + return; +} + +/* Table 189 - Definition of TPMS_ASYM_PARMS Structure <> */ + +void TSS_TPMS_ASYM_PARMS_Print(TPMS_ASYM_PARMS *source, unsigned int indent) +{ + TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent+2); + TSS_TPMT_ASYM_SCHEME_Print(&source->scheme, indent+2); + return; +} + +/* Table 190 - Definition of {RSA} TPMS_RSA_PARMS Structure */ + +void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent) +{ + TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent); + TSS_TPMT_RSA_SCHEME_Print(&source->scheme, indent); + TSS_TPMI_RSA_KEY_BITS_Print(source->keyBits, indent); + printf("%*s" "TPMS_RSA_PARMS exponent %08x\n", indent, "", source->exponent); + return; +} + +/* Table 191 - Definition of {ECC} TPMS_ECC_PARMS Structure */ + +void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent) +{ + TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent); + TSS_TPMT_ECC_SCHEME_Print(&source->scheme, indent); + TSS_TPMI_ECC_CURVE_Print("curveID", source->curveID, indent); + TSS_TPMT_KDF_SCHEME_Print(&source->kdf, indent); + return; +} + +/* Table 192 - Definition of TPMU_PUBLIC_PARMS Union */ + +void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, uint32_t selector, unsigned int indent) +{ + switch (selector) { + case TPM_ALG_KEYEDHASH: + printf("%*s" "TPMU_PUBLIC_PARMS keyedHashDetail\n", indent, ""); + TSS_TPMS_KEYEDHASH_PARMS_Print(&source->keyedHashDetail, indent); + break; +#if 0 + case TPM_ALG_SYMCIPHER: + printf("%*s" "TPMU_PUBLIC_PARMS symDetail\n", indent, ""); + TSS_TPMS_SYMCIPHER_PARMS_Print(&source->symDetail, indent); + break; +#endif +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + printf("%*s" "TPMU_PUBLIC_PARMS rsaDetail\n", indent, ""); + TSS_TPMS_RSA_PARMS_Print(&source->rsaDetail, indent); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + printf("%*s" "TPMU_PUBLIC_PARMS eccDetail\n", indent, ""); + TSS_TPMS_ECC_PARMS_Print(&source->eccDetail, indent); + break; +#endif + default: + printf("%*s" "TPMU_PUBLIC_PARMS: selector %04x not implemented\n", indent, "", selector); + } + return; +} + +/* Table 193 - Definition of TPMT_PUBLIC_PARMS Structure */ + +void TSS_TPMT_PUBLIC_PARMS_Print(TPMT_PUBLIC_PARMS *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("type", source->type, indent); + TSS_TPMU_PUBLIC_PARMS_Print(&source->parameters, source->type, indent); + return; +} +/* Table 194 - Definition of TPMT_PUBLIC Structure */ + +void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent) +{ + TSS_TPMI_ALG_PUBLIC_Print("type", source->type, indent); + TSS_TPM_ALG_ID_Print("nameAlg", source->nameAlg, indent); + TSS_TPMA_OBJECT_Print("objectAttributes", source->objectAttributes, indent); + TSS_TPM2B_Print("authPolicy", indent, &source->authPolicy.b); + TSS_TPMU_PUBLIC_PARMS_Print(&source->parameters, source->type, indent); + TSS_TPMU_PUBLIC_ID_Print(&source->unique, source->type, indent); + return; +} + +/* Table 195 - Definition of TPM2B_PUBLIC Structure */ + +void TSS_TPM2B_PUBLIC_Print(const char *string, TPM2B_PUBLIC *source, unsigned int indent) +{ + printf("%*s" "%s\n", indent, "", string); + TSS_TPMT_PUBLIC_Print(&source->publicArea, indent+2); + return; +} + +/* Table 198 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ + +void TSS_TPMU_SENSITIVE_COMPOSITE_Print(TPMU_SENSITIVE_COMPOSITE *source, uint32_t selector, unsigned int indent) +{ + switch (selector) { +#ifdef TPM_ALG_RSA + case TPM_ALG_RSA: + TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE rsa", indent+2, &source->rsa.b); + break; +#endif +#ifdef TPM_ALG_ECC + case TPM_ALG_ECC: + TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE ecc", indent+2, &source->ecc.b); + break; +#endif +#ifdef TPM_ALG_KEYEDHASH + case TPM_ALG_KEYEDHASH: + TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE bits", indent+2, &source->bits.b); + break; +#endif +#ifdef TPM_ALG_SYMCIPHER + case TPM_ALG_SYMCIPHER: + TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE sym", indent+2, &source->sym.b); + break; +#endif + default: + printf("%*s" "TPMU_SENSITIVE_COMPOSITE: selection %08x not implemented \n", indent+2, "", selector); + } + return; +} + +/* Table 199 - Definition of TPMT_SENSITIVE Structure */ + +void TSS_TPMT_SENSITIVE_Print(TPMT_SENSITIVE *source, unsigned int indent) +{ + TSS_TPM_ALG_ID_Print("sensitiveType", source->sensitiveType, indent+2); + TSS_TPM2B_Print("TPMT_SENSITIVE authValue", indent+2, &source->authValue.b); + TSS_TPM2B_Print("TPMT_SENSITIVE seedValue", indent+2, &source->seedValue.b); + TSS_TPMU_SENSITIVE_COMPOSITE_Print(&source->sensitive, source->sensitiveType, indent+2); + return; +} + +/* Table 200 - Definition of TPM2B_SENSITIVE Structure */ + +void TSS_TPM2B_SENSITIVE_Print(TPM2B_SENSITIVE *source, unsigned int indent) +{ + printf("%*s" "TPM2B_SENSITIVE size %u\n", indent+2, "", source->t.size); + if (source->t.size != 0) { + TSS_TPMT_SENSITIVE_Print(&source->t.sensitiveArea, indent+2); + } + return; +} + +/* Table 207 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */ + +void TSS_TPMS_NV_PIN_COUNTER_PARAMETERS_Print(TPMS_NV_PIN_COUNTER_PARAMETERS *source, unsigned int indent) +{ + printf("%*s" "pinCount %u\n", indent+2, "", source->pinCount); + printf("%*s" "pinLimit %u\n", indent+2, "", source->pinLimit); + return; +} + +/* Table 208 - Definition of (UINT32) TPMA_NV Bits */ + +void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent) +{ + uint32_t nvType; + + if (source.val & TPMA_NVA_PPWRITE) printf("%*s" "TPMA_NV_PPWRITE\n", indent, ""); + if (source.val & TPMA_NVA_OWNERWRITE) printf("%*s" "TPMA_NV_OWNERWRITE\n", indent, ""); + if (source.val & TPMA_NVA_AUTHWRITE) printf("%*s" "TPMA_NV_AUTHWRITE\n", indent, ""); + if (source.val & TPMA_NVA_POLICYWRITE) printf("%*s" "TPMA_NV_POLICYWRITE\n", indent, ""); + + nvType = (source.val & TPMA_NVA_TPM_NT_MASK) >> 4; + switch (nvType) { + case TPM_NT_ORDINARY: + printf("%*s" "TPM_NT_ORDINARY\n", indent, ""); + break; + case TPM_NT_COUNTER: + printf("%*s" "TPM_NT_COUNTER\n", indent, ""); + break; + case TPM_NT_BITS: + printf("%*s" "TPM_NT_COUNTER\n", indent, ""); + break; + case TPM_NT_EXTEND: + printf("%*s" "TPM_NT_EXTEND\n", indent, ""); + break; + case TPM_NT_PIN_FAIL: + printf("%*s" "TPM_NT_PIN_FAIL\n", indent, ""); + break; + case TPM_NT_PIN_PASS: + printf("%*s" "TPM_NT_PIN_PASS\n", indent, ""); + break; + default: + printf("%*s" "TPMA_NV type %02x unknown\n", indent, "", nvType); + } + + if (source.val & TPMA_NVA_POLICY_DELETE) printf("%*s" "TPMA_NV_POLICY_DELETE\n", indent, ""); + if (source.val & TPMA_NVA_WRITELOCKED) printf("%*s" "TPMA_NV_WRITELOCKED\n", indent, ""); + if (source.val & TPMA_NVA_WRITEALL) printf("%*s" "TPMA_NV_WRITEALL\n", indent, ""); + if (source.val & TPMA_NVA_WRITEDEFINE) printf("%*s" "TPMA_NV_WRITEDEFINE\n", indent, ""); + if (source.val & TPMA_NVA_WRITE_STCLEAR) printf("%*s" "TPMA_NV_WRITE_STCLEAR\n", indent, ""); + if (source.val & TPMA_NVA_GLOBALLOCK) printf("%*s" "TPMA_NV_GLOBALLOCK\n", indent, ""); + if (source.val & TPMA_NVA_PPREAD) printf("%*s" "TPMA_NV_PPREAD\n", indent, ""); + if (source.val & TPMA_NVA_OWNERREAD) printf("%*s" "TPMA_NV_OWNERREAD\n", indent, ""); + if (source.val & TPMA_NVA_AUTHREAD) printf("%*s" "TPMA_NV_AUTHREAD\n", indent, ""); + if (source.val & TPMA_NVA_POLICYREAD) printf("%*s" "TPMA_NV_POLICYREAD\n", indent, ""); + if (source.val & TPMA_NVA_NO_DA) printf("%*s" "TPMA_NV_NO_DA\n", indent, ""); + if (source.val & TPMA_NVA_ORDERLY) printf("%*s" "TPMA_NV_ORDERLY\n", indent, ""); + if (source.val & TPMA_NVA_CLEAR_STCLEAR) printf("%*s" "TPMA_NV_CLEAR_STCLEAR\n", indent, ""); + if (source.val & TPMA_NVA_READLOCKED) printf("%*s" "TPMA_NV_READLOCKED\n", indent, ""); + if (source.val & TPMA_NVA_WRITTEN) printf("%*s" "TPMA_NV_WRITTEN\n", indent, ""); + if (source.val & TPMA_NVA_PLATFORMCREATE) printf("%*s" "TPMA_NV_PLATFORMCREATE\n", indent, ""); + if (source.val & TPMA_NVA_READ_STCLEAR) printf("%*s" "TPMA_NV_READ_STCLEAR\n", indent, ""); + return; +} + +/* Table 209 - Definition of TPMS_NV_PUBLIC Structure */ + +void TSS_TPMS_NV_PUBLIC_Print(TPMS_NV_PUBLIC *source, unsigned int indent) +{ + printf("%*s" "TPMS_NV_PUBLIC nvIndex %08x\n", indent+2, "", source->nvIndex); + TSS_TPM_ALG_ID_Print("nameAlg", source->nameAlg, indent+2); + TSS_TPMA_NV_Print(source->attributes, indent+2); + TSS_TPM2B_Print("TPMS_NV_PUBLIC authPolicy", indent+2, &source->authPolicy.b); + printf("%*s" "TPMS_NV_PUBLIC dataSize %u\n", indent+2, "", source->dataSize); + return; +} + +/* Table 210 - Definition of TPM2B_NV_PUBLIC Structure */ + +void TSS_TPM2B_NV_PUBLIC_Print(TPM2B_NV_PUBLIC *source, unsigned int indent) +{ + TSS_TPMS_NV_PUBLIC_Print(&source->nvPublic, indent+2); + return; +} + +/* Table 212 - Definition of TPMS_CONTEXT_DATA Structure */ + +void TSS_TPMS_CONTEXT_DATA_Print(TPMS_CONTEXT_DATA *source, unsigned int indent) +{ + TSS_TPM2B_Print("TPMS_CONTEXT_DATA integrity", indent+2, &source->integrity.b); + TSS_TPM2B_Print("TPMS_CONTEXT_DATA encrypted", indent+2, &source->encrypted.b); + return; +} + +/* Table 214 - Definition of TPMS_CONTEXT Structure */ + +void TSS_TPMS_CONTEXT_Print(TPMS_CONTEXT *source, unsigned int indent) +{ + printf("%*s" "TPMS_CONTEXT sequence %"PRIu64"\n", indent+2, "", source->sequence); + TSS_TPM_HANDLE_Print("savedHandle", source->savedHandle, indent+2); + TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent+2); + TSS_TPM2B_Print("TPMS_CONTEXT contextBlob", indent+2, &source->contextBlob.b); + return; +} + +/* Table 216 - Definition of TPMS_CREATION_DATA Structure */ + +void TSS_TPMS_CREATION_DATA_Print(TPMS_CREATION_DATA *source, unsigned int indent) +{ + TSS_TPML_PCR_SELECTION_Print(&source->pcrSelect, indent+2); + TSS_TPM2B_Print("TPMS_CREATION_DATA pcrDigest", indent+2, &source->pcrDigest.b); + TSS_TPMA_LOCALITY_Print(source->locality, indent+2); + TSS_TPM_ALG_ID_Print("parentNameAlg", source->parentNameAlg, indent+2); + TSS_TPM2B_Print("TPMS_CREATION_DATA parentName", indent+2, &source->parentName.b); + TSS_TPM2B_Print("TPMS_CREATION_DATA parentQualifiedName", indent+2, &source->parentQualifiedName.b); + TSS_TPM2B_Print("TPMS_CREATION_DATA outsideInfo", indent+2, &source->outsideInfo.b); +return; +} + +/* Table 217 - Definition of TPM2B_CREATION_DATA Structure */ + +void TSS_TPM2B_CREATION_DATA_Print(TPM2B_CREATION_DATA *source, unsigned int indent) +{ + printf("%*s" "TPM2B_CREATION_DATA size %u\n", indent+2, "", source->size); + TSS_TPMS_CREATION_DATA_Print(&source->creationData, indent+2); + return; +} + +#endif /* TPM_TPM20 */ + +#endif /* TPM_TSS_NO_PRINT */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tssprintcmd.c b/libstb/tss2/ibmtpm20tss/utils/tssprintcmd.c new file mode 100644 index 000000000000..45da7e166639 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssprintcmd.c @@ -0,0 +1,920 @@ +/********************************************************************************/ +/* */ +/* Command Print Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2018 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include + +#include + +void ActivateCredential_In_Print(ActivateCredential_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ActivateCredential\n", indent, ""); + TSS_TPM_HANDLE_Print("activateHandle", in->activateHandle, indent); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("credentialBlob", indent, &in->credentialBlob.b); + TSS_TPM2B_Print("TPM2B_ENCRYPTED_SECRET secret", indent, &in->secret.b); + return; +} +void CertifyCreation_In_Print(CertifyCreation_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_CertifyCreation\n", indent, ""); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + TSS_TPM2B_Print("creationHash", indent, &in->creationHash.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + printf("%*s" "creationTicket\n", indent, ""); + TSS_TPMT_TK_CREATION_Print(&in->creationTicket, indent+2); + return; +} +void Certify_In_Print(Certify_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Certify\n", indent, ""); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + return; +} +void CertifyX509_In_Print(CertifyX509_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_CertifyX509\n", indent, ""); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_Print("reserved", indent, &in->reserved.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + TSS_TPM2B_Print("partialCertificate", indent, &in->partialCertificate.b); + return; +} +void ChangeEPS_In_Print(ChangeEPS_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ChangeEPS\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + return; +} +void ChangePPS_In_Print(ChangePPS_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ChangePPS\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + return; +} +void ClearControl_In_Print(ClearControl_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ClearControl\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + TSS_TPMI_YES_NO_Print("disable", in->disable, indent); + return; +} +void Clear_In_Print(Clear_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Clear\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + return; +} +void ClockRateAdjust_In_Print(ClockRateAdjust_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ClockRateAdjust\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + TSS_TPM_CLOCK_ADJUST_Print("rateAdjust", in->rateAdjust, indent); + return; +} +void ClockSet_In_Print(ClockSet_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ClockSet\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + printf("%*s" "newTime %"PRIu64"\n", indent, "", in->newTime); + return; +} +void Commit_In_Print(Commit_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Commit\n", indent, ""); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_ECC_POINT_Print("P1", &in->P1, indent); + TSS_TPM2B_Print("s2", indent, &in->s2.b); + TSS_TPM2B_Print("y2", indent, &in->y2.b); + return; +} +void ContextLoad_In_Print(ContextLoad_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ContextLoad\n", indent, ""); + TSS_TPMS_CONTEXT_Print(&in->context, indent); + return; +} +void ContextSave_In_Print(ContextSave_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ContextSave\n", indent, ""); + TSS_TPM_HANDLE_Print("saveHandle", in->saveHandle, indent); + return; +} +void Create_In_Print(Create_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Create\n", indent, ""); + TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent); + TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent); + TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent); + TSS_TPM2B_Print("outsideInfo", indent, &in->outsideInfo.b); + TSS_TPML_PCR_SELECTION_Print(&in->creationPCR, indent); + return; +} +void CreateLoaded_In_Print(CreateLoaded_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_CreateLoaded\n", indent, ""); + TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent); + TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent); + TSS_TPM2B_Print("inPublic", indent, &in->inPublic.b); + return; +} +void CreatePrimary_In_Print(CreatePrimary_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_CreatePrimary\n", indent, ""); + TSS_TPM_HANDLE_Print("primaryHandle", in->primaryHandle, indent); + TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent); + TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent); + TSS_TPM2B_Print("outsideInfo", indent, &in->outsideInfo.b); + TSS_TPML_PCR_SELECTION_Print(&in->creationPCR, indent); + return; +} +void DictionaryAttackLockReset_In_Print(DictionaryAttackLockReset_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_DictionaryAttackLockReset\n", indent, ""); + TSS_TPM_HANDLE_Print("lockHandle", in->lockHandle, indent); + return; +} +void DictionaryAttackParameters_In_Print(DictionaryAttackParameters_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_DictionaryAttackParameters\n", indent, ""); + TSS_TPM_HANDLE_Print("lockHandle", in->lockHandle, indent); + printf("%*s" "newMaxTries %u\n", indent, "", in->newMaxTries); + printf("%*s" "newRecoveryTime %u\n", indent, "", in->newRecoveryTime); + printf("%*s" "lockoutRecovery %u\n", indent, "", in->lockoutRecovery); + return; +} +void Duplicate_In_Print(Duplicate_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Duplicate\n", indent, ""); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM_HANDLE_Print("newParentHandle", in->newParentHandle, indent); + TSS_TPM2B_Print("encryptionKeyIn", indent, &in->encryptionKeyIn.b); + printf("%*s" "symmetricAlg\n", indent, ""); + TSS_TPMT_SYM_DEF_OBJECT_Print(&in->symmetricAlg, indent); + return; +} +void ECC_Parameters_In_Print(ECC_Parameters_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ECC_Parameters\n", indent, ""); + TSS_TPMI_ECC_CURVE_Print("curveID", in->curveID, indent); + return; +} +void ECDH_KeyGen_In_Print(ECDH_KeyGen_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ECDH_KeyGen\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + return; +} +void ECDH_ZGen_In_Print(ECDH_ZGen_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ECDH_ZGen\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_ECC_POINT_Print("inPoint", &in->inPoint, indent); + return; +} +void EC_Ephemeral_In_Print(EC_Ephemeral_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_EC_Ephemeral\n", indent, ""); + TSS_TPMI_ECC_CURVE_Print("curveID", in->curveID, indent); + return; +} +void EncryptDecrypt_In_Print(EncryptDecrypt_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_EncryptDecrypt\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPMI_YES_NO_Print("decrypt", in->decrypt, indent); + TSS_TPM_ALG_ID_Print("mode", in->mode, indent); + TSS_TPM2B_Print("ivIn", indent, &in->ivIn.b); + TSS_TPM2B_Print("inData", indent, &in->inData.b); + return; +} +void EncryptDecrypt2_In_Print(EncryptDecrypt2_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_EncryptDecrypt2\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("inData", indent, &in->inData.b); + TSS_TPMI_YES_NO_Print("decrypt", in->decrypt, indent); + TSS_TPM_ALG_ID_Print("mode", in->mode, indent); + TSS_TPM2B_Print("ivIn", indent, &in->ivIn.b); + return; +} +void EventSequenceComplete_In_Print(EventSequenceComplete_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_EventSequenceComplete\n", indent, ""); + TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent); + TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent); + TSS_TPM2B_Print("buffer", indent, &in->buffer.b); + return; +} +void EvictControl_In_Print(EvictControl_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_EvictControl\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM_HANDLE_Print("persistentHandle", in->persistentHandle, indent); + return; +} +void FlushContext_In_Print(FlushContext_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_FlushContext\n", indent, ""); + TSS_TPM_HANDLE_Print("flushHandle", in->flushHandle, indent); + return; +} +void GetCapability_In_Print(GetCapability_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_GetCapability\n", indent, ""); + TSS_TPM_CAP_Print("capability", in->capability, indent); + printf("%*s" "property %08x\n", indent, "", in->property); + printf("%*s" "propertyCount %u\n", indent, "", in->propertyCount); + return; +} +void GetCommandAuditDigest_In_Print(GetCommandAuditDigest_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_GetCommandAuditDigest\n", indent, ""); + TSS_TPM_HANDLE_Print("privacyHandle", in->privacyHandle, indent); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + return; +} +void GetRandom_In_Print(GetRandom_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_GetRandom\n", indent, ""); + printf("%*s" "bytesRequested %u\n", indent, "", in->bytesRequested); + return; +} +void GetSessionAuditDigest_In_Print(GetSessionAuditDigest_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_GetSessionAuditDigest\n", indent, ""); + TSS_TPM_HANDLE_Print("privacyAdminHandle", in->privacyAdminHandle, indent); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM_HANDLE_Print("sessionHandle", in->sessionHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + return; +} +void GetTime_In_Print(GetTime_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_GetTime\n", indent, ""); + TSS_TPM_HANDLE_Print("privacyAdminHandle", in->privacyAdminHandle, indent); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + return; +} +void HMAC_Start_In_Print(HMAC_Start_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_HMAC_Start\n", indent, ""); + TSS_TPM_HANDLE_Print("handle", in->handle, indent); + TSS_TPM2B_Print("auth", indent, &in->auth.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + return; +} +void HMAC_In_Print(HMAC_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_HMAC\n", indent, ""); + TSS_TPM_HANDLE_Print("handle", in->handle, indent); + TSS_TPM2B_Print("buffer", indent, &in->buffer.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + return; +} +void HashSequenceStart_In_Print(HashSequenceStart_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_HashSequenceStart\n", indent, ""); + TSS_TPM2B_Print("auth", indent, &in->auth.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + return; +} +void Hash_In_Print(Hash_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Hash\n", indent, ""); + TSS_TPM2B_Print("data", indent, &in->data.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent); + return; +} +void HierarchyChangeAuth_In_Print(HierarchyChangeAuth_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_HierarchyChangeAuth\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b); + return; +} +void HierarchyControl_In_Print(HierarchyControl_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_HierarchyControl\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("enable", in->enable, indent); + TSS_TPMI_YES_NO_Print("state", in->state, indent); + return; +} +void Import_In_Print(Import_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Import\n", indent, ""); + TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent); + TSS_TPM2B_Print("encryptionKey", indent, &in->encryptionKey.b); + TSS_TPM2B_PUBLIC_Print("objectPublic", &in->objectPublic, indent); + TSS_TPM2B_Print("duplicate", indent, &in->duplicate.b); + TSS_TPM2B_Print("inSymSeed", indent, &in->inSymSeed.b); + printf("%*s" "symmetricAlg\n", indent, ""); + TSS_TPMT_SYM_DEF_OBJECT_Print(&in->symmetricAlg, indent); + return; +} +void IncrementalSelfTest_In_Print(IncrementalSelfTest_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_IncrementalSelfTest\n", indent, ""); + TSS_TPML_ALG_Print(&in->toTest, indent); + return; +} +void LoadExternal_In_Print(LoadExternal_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_LoadExternal\n", indent, ""); + if (in->inPrivate.t.size != 0) { /* if there is a private area */ + TSS_TPMT_SENSITIVE_Print(&in->inPrivate.t.sensitiveArea, indent); + } + TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent); + TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent); + return; +} +void Load_In_Print(Load_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Load\n", indent, ""); + TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent); + TSS_TPM2B_Print("inPrivate", indent, &in->inPrivate.b); + TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent); + return; +} +void MakeCredential_In_Print(MakeCredential_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_MakeCredential\n", indent, ""); + TSS_TPM_HANDLE_Print("handle", in->handle, indent); + TSS_TPM2B_Print("credential", indent, &in->credential.b); + TSS_TPM2B_Print("objectName", indent, &in->objectName.b); + return; +} +#if 0 +void NTC2_PreConfig_In_Print(NTC2_PreConfig_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NTC2_PreConfig\n", indent, ""); + NTC2_CFG_STRUCT preConfig; + return; +} +#endif +void NV_Certify_In_Print(NV_Certify_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_Certify\n", indent, ""); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + printf("%*s" "size %u\n", indent, "", in->size); + printf("%*s" "offset %u\n", indent, "", in->offset); + return; +} +void NV_ChangeAuth_In_Print(NV_ChangeAuth_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_ChangeAuth\n", indent, ""); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b); + return; +} +void NV_DefineSpace_In_Print(NV_DefineSpace_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_DefineSpace\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM2B_Print("auth", indent, &in->auth.b); + printf("%*s" "publicInfo\n", indent, ""); + TSS_TPM2B_NV_PUBLIC_Print(&in->publicInfo, indent); + return; +} +void NV_Extend_In_Print(NV_Extend_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_Extend\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM2B_Print("data", indent, &in->data.b); + return; +} +void NV_GlobalWriteLock_In_Print(NV_GlobalWriteLock_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_GlobalWriteLock\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + return; +} +void NV_Increment_In_Print(NV_Increment_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_Increment\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + return; +} +void NV_ReadLock_In_Print(NV_ReadLock_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_ReadLock\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + return; +} +void NV_ReadPublic_In_Print(NV_ReadPublic_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_ReadPublic\n", indent, ""); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + return; +} +void NV_Read_In_Print(NV_Read_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_Read\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + printf("%*s" "size %u\n", indent, "", in->size); + printf("%*s" "offset %u\n", indent, "", in->offset); + return; +} +void NV_SetBits_In_Print(NV_SetBits_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_SetBits\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + printf("%*s" "bits %"PRIx64"\n", indent, "", in->bits); + return; +} +void NV_UndefineSpaceSpecial_In_Print(NV_UndefineSpaceSpecial_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_UndefineSpaceSpecial\n", indent, ""); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM_HANDLE_Print("platform", in->platform, indent); + return; +} +void NV_UndefineSpace_In_Print(NV_UndefineSpace_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_UndefineSpace\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + return; +} +void NV_WriteLock_In_Print(NV_WriteLock_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_WriteLock\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + return; +} +void NV_Write_In_Print(NV_Write_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_NV_Write\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM2B_Print("data", indent, &in->data.b); + printf("%*s" "offset %u\n", indent, "", in->offset); + return; +} +void ObjectChangeAuth_In_Print(ObjectChangeAuth_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ObjectChangeAuth\n", indent, ""); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent); + TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b); + return; +} +void PCR_Allocate_In_Print(PCR_Allocate_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_Allocate\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPML_PCR_SELECTION_Print(&in->pcrAllocation, indent); + return; +} +void PCR_Event_In_Print(PCR_Event_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_Event\n", indent, ""); + TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent); + TSS_TPM2B_Print("eventData", indent, &in->eventData.b); + return; +} +void PCR_Extend_In_Print(PCR_Extend_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_Extend\n", indent, ""); + TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent); + TSS_TPML_DIGEST_VALUES_Print(&in->digests, indent); + return; +} +void PCR_Read_In_Print(PCR_Read_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_Read\n", indent, ""); + TSS_TPML_PCR_SELECTION_Print(&in->pcrSelectionIn, indent); + return; +} +void PCR_Reset_In_Print(PCR_Reset_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_Reset\n", indent, ""); + TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent); + return; +} +void PCR_SetAuthPolicy_In_Print(PCR_SetAuthPolicy_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_SetAuthPolicy\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM2B_Print("authPolicy", indent, &in->authPolicy.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + TSS_TPM_HANDLE_Print("pcrNum", in->pcrNum, indent); + return; +} +void PCR_SetAuthValue_In_Print(PCR_SetAuthValue_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PCR_SetAuthValue\n", indent, ""); + TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent); + TSS_TPM2B_Print("auth", indent, &in->auth.b); + return; +} +void PP_Commands_In_Print(PP_Commands_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PP_Commands\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + TSS_TPML_CC_Print(&in->setList, indent); + TSS_TPML_CC_Print(&in->clearList, indent); + return; +} +void PolicyAuthValue_In_Print(PolicyAuthValue_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyAuthValue\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + return; +} +void PolicyAuthorizeNV_In_Print(PolicyAuthorizeNV_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyAuthorizeNV\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + return; +} +void PolicyAuthorize_In_Print(PolicyAuthorize_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyAuthorize\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("approvedPolicy", indent, &in->approvedPolicy.b); + TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b); + TSS_TPM2B_Print("keySign", indent, &in->keySign.b); + printf("%*s" "checkTicket\n", indent, ""); + TSS_TPMT_TK_VERIFIED_Print(&in->checkTicket, indent+2); + return; +} +void PolicyCommandCode_In_Print(PolicyCommandCode_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyCommandCode\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM_CC_Print("code", in->code, indent); + return; +} +void PolicyCounterTimer_In_Print(PolicyCounterTimer_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyCounterTimer\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("operandB", indent, &in->operandB.b); + printf("%*s" "offset %u\n", indent, "", in->offset); + TSS_TPM_EO_Print("operation", in->operation, indent); + return; +} +void PolicyCpHash_In_Print(PolicyCpHash_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyCpHash\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b); + return; +} +void PolicyDuplicationSelect_In_Print(PolicyDuplicationSelect_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyDuplicationSelect\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("objectName", indent, &in->objectName.b); + TSS_TPM2B_Print("newParentName", indent, &in->newParentName.b); + TSS_TPMI_YES_NO_Print("includeObject", in->includeObject, indent); + return; +} +void PolicyGetDigest_In_Print(PolicyGetDigest_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyGetDigest\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + return; +} +void PolicyLocality_In_Print(PolicyLocality_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyLocality\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPMA_LOCALITY_Print(in->locality, indent); + return; +} +void PolicyNV_In_Print(PolicyNV_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyNV\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("operandB", indent, &in->operandB.b); + printf("%*s" "offset %u\n", indent, "", in->offset); + TSS_TPM_EO_Print("operation", in->operation, indent); + return; +} +void PolicyNameHash_In_Print(PolicyNameHash_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyNameHash\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("nameHash", indent, &in->nameHash.b); + return; +} +void PolicyNvWritten_In_Print(PolicyNvWritten_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyNvWritten\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPMI_YES_NO_Print("writtenSet", in->writtenSet, indent); + return; +} +void PolicyOR_In_Print(PolicyOR_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyOR\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + printf("%*s" "pHashList\n", indent, ""); + TSS_TPML_DIGEST_Print(&in->pHashList, indent+2); + return; +} +void PolicyPCR_In_Print(PolicyPCR_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyPCR\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("pcrDigest", indent, &in->pcrDigest.b); + TSS_TPML_PCR_SELECTION_Print(&in->pcrs, indent); + return; +} +void PolicyPassword_In_Print(PolicyPassword_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyPassword\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + return; +} +void PolicyPhysicalPresence_In_Print(PolicyPhysicalPresence_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyPhysicalPresence\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + return; +} +void PolicyRestart_In_Print(PolicyRestart_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyRestart\n", indent, ""); + TSS_TPM_HANDLE_Print("sessionHandle", in->sessionHandle, indent); + return; +} +void PolicySecret_In_Print(PolicySecret_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicySecret\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("nonceTPM", indent, &in->nonceTPM.b); + TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b); + TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b); + printf("%*s" "expiration %d\n", indent, "", in->expiration); + return; +} +void PolicySigned_In_Print(PolicySigned_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicySigned\n", indent, ""); + TSS_TPM_HANDLE_Print("authObject", in->authObject, indent); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("nonceTPM", indent, &in->nonceTPM.b); + TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b); + TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b); + printf("%*s" "expiration %d\n", indent, "", in->expiration); + printf("%*s" "auth\n", indent, ""); + TSS_TPMT_SIGNATURE_Print(&in->auth, indent+2); + return; +} +void PolicyTemplate_In_Print(PolicyTemplate_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyTemplate\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("templateHash", indent, &in->templateHash.b); + return; +} +void PolicyTicket_In_Print(PolicyTicket_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_PolicyTicket\n", indent, ""); + TSS_TPM_HANDLE_Print("policySession", in->policySession, indent); + TSS_TPM2B_Print("timeout", indent, &in->timeout.b); + TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b); + TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b); + TSS_TPM2B_Print("authName", indent, &in->authName.b); + printf("%*s" "ticket\n", indent, ""); + TSS_TPMT_TK_AUTH_Print(&in->ticket, indent+2); + return; +} +void Quote_In_Print(Quote_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Quote\n", indent, ""); + TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent); + TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + TSS_TPML_PCR_SELECTION_Print(&in->PCRselect, indent); + return; +} +void RSA_Decrypt_In_Print(RSA_Decrypt_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_RSA_Decrypt\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("cipherText", indent, &in->cipherText.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_RSA_DECRYPT_Print(&in->inScheme, indent); + TSS_TPM2B_Print("label", indent, &in->label.b); + return; +} +void RSA_Encrypt_In_Print(RSA_Encrypt_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_RSA_Encrypt\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("message", indent, &in->message.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_RSA_DECRYPT_Print(&in->inScheme, indent); + TSS_TPM2B_Print("label", indent, &in->label.b); + return; +} +void ReadPublic_In_Print(ReadPublic_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ReadPublic\n", indent, ""); + TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent); + return; +} +void Rewrap_In_Print(Rewrap_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Rewrap\n", indent, ""); + TSS_TPM_HANDLE_Print("oldParent", in->oldParent, indent); + TSS_TPM_HANDLE_Print("newParent", in->newParent, indent); + TSS_TPM2B_Print("inDuplicate", indent, &in->inDuplicate.b); + TSS_TPM2B_Print("name", indent, &in->name.b); + TSS_TPM2B_Print("inSymSeed", indent, &in->inSymSeed.b); + return; +} +void SelfTest_In_Print(SelfTest_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SelfTest\n", indent, ""); + TSS_TPMI_YES_NO_Print("fullTest", in->fullTest, indent); + return; +} +void SequenceComplete_In_Print(SequenceComplete_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SequenceComplete\n", indent, ""); + TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent); + TSS_TPM2B_Print("buffer", indent, &in->buffer.b); + TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent); + return; +} +void SequenceUpdate_In_Print(SequenceUpdate_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SequenceUpdate\n", indent, ""); + TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent); + TSS_TPM2B_Print("buffer", indent, &in->buffer.b); + return; +} +void SetAlgorithmSet_In_Print(SetAlgorithmSet_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SetAlgorithmSet\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + printf("%*s" "algorithmSet %08x\n", indent, "", in->algorithmSet); + return; +} +void SetCommandCodeAuditStatus_In_Print(SetCommandCodeAuditStatus_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SetCommandCodeAuditStatus\n", indent, ""); + TSS_TPM_HANDLE_Print("auth", in->auth, indent); + TSS_TPM_ALG_ID_Print("auditAlg", in->auditAlg, indent); + TSS_TPML_CC_Print(&in->setList, indent); + TSS_TPML_CC_Print(&in->clearList, indent); + return; +} +void SetPrimaryPolicy_In_Print(SetPrimaryPolicy_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_SetPrimaryPolicy\n", indent, ""); + TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent); + TSS_TPM2B_Print("authPolicy", indent, &in->authPolicy.b); + TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent); + return; +} +void Shutdown_In_Print(Shutdown_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Shutdown\n", indent, ""); + TSS_TPM_SU_Print("shutdownType", in->shutdownType, indent); + return; +} +void Sign_In_Print(Sign_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Sign\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("digest", indent, &in->digest.b); + printf("%*s" "inScheme\n", indent, ""); + TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent); + printf("%*s" "validation\n", indent, ""); + TSS_TPMT_TK_HASHCHECK_Print(&in->validation, indent+2); + return; +} +void StartAuthSession_In_Print(StartAuthSession_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_StartAuthSession\n", indent, ""); + TSS_TPM_HANDLE_Print("tpmKey", in->tpmKey, indent); + TSS_TPM_HANDLE_Print("bind", in->bind, indent); + TSS_TPM2B_Print("nonceCaller", indent, &in->nonceCaller.b); + TSS_TPM2B_Print("encryptedSalt", indent, &in->encryptedSalt.b); + TSS_TPM_SE_Print("sessionType", in->sessionType, indent); + TSS_TPMT_SYM_DEF_Print(&in->symmetric, indent); + TSS_TPM_ALG_ID_Print("authHash", in->authHash, indent); + return; +} +void Startup_In_Print(Startup_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Startup\n", indent, ""); + TSS_TPM_SU_Print("startupType", in->startupType, indent); + return; +} +void StirRandom_In_Print(StirRandom_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_StirRandom\n", indent, ""); + TSS_TPM2B_Print("inData", indent, &in->inData.b); + return; +} +void TestParms_In_Print(TestParms_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_TestParms\n", indent, ""); + TSS_TPMT_PUBLIC_PARMS_Print(&in->parameters, indent); + return; +} +void Unseal_In_Print(Unseal_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_Unseal\n", indent, ""); + TSS_TPM_HANDLE_Print("itemHandle", in->itemHandle, indent); + return; +} +void VerifySignature_In_Print(VerifySignature_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_VerifySignature\n", indent, ""); + TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent); + TSS_TPM2B_Print("digest", indent, &in->digest.b); + printf("%*s" "signature\n", indent, ""); + TSS_TPMT_SIGNATURE_Print(&in->signature, indent); + return; +} +void ZGen_2Phase_In_Print(ZGen_2Phase_In *in, unsigned int indent) +{ + printf("%*s" "TPM2_ZGen_2Phase\n", indent, ""); + TSS_TPM_HANDLE_Print("keyA", in->keyA, indent); + TSS_TPM2B_ECC_POINT_Print("inQsB", &in->inQsB, indent); + TSS_TPM2B_ECC_POINT_Print("inQsB", &in->inQeB, indent); + TSS_TPM_ALG_ID_Print("inScheme", in->inScheme, indent); + printf("%*s" "counter %u\n", indent, "", in->counter); + return; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssproperties.c b/libstb/tss2/ibmtpm20tss/utils/tssproperties.c new file mode 100644 index 000000000000..d80841c25679 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssproperties.c @@ -0,0 +1,535 @@ +/********************************************************************************/ +/* */ +/* TSS Configuration Properties */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include +#include +#include + +#include +#include +#ifndef TPM_TSS_NOCRYPTO +#include +#endif +#include + +#include "tssproperties.h" + +/* For systems where there are no environment variables, GETENV returns NULL. This simulates the + situation when an environment variable is not set, causing the compiled in default to be used. */ +#ifndef TPM_TSS_NOENV +#define GETENV(x) getenv(x) +#else +#define GETENV(x) NULL +#endif + +/* local prototypes */ + +static TPM_RC TSS_SetTraceLevel(const char *value); +static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value); +static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value); + +/* globals for the library */ + +/* tracing is global to avoid passing the context into every function call */ +int tssVerbose = TRUE; /* initial value so TSS_Properties_Init errors emit message */ +int tssVverbose = FALSE; + +/* This is a total hack to ensure that the global verbose flags are only set once. It's used by the + two entry points to the TSS, TSS_Create() and TSS_SetProperty() */ + +int tssFirstCall = TRUE; + +/* defaults for global settings */ + +#ifndef TPM_TRACE_LEVEL_DEFAULT +#define TPM_TRACE_LEVEL_DEFAULT "0" +#endif + +#ifndef TPM_COMMAND_PORT_DEFAULT +#define TPM_COMMAND_PORT_DEFAULT "2321" /* default for MS simulator */ +#endif + +#ifndef TPM_PLATFORM_PORT_DEFAULT +#define TPM_PLATFORM_PORT_DEFAULT "2322" /* default for MS simulator */ +#endif + +#ifndef TPM_SERVER_NAME_DEFAULT +#define TPM_SERVER_NAME_DEFAULT "localhost" /* default to local machine */ +#endif + +#ifndef TPM_SERVER_TYPE_DEFAULT +#define TPM_SERVER_TYPE_DEFAULT "mssim" /* default to MS simulator format */ +#endif + +#ifndef TPM_DATA_DIR_DEFAULT +#define TPM_DATA_DIR_DEFAULT "." /* default to current working directory */ +#endif + +#ifndef TPM_INTERFACE_TYPE_DEFAULT +#ifndef TPM_NOSOCKET +#define TPM_INTERFACE_TYPE_DEFAULT "socsim" /* default to MS simulator interface */ +#else +#define TPM_INTERFACE_TYPE_DEFAULT "dev" /* if no sockets, default to device driver */ +#endif +#endif + +#ifndef TPM_DEVICE_DEFAULT +#ifdef TPM_POSIX +#define TPM_DEVICE_DEFAULT "/dev/tpm0" /* default to Linux device driver */ +#endif +#ifdef TPM_WINDOWS +#define TPM_DEVICE_DEFAULT "tddl.dll" /* default to Windows TPM interface dll */ +#endif +#endif + +#ifndef TPM_ENCRYPT_SESSIONS_DEFAULT +#define TPM_ENCRYPT_SESSIONS_DEFAULT "1" +#endif + +/* TSS_GlobalProperties_Init() sets the global verbose trace flags at the first entry points to the + TSS */ + +TPM_RC TSS_GlobalProperties_Init(void) +{ + TPM_RC rc = 0; + const char *value; + + /* trace level is global, tssContext can be null */ + if (rc == 0) { + value = GETENV("TPM_TRACE_LEVEL"); + rc = TSS_SetTraceLevel(value); + } + return rc; +} + + +/* TSS_Properties_Init() sets the initial TSS_CONTEXT properties based on either the environment + variables (if set) or the defaults (if not). +*/ + +TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; + const char *value; + + if (rc == 0) { + tssContext->tssAuthContext = NULL; + tssContext->tssFirstTransmit = TRUE; /* connection not opened */ + tssContext->tpm12Command = FALSE; +#ifdef TPM_WINDOWS + tssContext->sock_fd = INVALID_SOCKET; +#endif +#ifdef TPM_POSIX +#ifndef TPM_NOSOCKET + tssContext->sock_fd = -1; +#endif /* TPM_NOSOCKET */ + tssContext->dev_fd = -1; +#endif /* TPM_POSIX */ + +#ifdef TPM_SKIBOOT + tssContext->tpm_driver = NULL; + tssContext->tpm_device = NULL; +#endif /* TPM_SKIBOOT */ + +#ifndef TPM_TSS_NOCRYPTO +#ifndef TPM_TSS_NOFILE + tssContext->tssSessionEncKey = NULL; + tssContext->tssSessionDecKey = NULL; +#endif +#endif + } + /* for a minimal TSS with no file support */ +#ifdef TPM_TSS_NOFILE + { + size_t i; + for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { + tssContext->sessions[i].sessionHandle = TPM_RH_NULL; + tssContext->sessions[i].sessionData = NULL; + tssContext->sessions[i].sessionDataLength = 0; + } + for (i = 0 ; i < (sizeof(tssContext->objectPublic) / sizeof(TSS_OBJECT_PUBLIC)) ; i++) { + tssContext->objectPublic[i].objectHandle = TPM_RH_NULL; + } + for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) { + tssContext->nvPublic[i].nvIndex = TPM_RH_NULL; + } + } +#endif + /* data directory */ + if (rc == 0) { + value = GETENV("TPM_DATA_DIR"); + rc = TSS_SetDataDirectory(tssContext, value); + } + /* flag whether session state should be encrypted */ + if (rc == 0) { + value = GETENV("TPM_ENCRYPT_SESSIONS"); + rc = TSS_SetEncryptSessions(tssContext, value); + } + /* TPM socket command port */ + if (rc == 0) { + value = GETENV("TPM_COMMAND_PORT"); + rc = TSS_SetCommandPort(tssContext, value); + } + /* TPM simulator socket platform port */ + if (rc == 0) { + value = GETENV("TPM_PLATFORM_PORT"); + rc = TSS_SetPlatformPort(tssContext, value); + } + /* TPM socket host name */ + if (rc == 0) { + value = GETENV("TPM_SERVER_NAME"); + rc = TSS_SetServerName(tssContext, value); + } + /* TPM socket server type */ + if (rc == 0) { + value = GETENV("TPM_SERVER_TYPE"); + rc = TSS_SetServerType(tssContext, value); + } + /* TPM interface type */ + if (rc == 0) { + value = GETENV("TPM_INTERFACE_TYPE"); + rc = TSS_SetInterfaceType(tssContext, value); + } + /* TPM device within the interface type */ + if (rc == 0) { + value = GETENV("TPM_DEVICE"); + rc = TSS_SetDevice(tssContext, value); + } + return rc; +} + +/* TSS_SetProperty() sets the property to the value. + + The format of the property and value the same as that of the environment variable. + + A NULL value sets the property to the default. +*/ + +TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext, + int property, + const char *value) +{ + TPM_RC rc = 0; + + /* at the first call to the TSS, initialize global variables */ + if (tssFirstCall) { +#ifndef TPM_TSS_NOCRYPTO + /* crypto module initializations */ + if (rc == 0) { + rc = TSS_Crypto_Init(); + } +#endif + if (rc == 0) { + rc = TSS_GlobalProperties_Init(); + } + tssFirstCall = FALSE; + } + if (rc == 0) { + switch (property) { + case TPM_TRACE_LEVEL: + rc = TSS_SetTraceLevel(value); + break; + case TPM_DATA_DIR: + rc = TSS_SetDataDirectory(tssContext, value); + break; + case TPM_COMMAND_PORT: + rc = TSS_SetCommandPort(tssContext, value); + break; + case TPM_PLATFORM_PORT: + rc = TSS_SetPlatformPort(tssContext, value); + break; + case TPM_SERVER_NAME: + rc = TSS_SetServerName(tssContext, value); + break; + case TPM_SERVER_TYPE: + rc = TSS_SetServerType(tssContext, value); + break; + case TPM_INTERFACE_TYPE: + rc = TSS_SetInterfaceType(tssContext, value); + break; + case TPM_DEVICE: + rc = TSS_SetDevice(tssContext, value); + break; + case TPM_ENCRYPT_SESSIONS: + rc = TSS_SetEncryptSessions(tssContext, value); + break; + default: + rc = TSS_RC_BAD_PROPERTY; + } + } + return rc; +} + +/* TSS_SetTraceLevel() sets the trace level. + + 0: no printing + 1: error printing + 2: trace printing +*/ + +static TPM_RC TSS_SetTraceLevel(const char *value) +{ + TPM_RC rc = 0; + int irc = 0; + int level; + + if (rc == 0) { + if (value == NULL) { + value = TPM_TRACE_LEVEL_DEFAULT; + } + } +#if !defined(__ULTRAVISOR__) && !defined(TPM_SKIBOOT) + if (rc == 0) { + irc = sscanf(value, "%u", &level); + if (irc != 1) { + if (tssVerbose) printf("TSS_SetTraceLevel: Error, value invalid\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + /* disable tracing within the ultravisor and skiboot, which doesn't implement sscanf() anyway */ +#else + irc = irc; + level = 0; +#endif + if (rc == 0) { + switch (level) { + case 0: + tssVerbose = FALSE; + tssVverbose = FALSE; + break; + case 1: + tssVerbose = TRUE; + tssVverbose = FALSE; + break; + default: + tssVerbose = TRUE; + tssVverbose = TRUE; + break; + } + } + return rc; +} + +static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (value == NULL) { + value = TPM_DATA_DIR_DEFAULT; + } + } + if (rc == 0) { + tssContext->tssDataDirectory = value; + /* appended to this is 17 characters /cccnnnnnnnn.bin[nul], add a bit of margin for future + prefixes */ + if (strlen(value) > (TPM_DATA_DIR_PATH_LENGTH - 24)) { + if (tssVerbose) printf("TSS_SetDataDirectory: Error, value too long\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } + return rc; +} + +static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + int irc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_COMMAND_PORT_DEFAULT; + } + } +#ifndef TPM_NOSOCKET + if (rc == 0) { + irc = sscanf(value, "%hu", &tssContext->tssCommandPort); + if (irc != 1) { + if (tssVerbose) printf("TSS_SetCommandPort: Error, value invalid\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } +#else + tssContext->tssCommandPort = 0; + irc = irc; +#endif /* TPM_NOSOCKET */ + return rc; +} + +static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + int irc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_PLATFORM_PORT_DEFAULT; + } + } +#ifndef TPM_NOSOCKET + if (rc == 0) { + irc = sscanf(value, "%hu", &tssContext->tssPlatformPort); + if (irc != 1) { + if (tssVerbose) printf("TSS_SetPlatformPort: Error, , value invalid\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } +#else + tssContext->tssPlatformPort = 0; + irc = irc; +#endif /* TPM_NOSOCKET */ + return rc; +} + +static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_SERVER_NAME_DEFAULT; + } + } + if (rc == 0) { + tssContext->tssServerName = value; + } + return rc; +} + +static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_SERVER_TYPE_DEFAULT; + } + } + if (rc == 0) { + tssContext->tssServerType = value; + } + return rc; +} + +static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_INTERFACE_TYPE_DEFAULT; + } + } + if (rc == 0) { + tssContext->tssInterfaceType = value; + } + return rc; +} + +static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + + /* close an open connection before changing property */ + if (rc == 0) { + rc = TSS_Close(tssContext); + } + if (rc == 0) { + if (value == NULL) { + value = TPM_DEVICE_DEFAULT; + } + } + if (rc == 0) { + tssContext->tssDevice = value; + } + return rc; +} + +static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value) +{ + TPM_RC rc = 0; + int irc = 0; + + if (rc == 0) { + if (value == NULL) { + value = TPM_ENCRYPT_SESSIONS_DEFAULT; + } + } +#ifndef TPM_TSS_NOFILE + if (rc == 0) { + irc = sscanf(value, "%u", &tssContext->tssEncryptSessions); + if (irc != 1) { + if (tssVerbose) printf("TSS_SetEncryptSessions: Error, value invalid\n"); + rc = TSS_RC_BAD_PROPERTY_VALUE; + } + } +#else + tssContext->tssEncryptSessions = TRUE; + irc = irc; +#endif /* TPM_TSS_NOFILE */ + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssproperties.h b/libstb/tss2/ibmtpm20tss/utils/tssproperties.h new file mode 100644 index 000000000000..73139be37082 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssproperties.h @@ -0,0 +1,185 @@ +/********************************************************************************/ +/* */ +/* TSS Configuration Properties */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This is an internal TSS file, subject to change. Applications should not include it. */ + +#ifndef TSSPROPERTIES_H +#define TSSPROPERTIES_H + +#include + +#ifdef TPM_WINDOWS + +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#include +#include +#include + +#ifdef TPM_SKIBOOT +#include +#endif /* TPM_SKIBOOT */ + +#ifdef TPM_WINDOWS_TBSI +#include +#endif /* TPM_WINDOWS_TBSI */ + +typedef SOCKET TSS_SOCKET_FD; + +#endif /* TPM_WINDOWS */ + +#ifdef TPM_POSIX +#ifndef TPM_NOSOCKET +typedef int TSS_SOCKET_FD; +#endif /* TPM_NOSOCKET */ +#endif /* TPM_POSIX */ + +/* There doesn't seem to be a portable Unix MAXPATHLEN variable, so pick a large number. The + directory length will be (currently) 17 bytes smaller. */ +#define TPM_DATA_DIR_PATH_LENGTH 256 + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include "tssauth.h" + + /* Structure to hold session data within the context */ + + typedef struct TSS_SESSIONS { + TPMI_SH_AUTH_SESSION sessionHandle; + uint8_t *sessionData; + uint16_t sessionDataLength; + } TSS_SESSIONS; + + /* Structure to hold transient or persistent object data within the context */ + + typedef struct TSS_OBJECT_PUBLIC { + TPM_HANDLE objectHandle; + TPM2B_NAME name; + TPM2B_PUBLIC objectPublic; + } TSS_OBJECT_PUBLIC; + + /* Structure to hold NV index data within the context */ + + typedef struct TSS_NVPUBLIC { + TPMI_RH_NV_INDEX nvIndex; + TPM2B_NAME name; + TPMS_NV_PUBLIC nvPublic; + } TSS_NVPUBLIC; + + /* Context for TSS global parameters. + + NOTE: Keep this in sync with TSS_Properties_Init() and TSS_Delete() */ + + struct TSS_CONTEXT { + + TSS_AUTH_CONTEXT *tssAuthContext; + + /* directory for persistant storage */ + const char *tssDataDirectory; + + /* encrypt saved session state */ + int tssEncryptSessions; + + /* saved session encryption key. This seems to port to openssl 1.0 and 1.1, but will have to + become a malloced void * for other crypto libraries. */ +#ifndef TPM_TSS_NOCRYPTO + void *tssSessionEncKey; + void *tssSessionDecKey; +#endif + /* a minimal TSS with no file support stores the sessions, objects, and NV metadata in a + structure. Scripting will not work, and persistent objects will not work, but a single + application will otherwise work. */ +#ifdef TPM_TSS_NOFILE + TSS_SESSIONS sessions[MAX_ACTIVE_SESSIONS]; + TSS_OBJECT_PUBLIC objectPublic[64]; + TSS_NVPUBLIC nvPublic[64]; +#endif + /* ports, host name, server (packet) type for socket interface */ + short tssCommandPort; + short tssPlatformPort; + const char *tssServerName; + const char *tssServerType; + + /* interface type */ + const char *tssInterfaceType; + + /* device driver interface */ + const char *tssDevice; + + /* TRUE for the first time through, indicates that interface open must occur */ + int tssFirstTransmit; + int tpm12Command; /* TRUE for TPM 1.2 command */ + + /* socket file descriptor */ +#ifndef TPM_NOSOCKET + TSS_SOCKET_FD sock_fd; +#endif /* TPM_NOSOCKET */ + + /* Linux device file descriptor */ +#ifdef TPM_POSIX + int dev_fd; +#endif /* TPM_POSIX */ + + /* Windows device driver handle */ +#ifdef TPM_WINDOWS +#ifdef TPM_WINDOWS_TBSI + TBS_HCONTEXT hContext; +#endif +#endif + +#ifdef TPM_SKIBOOT + struct tpm_dev *tpm_device; + struct tpm_driver *tpm_driver; +#endif /* TPM_SKIBOOT */ + }; + + TPM_RC TSS_GlobalProperties_Init(void); + TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext); + +#ifdef __cplusplus +} +#endif + + + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tssresponsecode.c b/libstb/tss2/ibmtpm20tss/utils/tssresponsecode.c new file mode 100644 index 000000000000..fc974cd389b7 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssresponsecode.c @@ -0,0 +1,587 @@ +/********************************************************************************/ +/* */ +/* TPM2 Response Code Printer */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TPM_TSS_NO_PRINT + +#include +#include + +#ifdef TPM_WINDOWS +#ifdef TPM_WINDOWS_TBSI +#include +#include +#include +#endif /* TPM_WINDOWS_TBSI */ +#endif /* TPM_WINDOWS */ + + +#include +#include +#ifdef TPM_TPM12 +#include +#endif +#include + +/* The intended usage is: + + const char *msg; + const char *submsg; + const char *num; + + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + + printf("%s%s%s\n", msg, submsg, num); +*/ + +/* 39.4 Response Code Details */ + +/* tables to map response code to text */ + +typedef struct { + TPM_RC rc; + const char *text; +} RC_TABLE; + +#ifdef TPM_TPM12 +const RC_TABLE tpm12Table [] = { + + {TPM_AUTHFAIL, "TPM 1.2 TPM_AUTHFAIL - Authentication failed"}, + {TPM_BADINDEX, "TPM 1.2 TPM_BADINDEX - The index to a PCR, DIR or other register is incorrect"}, + {TPM_BAD_PARAMETER, "TPM 1.2 TPM_BAD_PARAMETER - One or more parameter is bad"}, + {TPM_AUDITFAILURE, "TPM 1.2 TPM_AUDITFAILURE - An operation completed successfully but the auditing of that operation failed. "}, + {TPM_CLEAR_DISABLED, "TPM 1.2 TPM_CLEAR_DISABLED - The clear disable flag is set and all clear operations now require physical access"}, + {TPM_DEACTIVATED, "TPM 1.2 TPM_DEACTIVATED - The TPM is deactivated"}, + {TPM_DISABLED, "TPM 1.2 TPM_DISABLED - The TPM is disabled"}, + {TPM_DISABLED_CMD, "TPM 1.2 TPM_DISABLED_CMD - The target command has been disabled"}, + {TPM_FAIL, "TPM 1.2 TPM_FAIL - The operation failed"}, + {TPM_BAD_ORDINAL, "TPM 1.2 TPM_BAD_ORDINAL - The ordinal was unknown or inconsistent"}, + {TPM_INSTALL_DISABLED, "TPM 1.2 TPM_INSTALL_DISABLED - The ability to install an owner is disabled"}, + {TPM_INVALID_KEYHANDLE, "TPM 1.2 TPM_INVALID_KEYHANDLE - The key handle presented was invalid"}, + {TPM_KEYNOTFOUND, "TPM 1.2 TPM_KEYNOTFOUND - The target key was not found"}, + {TPM_INAPPROPRIATE_ENC, "TPM 1.2 TPM_INAPPROPRIATE_ENC - Unacceptable encryption scheme"}, + {TPM_MIGRATEFAIL, "TPM 1.2 TPM_MIGRATEFAIL - Migration authorization failed"}, + {TPM_INVALID_PCR_INFO, "TPM 1.2 TPM_INVALID_PCR_INFO - PCR information could not be interpreted"}, + {TPM_NOSPACE, "TPM 1.2 TPM_NOSPACE - No room to load key. "}, + {TPM_NOSRK, "TPM 1.2 TPM_NOSRK - There is no SRK set"}, + {TPM_NOTSEALED_BLOB, "TPM 1.2 TPM_NOTSEALED_BLOB - An encrypted blob is invalid or was not created by this TPM"}, + {TPM_OWNER_SET, "TPM 1.2 TPM_OWNER_SET - There is already an Owner"}, + {TPM_RESOURCES, "TPM 1.2 TPM_RESOURCES - The TPM has insufficient internal resources to perform the requested action. "}, + {TPM_SHORTRANDOM, "TPM 1.2 TPM_SHORTRANDOM - A random string was too short"}, + {TPM_SIZE, "TPM 1.2 TPM_SIZE - The TPM does not have the space to perform the operation."}, + {TPM_WRONGPCRVAL, "TPM 1.2 TPM_WRONGPCRVAL - The named PCR value does not match the current PCR value."}, + {TPM_BAD_PARAM_SIZE, "TPM 1.2 TPM_BAD_PARAM_SIZE - The paramSize argument to the command has the incorrect value"}, + {TPM_SHA_THREAD, "TPM 1.2 TPM_SHA_THREAD - There is no existing SHA-1 thread. "}, + {TPM_SHA_ERROR, "TPM 1.2 TPM_SHA_ERROR - The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error. "}, + {TPM_FAILEDSELFTEST, "TPM 1.2 TPM_FAILEDSELFTEST - Self-test has failed and the TPM has shutdown. "}, + {TPM_AUTH2FAIL, "TPM 1.2 TPM_AUTH2FAIL - The authorization for the second key in a 2 key function failed authorization"}, + {TPM_BADTAG, "TPM 1.2 TPM_BADTAG - The tag value sent to the TPM for a command is invalid"}, + {TPM_IOERROR, "TPM 1.2 TPM_IOERROR - An IO error occurred transmitting information to the TPM"}, + {TPM_ENCRYPT_ERROR, "TPM 1.2 TPM_ENCRYPT_ERROR - The encryption process had a problem. "}, + {TPM_DECRYPT_ERROR, "TPM 1.2 TPM_DECRYPT_ERROR - The decryption process did not complete. "}, + {TPM_INVALID_AUTHHANDLE, "TPM 1.2 TPM_INVALID_AUTHHANDLE - An invalid handle was used. "}, + {TPM_NO_ENDORSEMENT, "TPM 1.2 TPM_NO_ENDORSEMENT - The TPM does not a EK installed"}, + {TPM_INVALID_KEYUSAGE, "TPM 1.2 TPM_INVALID_KEYUSAGE - The usage of a key is not allowed"}, + {TPM_WRONG_ENTITYTYPE, "TPM 1.2 TPM_WRONG_ENTITYTYPE - The submitted entity type is not allowed"}, + {TPM_INVALID_POSTINIT, "TPM 1.2 TPM_INVALID_POSTINIT - The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup"}, + {TPM_INAPPROPRIATE_SIG, "TPM 1.2 TPM_INAPPROPRIATE_SIG - Signed data cannot include additional DER information"}, + {TPM_BAD_KEY_PROPERTY, "TPM 1.2 TPM_BAD_KEY_PROPERTY - The key properties in TPM_KEY_PARMs are not supported by this TPM"}, + {TPM_BAD_MIGRATION, "TPM 1.2 TPM_BAD_MIGRATION - The migration properties of this key are incorrect."}, + {TPM_BAD_SCHEME, "TPM 1.2 TPM_BAD_SCHEME - The signature or encryption scheme for this key is incorrect or not permitted in this situation. "}, + {TPM_BAD_DATASIZE, "TPM 1.2 TPM_BAD_DATASIZE - The size of the data (or blob) parameter is bad or inconsistent with the referenced key"}, + {TPM_BAD_MODE, "TPM 1.2 TPM_BAD_MODE - A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob. "}, + {TPM_BAD_PRESENCE, "TPM 1.2 TPM_BAD_PRESENCE- Either the physicalPresence or physicalPresenceLock bits have the wrong value"}, + {TPM_BAD_VERSION, "TPM 1.2 TPM_BAD_VERSION - The TPM cannot perform this version of the capability"}, + {TPM_NO_WRAP_TRANSPORT, "TPM 1.2 TPM_NO_WRAP_TRANSPORT - The TPM does not allow for wrapped transport sessions"}, + {TPM_AUDITFAIL_UNSUCCESSFUL, "TPM 1.2 TPM_AUDITFAIL_UNSUCCESSFUL - TPM audit construction failed and the underlying command was returning a failure also"}, + {TPM_AUDITFAIL_SUCCESSFUL, "TPM 1.2 TPM_AUDITFAIL_SUCCESSFUL - TPM audit construction failed and the underlying command was returning success"}, + {TPM_NOTRESETABLE, "TPM 1.2 TPM_NOTRESETABLE - Attempt to reset a PCR register that does not have the resettable attribute"}, + {TPM_NOTLOCAL, "TPM 1.2 TPM_NOTLOCAL - Attempt to reset a PCR register that requires locality and locality modifier not part of command transport"}, + {TPM_BAD_TYPE, "TPM 1.2 TPM_BAD_TYPE - Make identity blob not properly typed"}, + {TPM_INVALID_RESOURCE, "TPM 1.2 TPM_INVALID_RESOURCE - When saving context identified resource type does not match actual resource"}, + {TPM_NOTFIPS, "TPM 1.2 TPM_NOTFIPS - The TPM is attempting to execute a command only available when in FIPS mode"}, + {TPM_INVALID_FAMILY, "TPM 1.2 TPM_INVALID_FAMILY - The command is attempting to use an invalid family ID"}, + {TPM_NO_NV_PERMISSION, "TPM 1.2 TPM_NO_NV_PERMISSION - The permission to manipulate the NV storage is not available"}, + {TPM_REQUIRES_SIGN, "TPM 1.2 TPM_REQUIRES_SIGN - The operation requires a signed command"}, + {TPM_KEY_NOTSUPPORTED, "TPM 1.2 TPM_KEY_NOTSUPPORTED - Wrong operation to load an NV key"}, + {TPM_AUTH_CONFLICT, "TPM 1.2 TPM_AUTH_CONFLICT - NV_DefineSpace requires both owner and blob authorization"}, + {TPM_AREA_LOCKED, "TPM 1.2 TPM_AREA_LOCKED - The NV area is locked and not writable"}, + {TPM_BAD_LOCALITY, "TPM 1.2 TPM_BAD_LOCALITY - The locality is incorrect for the attempted operation"}, + {TPM_READ_ONLY, "TPM 1.2 TPM_READ_ONLY - The NV area is read only and can't be written to "}, + {TPM_PER_NOWRITE, "TPM 1.2 TPM_PER_NOWRITE - There is no protection on the write to the NV area "}, + {TPM_FAMILYCOUNT, "TPM 1.2 TPM_FAMILYCOUNT - The family count value does not match"}, + {TPM_WRITE_LOCKED, "TPM 1.2 TPM_WRITE_LOCKED - The NV area has already been written to"}, + {TPM_BAD_ATTRIBUTES, "TPM 1.2 TPM_BAD_ATTRIBUTES - The NV area attributes conflict"}, + {TPM_INVALID_STRUCTURE, "TPM 1.2 TPM_INVALID_STRUCTURE - The structure tag and version are invalid or inconsistent"}, + {TPM_KEY_OWNER_CONTROL, "TPM 1.2 TPM_KEY_OWNER_CONTROL - The key is under control of the TPM Owner and can only be evicted by the TPM Owner. "}, + {TPM_BAD_COUNTER, "TPM 1.2 TPM_BAD_COUNTER - The counter handle is incorrect"}, + {TPM_NOT_FULLWRITE, "TPM 1.2 TPM_NOT_FULLWRITE - The write is not a complete write of the area"}, + {TPM_CONTEXT_GAP, "TPM 1.2 TPM_CONTEXT_GAP - The gap between saved context counts is too large "}, + {TPM_MAXNVWRITES, "TPM 1.2 TPM_MAXNVWRITES - The maximum number of NV writes without an owner has been exceeded"}, + {TPM_NOOPERATOR, "TPM 1.2 TPM_NOOPERATOR - No operator authorization value is set"}, + {TPM_RESOURCEMISSING, "TPM 1.2 TPM_RESOURCEMISSING - The resource pointed to by context is not loaded "}, + {TPM_DELEGATE_LOCK, "TPM 1.2 TPM_DELEGATE_LOCK - The delegate administration is locked"}, + {TPM_DELEGATE_FAMILY, "TPM 1.2 TPM_DELEGATE_FAMILY - Attempt to manage a family other then the delegated family"}, + {TPM_DELEGATE_ADMIN, "TPM 1.2 TPM_DELEGATE_ADMIN - Delegation table management not enabled"}, + {TPM_TRANSPORT_NOTEXCLUSIVE, "TPM 1.2 TPM_TRANSPORT_NOTEXCLUSIVE - There was a command executed outside of an exclusive transport session"}, + {TPM_OWNER_CONTROL, "TPM 1.2 TPM_OWNER_CONTROL - Attempt to context save a owner evict controlled key"}, + {TPM_DAA_RESOURCES, "TPM 1.2 TPM_DAA_RESOURCES - The DAA command has no resources available to execute the command"}, + {TPM_DAA_INPUT_DATA0, "TPM 1.2 TPM_DAA_INPUT_DATA0 - The consistency check on DAA parameter inputData0 has failed."}, + {TPM_DAA_INPUT_DATA1, "TPM 1.2 TPM_DAA_INPUT_DATA1 - The consistency check on DAA parameter inputData1 has failed."}, + {TPM_DAA_ISSUER_SETTINGS, "TPM 1.2 TPM_DAA_ISSUER_SETTINGS - The consistency check on DAA_issuerSettings has failed."}, + {TPM_DAA_TPM_SETTINGS, "TPM 1.2 TPM_DAA_TPM_SETTINGS - The consistency check on DAA_tpmSpecific has failed."}, + {TPM_DAA_STAGE, "TPM 1.2 TPM_DAA_STAGE - The atomic process indicated by the submitted DAA command is not the expected process."}, + {TPM_DAA_ISSUER_VALIDITY, "TPM 1.2 TPM_DAA_ISSUER_VALIDITY - The issuer's validity check has detected an inconsistency"}, + {TPM_DAA_WRONG_W, "TPM 1.2 TPM_DAA_WRONG_W - The consistency check on w has failed."}, + {TPM_BAD_HANDLE, "TPM 1.2 TPM_BAD_HANDLE - The handle is incorrect"}, + {TPM_BAD_DELEGATE, "TPM 1.2 TPM_BAD_DELEGATE - Delegation is not correct"}, + {TPM_BADCONTEXT, "TPM 1.2 TPM_BADCONTEXT - The context blob is invalid"}, + {TPM_TOOMANYCONTEXTS, "TPM 1.2 TPM_TOOMANYCONTEXTS - Too many contexts held by the TPM"}, + {TPM_MA_TICKET_SIGNATURE, "TPM 1.2 TPM_MA_TICKET_SIGNATURE - Migration authority signature validation failure "}, + {TPM_MA_DESTINATION, "TPM 1.2 TPM_MA_DESTINATION - Migration destination not authenticated"}, + {TPM_MA_SOURCE, "TPM 1.2 TPM_MA_SOURCE - Migration source incorrect"}, + {TPM_MA_AUTHORITY, "TPM 1.2 TPM_MA_AUTHORITY - Incorrect migration authority"}, + {TPM_PERMANENTEK, "TPM 1.2 TPM_PERMANENTEK - Attempt to revoke the EK and the EK is not revocable"}, + {TPM_BAD_SIGNATURE, "TPM 1.2 TPM_BAD_SIGNATURE - Bad signature of CMK ticket "}, + {TPM_NOCONTEXTSPACE, "TPM 1.2 TPM_NOCONTEXTSPACE - There is no room in the context list for additional contexts"}, + {TPM_RETRY, "TPM 1.2 TPM_RETRY - The TPM is too busy to respond to the command immediately, but the command could be submitted at a later time"}, + {TPM_NEEDS_SELFTEST, "TPM 1.2 TPM_NEEDS_SELFTEST - TPM_ContinueSelfTest has has not been run"}, + {TPM_DOING_SELFTEST, "TPM 1.2 TPM_DOING_SELFTEST - The TPM is currently executing the actions of TPM_ContinueSelfTest because the ordinal required resources that have not been tested."}, + {TPM_DEFEND_LOCK_RUNNING, "TPM 1.2 TPM_DEFEND_LOCK_RUNNING - The TPM is defending against dictionary attacks and is in some time-out period."}, + +}; +#endif /* TPM_TPM12 */ + +static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc); +static const char *TSS_ResponseCode_NumberToText(unsigned int num); + +const RC_TABLE ver1Table [] = { + {TPM_RC_INITIALIZE, "TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized"}, + {TPM_RC_FAILURE, "TPM_RC_FAILURE - commands not being accepted because of a TPM failure"}, + {TPM_RC_SEQUENCE, "TPM_RC_SEQUENCE - improper use of a sequence handle"}, + {TPM_RC_PRIVATE, "TPM_RC_PRIVATE - not currently used"}, + {TPM_RC_HMAC, "TPM_RC_HMAC - HMAC failure"}, + {TPM_RC_DISABLED, "TPM_RC_DISABLED - the command is disabled"}, + {TPM_RC_EXCLUSIVE, "TPM_RC_EXCLUSIVE - command failed because audit sequence required exclusivity"}, + {TPM_RC_AUTH_TYPE, "TPM_RC_AUTH_TYPE - authorization handle is not correct for command"}, + {TPM_RC_AUTH_MISSING, "TPM_RC_AUTH_MISSING - command requires an authorization session"}, + {TPM_RC_POLICY, "TPM_RC_POLICY - policy failure in math operation or an invalid authPolicy value"}, + {TPM_RC_PCR, "TPM_RC_PCR - PCR check fail"}, + {TPM_RC_PCR_CHANGED, "TPM_RC_PCR_CHANGED - PCR have changed since checked."}, + {TPM_RC_UPGRADE, "TPM_RC_UPGRADE - TPM is in field upgrade mode"}, + {TPM_RC_TOO_MANY_CONTEXTS, "TPM_RC_TOO_MANY_CONTEXTS - context ID counter is at maximum."}, + {TPM_RC_AUTH_UNAVAILABLE, "TPM_RC_AUTH_UNAVAILABLE - authValue or authPolicy is not available for selected entity."}, + {TPM_RC_REBOOT, "TPM_RC_REBOOT - a _TPM_Init and Startup(CLEAR) is required"}, + {TPM_RC_UNBALANCED, "TPM_RC_UNBALANCED - the protection algorithms (hash and symmetric) are not reasonably balanced"}, + {TPM_RC_COMMAND_SIZE, "TPM_RC_COMMAND_SIZE - command commandSize value is inconsistent with contents of the command buffer"}, + {TPM_RC_COMMAND_CODE, "TPM_RC_COMMAND_CODE - command code not supported"}, + {TPM_RC_AUTHSIZE, "TPM_RC_AUTHSIZE - the value of authorizationSize is out of range"}, + {TPM_RC_AUTH_CONTEXT, "TPM_RC_AUTH_CONTEXT - use of an authorization session with a command that cannot have an authorization session"}, + {TPM_RC_NV_RANGE, "TPM_RC_NV_RANGE - NV offset+size is out of range."}, + {TPM_RC_NV_SIZE, "TPM_RC_NV_SIZE - Requested allocation size is larger than allowed."}, + {TPM_RC_NV_LOCKED, "TPM_RC_NV_LOCKED - NV access locked."}, + {TPM_RC_NV_AUTHORIZATION, "TPM_RC_NV_AUTHORIZATION - NV access authorization fails"}, + {TPM_RC_NV_UNINITIALIZED, "TPM_RC_NV_UNINITIALIZED - an NV Index is used before being initialized"}, + {TPM_RC_NV_SPACE, "TPM_RC_NV_SPACE - insufficient space for NV allocation"}, + {TPM_RC_NV_DEFINED, "TPM_RC_NV_DEFINED - NV Index or persistent object already defined"}, + {TPM_RC_BAD_CONTEXT, "TPM_RC_BAD_CONTEXT - context in TPM2_ContextLoad() is not valid"}, + {TPM_RC_CPHASH, "TPM_RC_CPHASH - cpHash value already set or not correct for use"}, + {TPM_RC_PARENT, "TPM_RC_PARENT - handle for parent is not a valid parent"}, + {TPM_RC_NEEDS_TEST, "TPM_RC_NEEDS_TEST - some function needs testing."}, + {TPM_RC_NO_RESULT, "TPM_RC_NO_RESULT - internal function cannot process a request due to an unspecified problem."}, + {TPM_RC_SENSITIVE, "TPM_RC_SENSITIVE - the sensitive area did not unmarshal correctly after decryption"}, +}; + +/* RC_FMT1 response code to text */ + +const RC_TABLE fmt1Table [] = { + {TPM_RC_ASYMMETRIC, "TPM_RC_ASYMMETRIC - asymmetric algorithm not supported or not correct"}, + {TPM_RC_ATTRIBUTES, "TPM_RC_ATTRIBUTES - inconsistent attributes"}, + {TPM_RC_HASH, "TPM_RC_HASH - hash algorithm not supported or not appropriate"}, + {TPM_RC_VALUE, "TPM_RC_VALUE - value is out of range or is not correct for the context"}, + {TPM_RC_HIERARCHY, "TPM_RC_HIERARCHY - hierarchy is not enabled or is not correct for the use"}, + {TPM_RC_KEY_SIZE, "TPM_RC_KEY_SIZE - key size is not supported"}, + {TPM_RC_MGF, "TPM_RC_MGF - mask generation function not supported"}, + {TPM_RC_MODE, "TPM_RC_MODE - mode of operation not supported"}, + {TPM_RC_TYPE, "TPM_RC_TYPE - the type of the value is not appropriate for the use"}, + {TPM_RC_HANDLE, "TPM_RC_HANDLE - the handle is not correct for the use"}, + {TPM_RC_KDF, "TPM_RC_KDF - unsupported key derivation function or function not appropriate for use"}, + {TPM_RC_RANGE, "TPM_RC_RANGE - value was out of allowed range."}, + {TPM_RC_AUTH_FAIL, "TPM_RC_AUTH_FAIL - the authorization HMAC check failed and DA counter incremented"}, + {TPM_RC_NONCE, "TPM_RC_NONCE - invalid nonce size or nonce value mismatch"}, + {TPM_RC_PP, "TPM_RC_PP - authorization requires assertion of PP"}, + {TPM_RC_SCHEME, "TPM_RC_SCHEME - unsupported or incompatible scheme"}, + {TPM_RC_SIZE, "TPM_RC_SIZE - structure is the wrong size"}, + {TPM_RC_SYMMETRIC, "TPM_RC_SYMMETRIC - unsupported symmetric algorithm or key size, or not appropriate for instance"}, + {TPM_RC_TAG, "TPM_RC_TAG - incorrect structure tag"}, + {TPM_RC_SELECTOR, "TPM_RC_SELECTOR - union selector is incorrect"}, + {TPM_RC_INSUFFICIENT, "TPM_RC_INSUFFICIENT - the TPM was unable to unmarshal a value because there were not enough octets in the input buffer"}, + {TPM_RC_SIGNATURE, "TPM_RC_SIGNATURE - the signature is not valid"}, + {TPM_RC_KEY, "TPM_RC_KEY - key fields are not compatible with the selected use"}, + {TPM_RC_POLICY_FAIL, "TPM_RC_POLICY_FAIL - a policy check failed"}, + {TPM_RC_INTEGRITY, "TPM_RC_INTEGRITY - integrity check failed"}, + {TPM_RC_TICKET, "TPM_RC_TICKET - invalid ticket"}, + {TPM_RC_RESERVED_BITS, "TPM_RC_RESERVED_BITS - reserved bits not set to zero as required"}, + {TPM_RC_BAD_AUTH, "TPM_RC_BAD_AUTH - authorization failure without DA implications"}, + {TPM_RC_EXPIRED, "TPM_RC_EXPIRED - the policy has expired"}, + {TPM_RC_POLICY_CC, "TPM_RC_POLICY_CC - the commandCode in the policy is not the commandCode of the command"}, + {TPM_RC_BINDING, "TPM_RC_BINDING - public and sensitive portions of an object are not cryptographically bound"}, + {TPM_RC_CURVE, "TPM_RC_CURVE - curve not supported "}, + {TPM_RC_ECC_POINT, "TPM_RC_ECC_POINT - point is not on the required curve."}, +}; + +/* RC_WARN response code to text */ + +const RC_TABLE warnTable [] = { + {TPM_RC_CONTEXT_GAP, "TPM_RC_CONTEXT_GAP - gap for context ID is too large"}, + {TPM_RC_OBJECT_MEMORY, "TPM_RC_OBJECT_MEMORY - out of memory for object contexts"}, + {TPM_RC_SESSION_MEMORY, "TPM_RC_SESSION_MEMORY - out of memory for session contexts"}, + {TPM_RC_MEMORY, "TPM_RC_MEMORY - out of shared object/session memory or need space for internal operations"}, + {TPM_RC_SESSION_HANDLES, "TPM_RC_SESSION_HANDLES - out of session handles - a session must be flushed before a new session may be created"}, + {TPM_RC_OBJECT_HANDLES, "TPM_RC_OBJECT_HANDLES - out of object handles - the handle space for objects is depleted and a reboot is required"}, + {TPM_RC_LOCALITY, "TPM_RC_LOCALITY - bad locality"}, + {TPM_RC_YIELDED, "TPM_RC_YIELDED - the TPM has suspended operation on the command; forward progress was made and the command may be retried."}, + {TPM_RC_CANCELED, "TPM_RC_CANCELED - the command was canceled"}, + {TPM_RC_TESTING, "TPM_RC_TESTING - TPM is performing self-tests"}, + {TPM_RC_REFERENCE_H0, "TPM_RC_REFERENCE_H0 - the 1st handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H1, "TPM_RC_REFERENCE_H1 - the 2nd handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H2, "TPM_RC_REFERENCE_H2 - the 3rd handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H3, "TPM_RC_REFERENCE_H3 - the 4th handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H4, "TPM_RC_REFERENCE_H4 - the 5th handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H5, "TPM_RC_REFERENCE_H5 - the 6th handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_H6, "TPM_RC_REFERENCE_H6 - the 7th handle in the handle area references a transient object or session that is not loaded"}, + {TPM_RC_REFERENCE_S0, "TPM_RC_REFERENCE_S0 - the 1st authorization session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S1, "TPM_RC_REFERENCE_S1 - the 2nd authorization session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S2, "TPM_RC_REFERENCE_S2 - the 3rd authorization session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S3, "TPM_RC_REFERENCE_S3 - the 4th authorization session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S4, "TPM_RC_REFERENCE_S4 - the 5th session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S5, "TPM_RC_REFERENCE_S5 - the 6th session handle references a session that is not loaded"}, + {TPM_RC_REFERENCE_S6, "TPM_RC_REFERENCE_S6 - the 7th authorization session handle references a session that is not loaded"}, + {TPM_RC_NV_RATE, "TPM_RC_NV_RATE - the TPM is rate-limiting accesses to prevent wearout of NV"}, + {TPM_RC_LOCKOUT, "TPM_RC_LOCKOUT - authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode"}, + {TPM_RC_RETRY, "TPM_RC_RETRY - the TPM was not able to start the command"}, + {TPM_RC_NV_UNAVAILABLE, "the command may require writing of NV and NV is not current accessible"}, + {TPM_RC_NOT_USED, "TPM_RC_NOT_USED - this value is reserved and shall not be returned by the TPM"}, +}; + +/* parameter and handle number to text */ + +const char *num_table [] = { + "unspecified", + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" +}; + +/* from tsserror.h */ + +const RC_TABLE tssTable [] = { + {TSS_RC_OUT_OF_MEMORY, "TSS_RC_OUT_OF_MEMORY - Out of memory (malloc failed)"}, + {TSS_RC_ALLOC_INPUT, "TSS_RC_ALLOC_INPUT - The input to an allocation is not NULL"}, + {TSS_RC_MALLOC_SIZE, "TSS_RC_MALLOC_SIZE - The malloc size is too large or zero"}, + {TSS_RC_INSUFFICIENT_BUFFER, "TSS_RC_INSUFFICIENT_BUFFER - A buffer was insufficient for a copy"}, + {TSS_RC_BAD_PROPERTY, "TSS_RC_BAD_PROPERTY - The property parameter is out of range"}, + {TSS_RC_BAD_PROPERTY_VALUE, "TSS_RC_BAD_PROPERTY_VALUE - The property value is invalid"}, + {TSS_RC_INSUPPORTED_INTERFACE, "TSS_RC_INSUPPORTED_INTERFACE - The TPM interface type is not supported"}, + {TSS_RC_NO_CONNECTION, "TSS_RC_NO_CONNECTION - Failure connecting to lower layer"}, + {TSS_RC_BAD_CONNECTION, "TSS_RC_BAD_CONNECTION - Failure communicating with lower layer"}, + {TSS_RC_MALFORMED_RESPONSE, "TSS_RC_MALFORMED_RESPONSE - A response packet was fundamentally malformed"}, + {TSS_RC_NULL_PARAMETER, "TSS_RC_NULL_PARAMETER - A required parameter was NULL"}, + {TSS_RC_NOT_IMPLEMENTED, "TSS_RC_NOT_IMPLEMENTED - TSS function is not implemented"}, + {TSS_RC_BAD_READ_VALUE, "TSS_RC_BAD_READ_VALUE - Actual read value different from expected"}, + {TSS_RC_FILE_OPEN, "TSS_RC_FILE_OPEN - The file could not be opened"}, + {TSS_RC_FILE_SEEK, "TSS_RC_FILE_SEEK - A file seek failed"}, + {TSS_RC_FILE_FTELL, "TSS_RC_FILE_FTELL - A file ftell failed"}, + {TSS_RC_FILE_READ, "TSS_RC_FILE_READ - A file read failed"}, + {TSS_RC_FILE_CLOSE, "TSS_RC_FILE_CLOSE - A file close failed"}, + {TSS_RC_FILE_WRITE, "TSS_RC_FILE_WRITE - A file write failed"}, + {TSS_RC_FILE_REMOVE, "TSS_RC_FILE_REMOVE - A file remove failed"}, + {TSS_RC_RNG_FAILURE, "TSS_RC_RNG_FAILURE - The random number generator failed"}, + {TSS_RC_BAD_PWAP_NONCE, "TSS_RC_BAD_PWAP_NONCE - Bad PWAP response nonce"}, + {TSS_RC_BAD_PWAP_ATTRIBUTES, "TSS_RC_BAD_PWAP_ATTRIBUTES - Bad PWAP response attributes"}, + {TSS_RC_BAD_PWAP_HMAC, "TSS_RC_BAD_PWAP_HMAC - Bad PWAP response HMAC"}, + {TSS_RC_NAME_NOT_IMPLEMENTED, "TSS_RC_NAME_NOT_IMPLEMENTED - name calculation not implemented for handle type"}, + {TSS_RC_MALFORMED_NV_PUBLIC, "TSS_RC_MALFORMED_NV_PUBLIC - The NV public structure does not match the name"}, + {TSS_RC_NAME_FILENAME, "TSS_RC_NAME_FILENAME - The name filename function has inconsistent arguments"}, + {TSS_RC_MALFORMED_PUBLIC, "TSS_RC_MALFORMED_PUBLIC -The public structure does not match the name"}, + {TSS_RC_DECRYPT_SESSIONS, "TSS_RC_DECRYPT_SESSIONS - More than one command decrypt session"}, + {TSS_RC_ENCRYPT_SESSIONS, "TSS_RC_ENCRYPT_SESSIONS - More than one response encrypt session"}, + {TSS_RC_NO_DECRYPT_PARAMETER, "TSS_RC_NO_DECRYPT_PARAMETER - Command has no decrypt parameter"}, + {TSS_RC_NO_ENCRYPT_PARAMETER, "TSS_RC_NO_ENCRYPT_PARAMETER - Respnse has no encrypt parameter"}, + {TSS_RC_BAD_DECRYPT_ALGORITHM, "TSS_RC_BAD_DECRYPT_ALGORITHM - Session had an unimplemented decrypt symmetric algorithm"}, + {TSS_RC_BAD_ENCRYPT_ALGORITHM, "TSS_RC_BAD_ENCRYPT_ALGORITHM - Session had an unimplemented encrypt symmetric algorithm"}, + {TSS_RC_AES_ENCRYPT_FAILURE, "TSS_RC_AES_ENCRYPT_FAILURE - AES encryption failed"}, + {TSS_RC_AES_DECRYPT_FAILURE, "TSS_RC_AES_DECRYPT_FAILURE - AES decryption failed\n" + "\tIf using command line utilities, set env variable TPM_ENCRYPT_SESSIONS to 0\n" + "\tor see TSS manual for more options"}, + {TSS_RC_BAD_ENCRYPT_SIZE, "TSS_RC_BAD_ENCRYPT_SIZE - Parameter encryption size mismatch"}, + {TSS_RC_AES_KEYGEN_FAILURE, "TSS_RC_AES_KEYGEN_FAILURE - AES key generation failed"}, + {TSS_RC_SESSION_NUMBER, "TSS_RC_SESSION_NUMBER - session number out of range"}, + {TSS_RC_BAD_SALT_KEY, "TSS_RC_BAD_SALT_KEY - Key is unsuitable for salt"}, + {TSS_RC_KDFA_FAILED, "TSS_RC_KDFA_FAILED - KDFa function failed"}, + {TSS_RC_HMAC, "TSS_RC_HMAC - An HMAC calculation failed"}, + {TSS_RC_HMAC_SIZE, "TSS_RC_HMAC_SIZE - nse HMAC is the wrong size"}, + {TSS_RC_HMAC_VERIFY, "TSS_RC_HMAC_VERIFY - MAC does not verify"}, + {TSS_RC_BAD_HASH_ALGORITHM, "TSS_RC_BAD_HASH_ALGORITHM - Unimplemented hash algorithm"}, + {TSS_RC_HASH, "TSS_RC_HASH - A hash calculation failed"}, + {TSS_RC_RSA_KEY_CONVERT, "TSS_RC_RSA_KEY_CONVERT - RSA key conversion failed"}, + {TSS_RC_RSA_PADDING, "TSS_RC_RSA_PADDING - RSA add padding failed"}, + {TSS_RC_RSA_ENCRYPT, "TSS_RC_RSA_ENCRYPT - RSA public encrypt failed"}, + {TSS_RC_BIGNUM, "TSS_RC_BIGNUM - NUM operation failed"}, + {TSS_RC_RSA_SIGNATURE, "TSS_RC_RSA_SIGNATURE - RSA signature is bad"}, + {TSS_RC_EC_SIGNATURE, "TSS_RC_EC_SIGNATURE - EC signature is bad"}, + {TSS_RC_EC_KEY_CONVERT, "TSS_RC_EC_KEY_CONVERT - EC key conversion failed"}, + {TSS_RC_X509_ERROR, "TSS_RC_X509_ERROR - X509 parse error"}, + {TSS_RC_PEM_ERROR, "TSS_RC_PEM_ERROR - PEM parse error"}, + {TSS_RC_BAD_SIGNATURE_ALGORITHM, "TSS_RC_BAD_SIGNATURE_ALGORITHM - Unimplemented signature algorithm"}, + {TSS_RC_COMMAND_UNIMPLEMENTED, "TSS_RC_COMMAND_UNIMPLEMENTED - Unimplemented command"}, + {TSS_RC_IN_PARAMETER, "TSS_RC_IN_PARAMETER - Bad in parameter to TSS_Execute"}, + {TSS_RC_OUT_PARAMETER, "TSS_RC_OUT_PARAMETER - Bad out parameter to TSS_Execute"}, + {TSS_RC_BAD_HANDLE_NUMBER, "TSS_RC_BAD_HANDLE_NUMBER - Bad handle number for this command"}, + {TSS_RC_KDFE_FAILED, "TSS_RC_KDFE_FAILED - KDFe function failed"}, + {TSS_RC_EC_EPHEMERAL_FAILURE, "TSS_RC_EC_EPHEMERAL_FAILURE - Failed while making or using EC ephemeral key"}, + {TSS_RC_FAIL, "TSS_RC_FAIL - TSS internal failure"}, + {TSS_RC_NO_SESSION_SLOT, "TSS_RC_NO_SESSION_SLOT - TSS context has no session slot for handle"}, + {TSS_RC_NO_OBJECTPUBLIC_SLOT, "TSS_RC_NO_OBJECTPUBLIC_SLOT - TSS context has no object public slot for handle"}, + {TSS_RC_NO_NVPUBLIC_SLOT, "TSS_RC_NO_NVPUBLIC_SLOT -TSS context has no NV public slot for handle"}, +}; + +#ifdef TPM_WINDOWS +#ifdef TPM_WINDOWS_TBSI + +/* Windows TBS, see winerror.h */ + +const RC_TABLE tbsTable [] = { + {TBS_E_INTERNAL_ERROR, "TBS_E_INTERNAL_ERROR - An internal software error occurred"}, + {TBS_E_BAD_PARAMETER, "TBS_E_BAD_PARAMETER - One or more parameter values are not valid"}, + {TBS_E_INVALID_OUTPUT_POINTER, "TBS_E_INVALID_OUTPUT_POINTER - A specified output pointer is bad"}, + {TBS_E_INVALID_CONTEXT, "TBS_E_INVALID_CONTEXT - The specified context handle does not refer to a valid context"}, + {TBS_E_INSUFFICIENT_BUFFER, "TBS_E_INSUFFICIENT_BUFFER - The specified output buffer is too small"}, + {TBS_E_IOERROR, "TBS_E_IOERROR - An error occurred while communicating with the TPM"}, + {TBS_E_INVALID_CONTEXT_PARAM, "TBS_E_INVALID_CONTEXT_PARAM - A context parameter that is not valid was passed when attempting to create a TBS context"}, + {TBS_E_SERVICE_NOT_RUNNING, "TBS_E_SERVICE_NOT_RUNNING - The TBS service is not running and could not be started"}, + {TBS_E_TOO_MANY_TBS_CONTEXTS, "TBS_E_TOO_MANY_TBS_CONTEXTS - A new context could not be created because there are too many open contexts"}, + {TBS_E_TOO_MANY_RESOURCES, "TBS_E_TOO_MANY_RESOURCES - A new virtual resource could not be created because there are too many open virtual resources"}, + {TBS_E_SERVICE_START_PENDING, "TBS_E_SERVICE_START_PENDING - The TBS service has been started but is not yet running"}, + {TBS_E_PPI_NOT_SUPPORTED, "TBS_E_PPI_NOT_SUPPORTED - The physical presence interface is not supported"}, + {TBS_E_COMMAND_CANCELED, "TBS_E_COMMAND_CANCELED - The command was canceled"}, + {TBS_E_BUFFER_TOO_LARGE, "TBS_E_BUFFER_TOO_LARGE - The input or output buffer is too large"}, + {TBS_E_TPM_NOT_FOUND, "TBS_E_TPM_NOT_FOUND - A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer"}, + {TBS_E_SERVICE_DISABLED, "TBS_E_SERVICE_DISABLED - The TBS service has been disabled"}, + {TBS_E_NO_EVENT_LOG, "TBS_E_NO_EVENT_LOG - The TBS event log is not available"}, + {TBS_E_ACCESS_DENIED, "TBS_E_ACCESS_DENIED - The caller does not have the appropriate rights to perform the requested operation"}, + {TBS_E_PROVISIONING_NOT_ALLOWED, "TBS_E_PROVISIONING_NOT_ALLOWED - The TPM provisioning action is not allowed by the specified flags"}, + {TBS_E_PPI_FUNCTION_UNSUPPORTED, "TBS_E_PPI_FUNCTION_UNSUPPORTED - The Physical Presence Interface of this firmware does not support the requested method"}, + {TBS_E_OWNERAUTH_NOT_FOUND, "TBS_E_OWNERAUTH_NOT_FOUND - The requested TPM OwnerAuth value was not found"}, + {TBS_E_PROVISIONING_INCOMPLETE, "TBS_E_PROVISIONING_INCOMPLETE - The TPM provisioning did not complete."}, + + {TPM_E_COMMAND_BLOCKED, "TPM_E_COMMAND_BLOCKED - The command was blocked"}, + {TPM_E_INVALID_HANDLE, "TPM_E_INVALID_HANDLE - The specified handle was not found"}, + {TPM_E_DUPLICATE_VHANDLE, "TPM_E_DUPLICATE_VHANDLE - The TPM returned a duplicate handle and the command needs to be resubmitted"}, + {TPM_E_EMBEDDED_COMMAND_BLOCKED, "TPM_E_EMBEDDED_COMMAND_BLOCKED - The command within the transport was blocked"}, + {TPM_E_EMBEDDED_COMMAND_UNSUPPORTED, "TPM_E_EMBEDDED_COMMAND_UNSUPPORTED - The command within the transport is not supported"}, + {TPM_E_RETRY, "TPM_E_RETRY - The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time"}, + {TPM_E_NEEDS_SELFTEST, "TPM_E_NEEDS_SELFTEST - SelfTestFull has not been run"}, + {TPM_E_DOING_SELFTEST, "TPM_E_DOING_SELFTEST - The TPM is currently executing a full selftest"}, + {TPM_E_DEFEND_LOCK_RUNNING, "TPM_E_DEFEND_LOCK_RUNNING - The TPM is defending against dictionary attacks and is in a time-out period"}, +}; + +#endif /* TPM_WINDOWS_TBSI */ +#endif /* TPM_WINDOWS */ + +#define BITS1108 0xf00 +#define BITS1108SHIFT 8 + +#define BITS1008 0x700 +#define BITS1008SHIFT 8 + +#define BITS0600 0x07f +#define BITS0500 0x03f + +#define BITS87 0x180 +#define BIT11 0x800 +#define BIT10 0x400 +#define BIT7 0x080 +#define BIT6 0x040 + +#define TSSMASK 0x00ff0000 /* 23:16 */ +#define TBSMASK 0x80000000 + +/* Test cases + + TPM 1.2 001 + TPM param 1c1 + TPM handle 181 + TPM session 981 + TSS b0001 +*/ + +/* TSS namespace starts with bit 16 */ +#define TSS_RC_LEVEL_SHIFT 16 + +/* TSS error level name space */ +#define TSS_ERROR_LEVEL (11 << TSS_RC_LEVEL_SHIFT ) + +/* Figure 26 - Response Code Evaluation */ + +void TSS_ResponseCode_toString(const char **msg, const char **submsg, const char **num, TPM_RC rc) +{ + *submsg = ""; /* sometimes no sub-message */ + *num = ""; /* sometime no number */ + + if (rc == 0) { + *msg = "TPM_RC_SUCCESS"; + } +#ifdef TPM_WINDOWS +#ifdef TPM_WINDOWS_TBSI + else if ((rc & TBSMASK) == TBSMASK) { + *msg = TSS_ResponseCode_RcToText(tbsTable, sizeof(tbsTable) / sizeof(RC_TABLE), rc); + } +#endif /* TPM_WINDOWS_TBSI */ +#endif /* TPM_WINDOWS */ + /* if TSS 11 << 16 */ + else if ((rc & TSSMASK) == TSS_ERROR_LEVEL) { + *msg = TSS_ResponseCode_RcToText(tssTable, sizeof(tssTable) / sizeof(RC_TABLE), rc); + } + /* if bits 8:7 are 00 */ + else if ((rc & BITS87) == 0) { + /* TPM 1.2 x000 0xxx xxxx */ +#ifdef TPM_TPM12 + *msg = TSS_ResponseCode_RcToText(tpm12Table, sizeof(tpm12Table) / sizeof(RC_TABLE), rc); +#else + *msg = "TPM 1.2 response code"; +#endif + } + /* if bits 8:7 are not 00 */ + else { + /* if bit 7 is 0 */ + if ((rc & BIT7) == 0) { + /* if bit 10 is 1 */ + if ((rc & BIT10) != 0) { + /* vendor defined x101 0xxx xxxx */ + *msg = "TPM2 vendor defined response code"; + } + /* if bit 10 is 0 */ + else { + /* if bit 11 is 1 */ + if ((rc & BIT11) != 0) { + /* warning 1001 0xxx xxxx RC_WARN */ + *msg = TSS_ResponseCode_RcToText(warnTable, + sizeof(warnTable) / sizeof(RC_TABLE), + rc & (BITS0600 | RC_WARN)); + } + /* if bit 11 is 0 */ + else { + /* error 0001 0xxx xxxx RC_VER1 */ + *msg = TSS_ResponseCode_RcToText(ver1Table, + sizeof(ver1Table) / sizeof(RC_TABLE), + rc & (BITS0600 | RC_VER1)); + } + } + } + /* if bit 7 is 1 RC_FMT1 */ + else { + /* if bit 6 is 1 */ + if ((rc & BIT6) != 0) { + /* error xxxx 11xx xxxx */ + *msg = TSS_ResponseCode_RcToText(fmt1Table, + sizeof(fmt1Table) / sizeof(RC_TABLE), + rc & (BITS0500 | RC_FMT1)); + *submsg = " Parameter number "; + *num = TSS_ResponseCode_NumberToText((rc & BITS1108) >> BITS1108SHIFT); + } + /* if bit 6 is 0 */ + else { + /* if bit 11 is 1 */ + if ((rc & BIT11) != 0) { + /* error 1xxx 10xx xxxx */ + *msg = TSS_ResponseCode_RcToText(fmt1Table, + sizeof(fmt1Table) / sizeof(RC_TABLE), + rc & (BITS0500 | RC_FMT1)); + *submsg = " Session number "; + *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); + } + /* if bit 11 is 0 */ + else { + /* error 0xxx 10xx xxxx */ + *msg = TSS_ResponseCode_RcToText(fmt1Table, + sizeof(fmt1Table) / sizeof(RC_TABLE), + rc & (BITS0500 | RC_FMT1)); + *submsg = " Handle number "; + *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); + } + } + } + } + return; +} + +static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc) +{ + size_t i; + + for (i = 0 ; i < tableSize ; i++) { + if (table[i].rc == rc) { + return table[i].text; + } + } + return "response code unknown"; +} + +static const char *TSS_ResponseCode_NumberToText(unsigned int num) +{ + if (num < (sizeof(num_table) / sizeof(const char *))) { + return num_table[num]; + } + else { + return "out of bounds"; + } +} + +#endif /* TPM_TSS_NO_PRINT */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tsssocket.c b/libstb/tss2/ibmtpm20tss/utils/tsssocket.c new file mode 100644 index 000000000000..c5c9be18ce55 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsssocket.c @@ -0,0 +1,706 @@ +/********************************************************************************/ +/* */ +/* Socket Transmit and Receive Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tsssocket.c 1304 2018-08-20 18:31:45Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015, 2018. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include +#include + +#ifndef TPM_NOSOCKET + +/* TSS_SOCKET_FD encapsulates the differences between the Posix and Windows socket type */ + +#ifdef TPM_POSIX +#include +#include +#include +#include +#include +#endif + +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include + +#include +#include +#include +#include +#include "tssproperties.h" +#include + +#include "tsssocket.h" + +/* local prototypes */ + +static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port); +static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext, + const uint8_t *buffer, uint16_t length, + const char *message); +static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message); +static uint32_t TSS_Socket_ReceiveResponse(TSS_CONTEXT *tssContext, uint8_t *buffer, uint32_t *length); +static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd); +static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, uint8_t *buffer, uint32_t nbytes); +static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length); + +static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext, + int *mssim, + int *rawsingle); +#ifdef TPM_WINDOWS +static void TSS_Socket_PrintError(int err); +#endif + +extern int tssVverbose; +extern int tssVerbose; + +/* TSS_Socket_TransmitPlatform() transmits MS simulator platform administrative commands */ + +TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext, + uint32_t command, const char *message) +{ + TPM_RC rc = 0; + int mssim; /* boolean, true for MS simulator packet format, false for raw packet + format */ + int rawsingle = FALSE; /* boolean, true for raw format with an open and close per + command */ + /* open on first transmit */ + if (tssContext->tssFirstTransmit) { + /* detect errors before starting, get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + /* the platform administrative commands can only work with the simulator */ + if (rc == 0) { + if (!mssim) { + if (tssVerbose) printf("TSS_Socket_TransmitPlatform: server type %s unsupported\n", + tssContext->tssServerType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + } + if (rc == 0) { + rc = TSS_Socket_Open(tssContext, tssContext->tssPlatformPort); + } + if (rc == 0) { + tssContext->tssFirstTransmit = FALSE; + } + } + if (rc == 0) { + rc = TSS_Socket_SendPlatform(tssContext->sock_fd, command, message); + } + if (rc == 0) { + rc = TSS_Socket_ReceivePlatform(tssContext->sock_fd); + } + return rc; +} + +/* TSS_Socket_TransmitCommand() transmits MS simulator in band administrative commands */ + +TPM_RC TSS_Socket_TransmitCommand(TSS_CONTEXT *tssContext, + uint32_t command, const char *message) +{ + TPM_RC rc = 0; + int mssim; /* boolean, true for MS simulator packet format, false for raw packet + format */ + int rawsingle = FALSE; /* boolean, true for raw format with an open and close per + command */ + /* open on first transmit */ + if (tssContext->tssFirstTransmit) { + /* detect errors before starting, get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + /* the platform administrative commands can only work with the simulator */ + if (rc == 0) { + if (!mssim) { + if (tssVerbose) printf("TSS_Socket_TransmitCommand: server type %s unsupported\n", + tssContext->tssServerType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + } + if (rc == 0) { + rc = TSS_Socket_Open(tssContext, tssContext->tssCommandPort); + } + if (rc == 0) { + tssContext->tssFirstTransmit = FALSE; + } + } + if (message != NULL) { + if (tssVverbose) printf("TSS_Socket_TransmitCommand: %s\n", message); + } + if (rc == 0) { + uint32_t commandType = htonl(command); /* command type is network byte order */ + rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t)); + } + /* FIXME The only command currently supported is TPM_STOP, which has no response */ + return rc; +} + +/* TSS_Socket_Transmit() transmits the TPM command and receives the response. + + It can return socket transmit and receive packet errors, but normally returns the TPM response + code. + +*/ + +TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + TPM_RC rc = 0; + int mssim; /* boolean, true for MS simulator packet format, false for raw packet + format */ + int rawsingle = FALSE; /* boolean, true for raw packet format requiring an open and + close for each command */ + + /* open on first transmit */ + if (tssContext->tssFirstTransmit) { + /* detect errors before starting, get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + if (rc == 0) { + rc = TSS_Socket_Open(tssContext, tssContext->tssCommandPort); + } + if (rc == 0) { + tssContext->tssFirstTransmit = FALSE; + } + } + /* send the command over the socket. Error if the socket send fails. */ + if (rc == 0) { + rc = TSS_Socket_SendCommand(tssContext, commandBuffer, written, message); + } + /* receive the response over the socket. Returns socket errors, malformed response errors. + Else returns the TPM response code. */ + if (rc == 0) { + rc = TSS_Socket_ReceiveResponse(tssContext, responseBuffer, read); + } + /* rawsingle flags a close after each command */ + if (rawsingle) { + TPM_RC rc1; + rc1 = TSS_Socket_Close(tssContext); + if (rc == 0) { + rc = rc1; + } + tssContext->tssFirstTransmit = TRUE; /* force reopen on next command */ + } + return rc; +} + +/* TSS_Socket_GetServerType() gets the type of server packet format + + Currently, the formats supported are: + + mssim, raw, rawsingle + + mssim TRUE - the MS simulator packet + mssim FALSE - raw TPM specification Part 3 packets + rawsingle is the same as mssim FALSE but forces an open and cose for each command +*/ + +static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext, + int *mssim, + int *rawsingle) +{ + uint32_t rc = 0; + if (rc == 0) { + if ((strcmp(tssContext->tssServerType, "mssim") == 0)) { + *mssim = TRUE; + *rawsingle = FALSE; + } + else if ((strcmp(tssContext->tssServerType, "raw") == 0)) { + *mssim = FALSE; + *rawsingle = FALSE; + } + else if ((strcmp(tssContext->tssServerType, "rawsingle") == 0)) { + *mssim = FALSE; + *rawsingle = TRUE; + } + else { + if (tssVerbose) printf("TSS_Socket_GetServerType: server type %s unsupported\n", + tssContext->tssServerType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + } + return rc; +} + +/* TSS_Socket_Open() opens the socket to the TPM Host emulation to tssServerName:port + +*/ + +static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port) +{ +#ifdef TPM_WINDOWS + WSADATA wsaData; + int irc; +#endif + struct sockaddr_in serv_addr; + struct hostent *host = NULL; + + if (tssVverbose) printf("TSS_Socket_Open: Opening %s:%hu-%s\n", + tssContext->tssServerName, port, tssContext->tssServerType); + /* create a socket */ +#ifdef TPM_WINDOWS + if ((irc = WSAStartup(0x202, &wsaData)) != 0) { /* if not successful */ + if (tssVerbose) printf("TSS_Socket_Open: Error, WSAStartup failed\n"); + WSACleanup(); + return TSS_RC_NO_CONNECTION; + } + if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) == INVALID_SOCKET) { + if (tssVerbose) printf("TSS_Socket_Open: client socket() error: %u\n", tssContext->sock_fd); + return TSS_RC_NO_CONNECTION; + } +#endif +#ifdef TPM_POSIX + if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) < 0) { + if (tssVerbose) printf("TSS_Socket_Open: client socket error: %d %s\n", + errno,strerror(errno)); + return TSS_RC_NO_CONNECTION; + } +#endif + memset((char *)&serv_addr,0x0,sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_port = htons(port); + + /* the server host name tssServerName came from the default or an environment variable */ + /* first assume server is dotted decimal number and call inet_addr */ + if ((int)(serv_addr.sin_addr.s_addr = inet_addr(tssContext->tssServerName)) == -1) { + /* if inet_addr fails, assume server is a name and call gethostbyname to look it up */ + /* if gethostbyname also fails */ + if ((host = gethostbyname(tssContext->tssServerName)) == NULL) { + if (tssVerbose) printf("TSS_Socket_Open: server name error, name %s\n", + tssContext->tssServerName); + return TSS_RC_NO_CONNECTION; + } + serv_addr.sin_family = host->h_addrtype; + memcpy(&serv_addr.sin_addr, host->h_addr, host->h_length); + } + /* establish the connection to the TPM server */ +#ifdef TPM_POSIX + if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) { + if (tssVerbose) printf("TSS_Socket_Open: Error on connect to %s:%u\n", + tssContext->tssServerName, port); + if (tssVerbose) printf("TSS_Socket_Open: client connect: error %d %s\n", + errno,strerror(errno)); + return TSS_RC_NO_CONNECTION; + } +#endif +#ifdef TPM_WINDOWS + if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) != 0) { + if (tssVerbose) { + int err; + printf("TSS_Socket_Open: Error on connect to %s:%u\n", + tssContext->tssServerName, port); + err = WSAGetLastError(); + printf("TSS_Socket_Open: client connect: error %d\n", err); + TSS_Socket_PrintError(err); + } + return TSS_RC_NO_CONNECTION; + } +#endif + else { + /* printf("TSS_Socket_Open: client connect: success\n"); */ + } + return 0; +} + +/* TSS_Socket_SendCommand() sends the TPM command packet over the socket. + + The MS simulator packet is of the form: + + TPM_SEND_COMMAND + locality 0 + length + TPM command packet (this is the raw packet format) + + Returns an error if the socket send fails. +*/ + +static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext, + const uint8_t *buffer, uint16_t length, + const char *message) +{ + uint32_t rc = 0; + int mssim; /* boolean, true for MS simulator packet format, false for raw packet + format */ + int rawsingle; + + if (message != NULL) { + if (tssVverbose) printf("TSS_Socket_SendCommand: %s\n", message); + } + /* trace the command packet */ + if ((rc == 0) && tssVverbose) { + TSS_PrintAll("TSS_Socket_SendCommand", + buffer, length); + } + /* get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + /* MS simulator wants a command type, locality, length */ + if ((rc == 0) && mssim) { + uint32_t commandType = htonl(TPM_SEND_COMMAND); /* command type is network byte order */ + rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t)); + } + if ((rc == 0) && mssim) { + uint8_t locality = 0; + rc = TSS_Socket_SendBytes(tssContext->sock_fd, &locality, sizeof(uint8_t)); + } + if ((rc == 0) && mssim) { + uint32_t lengthNbo = htonl(length); /* length is network byte order */ + rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&lengthNbo, sizeof(uint32_t)); + } + /* all packet formats (types) send the TPM command packet */ + if (rc == 0) { + rc = TSS_Socket_SendBytes(tssContext->sock_fd, buffer, length); + } + return rc; +} + +/* TSS_Socket_SendPlatform() transmits MS simulator platform administrative commands. This function + should only be called if the TPM supports administrative commands. + + Returns an error if the socket send fails. + +*/ + +static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message) +{ + uint32_t rc = 0; + + if (message != NULL) { + if (tssVverbose) printf("TSS_Socket_SendPlatform: %s\n", message); + } + if (tssVverbose) printf("TSS_Socket_SendPlatform: Command %08x\n", command); + /* MS simulator platform commands */ + if (rc == 0) { + uint32_t commandNbo = htonl(command); /* command is network byte order */ + rc = TSS_Socket_SendBytes(sock_fd, (uint8_t *)&commandNbo , sizeof(uint32_t)); + } + return rc; +} + +/* TSS_Socket_SendBytes() is the low level sent function that transmits the buffer over the socket. + + It handles partial writes by looping. + + */ + +static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length) +{ + int nwritten = 0; + size_t nleft = 0; + unsigned int offset = 0; + + nleft = length; + while (nleft > 0) { +#ifdef TPM_POSIX + nwritten = write(sock_fd, &buffer[offset], nleft); + if (nwritten < 0) { /* error */ + if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten); + return TSS_RC_BAD_CONNECTION; + } +#endif +#ifdef TPM_WINDOWS + /* cast for winsock. Unix uses void * */ + nwritten = send(sock_fd, (char *)(&buffer[offset]), nleft, 0); + if (nwritten == SOCKET_ERROR) { /* error */ + if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten); + return TSS_RC_BAD_CONNECTION; + } +#endif + nleft -= nwritten; + offset += nwritten; + } + return 0; +} + +/* TSS_Socket_ReceiveResponse() reads a TPM response packet from the socket. 'buffer' must be at + least MAX_RESPONSE_SIZE bytes. The bytes read are returned in 'length'. + + The MS simulator packet is of the form: + + length + TPM response packet (this is the raw packet format) + acknowledgement uint32_t zero + + If the receive succeeds, returns TPM packet error code. + + Validates that the packet length and the packet responseSize match +*/ + +static uint32_t TSS_Socket_ReceiveResponse(TSS_CONTEXT *tssContext, + uint8_t *buffer, uint32_t *length) +{ + uint32_t rc = 0; + uint32_t responseSize = 0; + uint32_t responseLength = 0; + uint8_t *bufferPtr = buffer; /* the moving buffer */ + TPM_RC responseCode; + uint32_t size; /* dummy for unmarshal call */ + int mssim; /* boolean, true for MS simulator packet format, false for raw + packet format */ + int rawsingle; + TPM_RC acknowledgement; /* MS sim acknowledgement */ + + /* get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + /* read the length prepended by the simulator */ + if ((rc == 0) && mssim) { + rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, + (uint8_t *)&responseLength, sizeof(uint32_t)); + responseLength = ntohl(responseLength); + } + /* read the tag and responseSize */ + if (rc == 0) { + rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, + bufferPtr, sizeof(TPM_ST) + sizeof(uint32_t)); + } + /* extract the responseSize */ + if (rc == 0) { + /* skip over tag to responseSize */ + bufferPtr += sizeof(TPM_ST); + + size = sizeof(uint32_t); /* dummy for call */ + rc = TSS_UINT32_Unmarshalu(&responseSize, &bufferPtr, &size); + *length = responseSize; /* returned length */ + + /* check the response size, see TSS_CONTEXT structure */ + if (responseSize > MAX_RESPONSE_SIZE) { + if (tssVerbose) + printf("TSS_Socket_ReceiveResponse: ERROR: responseSize %u greater than %u\n", + responseSize, MAX_RESPONSE_SIZE); + rc = TSS_RC_BAD_CONNECTION; + } + /* check that MS sim prepended length is the same as the response TPM packet + length parameter */ + if (mssim && (responseSize != responseLength)) { + if (tssVerbose) printf("TSS_Socket_ReceiveResponse: " + "ERROR: responseSize %u not equal to responseLength %u\n", + responseSize, responseLength); + rc = TSS_RC_BAD_CONNECTION; + } + } + /* read the rest of the packet */ + if (rc == 0) { + rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, + bufferPtr, + responseSize - (sizeof(TPM_ST) + sizeof(uint32_t))); + } + if ((rc == 0) && tssVverbose) { + TSS_PrintAll("TSS_Socket_ReceiveResponse", + buffer, responseSize); + } + /* read the MS sim acknowledgement */ + if ((rc == 0) && mssim) { + rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, + (uint8_t *)&acknowledgement, sizeof(uint32_t)); + } + /* extract the TPM return code from the packet */ + if (rc == 0) { + /* skip to responseCode */ + bufferPtr = buffer + sizeof(TPM_ST) + sizeof(uint32_t); + size = sizeof(TPM_RC); /* dummy for call */ + rc = TSS_UINT32_Unmarshalu(&responseCode, &bufferPtr, &size); + } + /* if there is no other (receive or unmarshal) error, return the TPM response code */ + if (rc == 0) { + rc = responseCode; + } + /* if there is no other (TPM response) error, return the MS simulator packet acknowledgement */ + if ((rc == 0) && mssim) { + rc = ntohl(acknowledgement); /* should always be zero */ + } + return rc; +} + +/* TSS_Socket_ReceivePlatform reads MS simulator platform administrative responses. This function + should only be called if the TPM supports administrative commands. + + The acknowledgement is a uint32_t zero. + +*/ + +static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd) +{ + uint32_t rc = 0; + TPM_RC acknowledgement; + + /* read the MS sim acknowledgement */ + if (rc == 0) { + rc = TSS_Socket_ReceiveBytes(sock_fd, (uint8_t *)&acknowledgement, sizeof(uint32_t)); + } + /* if there is no other error, return the MS simulator packet acknowledgement */ + if (rc == 0) { + rc = ntohl(acknowledgement); /* should always be zero */ + } + return rc; +} + +/* TSS_Socket_ReceiveBytes() is the low level receive function that reads the buffer over the + socket. 'buffer' must be atleast 'nbytes'. + + It handles partial reads by looping. + +*/ + +static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, + uint8_t *buffer, + uint32_t nbytes) +{ + int nread = 0; + int nleft = 0; + + nleft = nbytes; + while (nleft > 0) { +#ifdef TPM_POSIX + nread = read(sock_fd, buffer, nleft); + if (nread < 0) { /* error */ + if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread); + return TSS_RC_BAD_CONNECTION; + } +#endif +#ifdef TPM_WINDOWS + /* cast for winsock. Unix uses void * */ + nread = recv(sock_fd, (char *)buffer, nleft, 0); + if (nread == SOCKET_ERROR) { /* error */ + if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread); + return TSS_RC_BAD_CONNECTION; + } +#endif + else if (nread == 0) { /* EOF */ + if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read EOF\n"); + return TSS_RC_BAD_CONNECTION; + } + nleft -= nread; + buffer += nread; + } + return 0; +} + +/* TSS_Socket_Close() closes the socket. + + It sends the TPM_SESSION_END required by the MS simulator. + +*/ + +TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext) +{ + uint32_t rc = 0; + int mssim; /* boolean, true for MS simulator packet format, false for raw packet + format */ + int rawsingle = TRUE; /* boolean, true for raw format with an open and close per + command. Initialized to suppress false gcc -O3 + warning. */ + + if (tssVverbose) printf("TSS_Socket_Close: Closing %s-%s\n", + tssContext->tssServerName, tssContext->tssServerType); + /* get the server packet type, MS sim or raw */ + if (rc == 0) { + rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle); + } + /* the MS simulator expects a TPM_SESSION_END command before close */ + if ((rc == 0) && mssim) { + uint32_t commandType = htonl(TPM_SESSION_END); + rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t)); + } +#ifdef TPM_POSIX + /* always attempt a close, even though rawsingle should already have closed the socket */ + if (close(tssContext->sock_fd) != 0) { + if (!rawsingle) { + if (tssVerbose) printf("TSS_Socket_Close: close error\n"); + rc = TSS_RC_BAD_CONNECTION; + } + } +#endif +#ifdef TPM_WINDOWS + /* gracefully shut down the socket */ + /* always attempt a close, even though rawsingle should already have closed the socket */ + { + int irc; + irc = shutdown(tssContext->sock_fd, SD_SEND); + if (!rawsingle) { + if (irc == SOCKET_ERROR) { /* error */ + if (tssVerbose) printf("TSS_Socket_Close: shutdown error\n"); + rc = TSS_RC_BAD_CONNECTION; + } + } + } + closesocket(tssContext->sock_fd); + WSACleanup(); +#endif + return rc; +} +#endif /* TPM_NOSOCKET */ + +#ifdef TPM_WINDOWS + +/* The Windows equivalent to strerror(). It also traces the error message. + */ + +static void TSS_Socket_PrintError(int err) +{ + DWORD rc; + char *buffer = NULL; + /* mingw seems to output UTF-8 for FormatMessage(). For Visual Studio, FormatMessage() outputs + UTF-16, which would require wprintf(). FormatMessageA() outputs UTF-8, permitting printf() + for both compilers. */ + rc = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, /* formatting */ + err, + 0, /* language */ + (LPSTR)&buffer, + 0, + NULL); + if (rc != 0) { + printf("%s\n", buffer); + } + LocalFree(buffer); + return; +} +#endif + + diff --git a/libstb/tss2/ibmtpm20tss/utils/tsssocket.h b/libstb/tss2/ibmtpm20tss/utils/tsssocket.h new file mode 100644 index 000000000000..2a5a0c83dfdb --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsssocket.h @@ -0,0 +1,67 @@ +/********************************************************************************/ +/* */ +/* Socket Transmit and Receive Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tsssocket.h 1257 2018-06-27 20:52:08Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifndef TSSSOCKET_H +#define TSSSOCKET_H + +/* This is not a public header. It should not be used by applications. */ + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext, + uint32_t command, const char *message); + TPM_RC TSS_Socket_TransmitCommand(TSS_CONTEXT *tssContext, + uint32_t command, const char *message); + TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message); + TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libstb/tss2/ibmtpm20tss/utils/tsstbsi.c b/libstb/tss2/ibmtpm20tss/utils/tsstbsi.c new file mode 100644 index 000000000000..869c50878036 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsstbsi.c @@ -0,0 +1,295 @@ +/********************************************************************************/ +/* */ +/* Windows 10 Device Transmit and Receive Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifdef TPM_WINDOWS_TBSI + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include "tssproperties.h" + +/* local prototypes */ + +static uint32_t TSS_Tbsi_Open(TBS_CONTEXT_PARAMS2 *contextParams, + TBS_HCONTEXT *hContext); +static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message); +static void TSS_Tbsi_GetTBSError(const char *prefix, + TBS_RESULT rc); + + +/* global configuration */ + +extern int tssVverbose; +extern int tssVerbose; + +/* TSS_Dev_Transmit() transmits the command and receives the response. 'responseBuffer' must be at + least MAX_RESPONSE_SIZE bytes. + + Can return device transmit and receive packet errors, but normally returns the TPM response code. +*/ + +TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + TPM_RC rc = 0; + TBS_CONTEXT_PARAMS2 contextParams; + + if (rc == 0) { + contextParams.version = TBS_CONTEXT_VERSION_TWO; + if (!tssContext->tpm12Command) { /* TPM 2.0 command */ + contextParams.includeTpm12 = 0; + contextParams.includeTpm20 = 1; + } + else { /* TPM 1.2 command */ + contextParams.includeTpm12 = 1; + contextParams.includeTpm20 = 0; + } + } + *read = MAX_RESPONSE_SIZE; + /* open on first transmit */ + if (tssContext->tssFirstTransmit) { + if (rc == 0) { + rc = TSS_Tbsi_Open(&contextParams, &tssContext->hContext); + } + if (rc == 0) { + tssContext->tssFirstTransmit = FALSE; + } + } + /* send the command to the device. Error if the device send fails. */ + if (rc == 0) { + rc = TSS_Tbsi_SubmitCommand(tssContext->hContext, + responseBuffer, read, + commandBuffer, written, + message); + } + return rc; +} + +/* TSS_Tbsi_Open() opens the TPM device */ + +static uint32_t TSS_Tbsi_Open(TBS_CONTEXT_PARAMS2 *contextParams, + TBS_HCONTEXT *hContext) +{ + uint32_t rc = 0; + + if (rc == 0) { + /* cast is safe because caller sets the version member for the subclass */ + rc = Tbsi_Context_Create((TBS_CONTEXT_PARAMS *)contextParams, hContext); + if (tssVverbose) printf("TSS_Tbsi_Open: Tbsi_Context_Create rc %08x\n", rc); + if (rc != 0) { + if (tssVerbose) TSS_Tbsi_GetTBSError("TSS_Tbsi_Open: Error Tbsi_Context_Create ", rc); + rc = TSS_RC_NO_CONNECTION; + } + } + return rc; +} + +/* TSS_Tbsi_Submit_Command sends the command to the TPM and receives the response. + + If the submit succeeds, returns TPM packet error code. +*/ + +static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + uint32_t rc = 0; + TPM_RC responseCode; + + if (message != NULL) { + if (tssVverbose) printf("TSS_Tbsi_SubmitCommand: %s\n", message); + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Command", + commandBuffer, written); + } + if (rc == 0) { + rc = Tbsip_Submit_Command(hContext, + TBS_COMMAND_LOCALITY_ZERO, + TBS_COMMAND_PRIORITY_NORMAL, + commandBuffer, + written, + responseBuffer, + read); + if (rc != 0) { + TSS_Tbsi_GetTBSError("Tbsip_Submit_Command", rc); + rc = TSS_RC_BAD_CONNECTION; + + } + } + if (rc == 0) { + if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Response", + responseBuffer, *read); + } + /* read the TPM return code from the packet */ + if (rc == 0) { + uint8_t *bufferPtr; + uint32_t size; + + bufferPtr = responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t); /* skip to responseCode */ + size = sizeof(TPM_RC); /* dummy for call */ + rc = TSS_UINT32_Unmarshalu(&responseCode, &bufferPtr, &size); + } + if (rc == 0) { + rc = responseCode; + } + return rc; +} + +TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; + if (tssVverbose) printf("TSS_Dev_Close: Closing connection\n"); + rc = Tbsip_Context_Close(tssContext->hContext); + return rc; +} + +static void TSS_Tbsi_GetTBSError(const char *prefix, + TBS_RESULT rc) +{ + const char *error_string; + + switch (rc) { + + /* error codes from the TBS html docs */ + case TBS_SUCCESS: + error_string = "The function succeeded."; + break; + case TBS_E_INTERNAL_ERROR: + error_string = "An internal software error occurred."; + break; + case TBS_E_BAD_PARAMETER: + error_string = "One or more parameter values are not valid."; + break; + case TBS_E_INVALID_OUTPUT_POINTER: + error_string = "A specified output pointer is bad."; + break; + case TBS_E_INVALID_CONTEXT: + error_string = "The specified context handle does not refer to a valid context."; + break; + case TBS_E_INSUFFICIENT_BUFFER: + error_string = "The specified output buffer is too small."; + break; + case TBS_E_IOERROR: + error_string = "An error occurred while communicating with the TPM."; + break; + case TBS_E_INVALID_CONTEXT_PARAM: + error_string = "A context parameter that is not valid was passed when attempting to create a " + "TBS context."; + break; + case TBS_E_SERVICE_NOT_RUNNING: + error_string = "The TBS service is not running and could not be started."; + break; + case TBS_E_TOO_MANY_TBS_CONTEXTS: + error_string = "A new context could not be created because there are too many open contexts."; + break; + case TBS_E_TOO_MANY_RESOURCES: + error_string = "A new virtual resource could not be created because there are too many open " + "virtual resources."; + break; + case TBS_E_SERVICE_START_PENDING: + error_string = "The TBS service has been started but is not yet running."; + break; + case TBS_E_PPI_NOT_SUPPORTED: + error_string = "The physical presence interface is not supported."; + break; + case TBS_E_COMMAND_CANCELED: + error_string = "The command was canceled."; + break; + case TBS_E_BUFFER_TOO_LARGE: + error_string = "The input or output buffer is too large."; + break; + case TBS_E_TPM_NOT_FOUND: + error_string = "A compatible Trusted Platform Module (TPM) Security Device cannot be found " + "on this computer."; + break; + case TBS_E_SERVICE_DISABLED: + error_string = "The TBS service has been disabled."; + break; + case TBS_E_NO_EVENT_LOG: + error_string = "The TBS event log is not available."; + break; + case TBS_E_ACCESS_DENIED: + error_string = "The caller does not have the appropriate rights to perform the requested operation."; + break; + case TBS_E_PROVISIONING_NOT_ALLOWED: + error_string = "The TPM provisioning action is not allowed by the specified flags."; + break; + case TBS_E_PPI_FUNCTION_UNSUPPORTED: + error_string = "The Physical Presence Interface of this firmware does not support the " + "requested method."; + break; + case TBS_E_OWNERAUTH_NOT_FOUND: + error_string = "The requested TPM OwnerAuth value was not found."; + break; + + /* a few error codes from WinError.h */ + case TPM_E_COMMAND_BLOCKED: + error_string = "The command was blocked."; + break; + + default: + error_string = "unknown error type\n"; + break; + + } + printf("%s %s\n", prefix, error_string); + return; +} + +#endif /* TPM_WINDOWS_TBSI */ diff --git a/libstb/tss2/ibmtpm20tss/utils/tsstransmit.c b/libstb/tss2/ibmtpm20tss/utils/tsstransmit.c new file mode 100644 index 000000000000..36ef7ade7fc5 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tsstransmit.c @@ -0,0 +1,184 @@ +/********************************************************************************/ +/* */ +/* Transmit and Receive Utility */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2020. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This file contains the interface that is not platform or interface specific + */ + +#include +#include + +#include "tssproperties.h" +#ifndef TPM_NOSOCKET +#include "tsssocket.h" +#endif +#include +#include + +#include "tssdev.h" +#include + +extern int tssVverbose; +extern int tssVerbose; + +/* local prototypes */ + +/* TSS_TransmitPlatform() transmits an administrative out of band command to the TPM through the + platform port. + + Supported by the simulator, not the TPM device. +*/ + +TPM_RC TSS_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message) +{ + TPM_RC rc = 0; + +#ifndef TPM_NOSOCKET + if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { + rc = TSS_Socket_TransmitPlatform(tssContext, command, message); + } + else +#else + command = command; + message = message; +#endif + if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) { + if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + else { + if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + return rc; +} + +/* TSS_TransmitCommand() transmits an administrative in band command to the TPM through the + command port. + + Supported by the simulator, not the TPM device. +*/ + +TPM_RC TSS_TransmitCommand(TSS_CONTEXT *tssContext, uint32_t command, const char *message) +{ + TPM_RC rc = 0; + +#ifndef TPM_NOSOCKET + if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { + rc = TSS_Socket_TransmitCommand(tssContext, command, message); + } + else +#else + command = command; + message = message; +#endif + if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) { + if (tssVerbose) printf("TSS_TransmitCommand: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + else { + if (tssVerbose) printf("TSS_TransmitCommand: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + return rc; +} + +/* TSS_Transmit() transmits a TPM command packet and receives a response using the command port. + The command type is hard coded to TPM_SEND_COMMAND. + +*/ + +TPM_RC TSS_Transmit(TSS_CONTEXT *tssContext, + uint8_t *responseBuffer, uint32_t *read, + const uint8_t *commandBuffer, uint32_t written, + const char *message) +{ + TPM_RC rc = 0; + +#ifndef TPM_NOSOCKET + if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { + rc = TSS_Socket_Transmit(tssContext, + responseBuffer, read, + commandBuffer, written, + message); + } + else +#endif + if (strcmp(tssContext->tssInterfaceType, "dev") == 0) { + rc = TSS_Dev_Transmit(tssContext, + responseBuffer, read, + commandBuffer, written, + message); + } + else { + if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + return rc; +} + +/* TSS_Close() closes the connection to the TPM */ + +TPM_RC TSS_Close(TSS_CONTEXT *tssContext) +{ + TPM_RC rc = 0; + + /* only close if there was an open */ + if (!tssContext->tssFirstTransmit) { +#ifndef TPM_NOSOCKET + if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { + rc = TSS_Socket_Close(tssContext); + } + else +#endif + if (strcmp(tssContext->tssInterfaceType, "dev") == 0) { + rc = TSS_Dev_Close(tssContext); + } + else { + if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", + tssContext->tssInterfaceType); + rc = TSS_RC_INSUPPORTED_INTERFACE; + } + tssContext->tssFirstTransmit = TRUE; + } + return rc; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssutils.c b/libstb/tss2/ibmtpm20tss/utils/tssutils.c new file mode 100644 index 000000000000..29124c36e722 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssutils.c @@ -0,0 +1,364 @@ +/********************************************************************************/ +/* */ +/* TSS and Application Utilities */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: tssutils.c 1294 2018-08-09 19:08:34Z kgoldman $ */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2018 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#include +#include +#include +#include + +#ifdef TPM_POSIX +#include +#endif +#ifdef TPM_WINDOWS +#include +#endif + +#include +#include +#include +#include + +/* the TSS context must be larger when files are not used, since TSS object and NV state is held in + the volatile context. The major factor is the number of TSS_OBJECT_PUBLIC slots. See + tssproperties.c */ +#ifdef TPM_TSS_NOFILE +#define TSS_ALLOC_MAX 0x12000 /* 73k bytes */ +#else +#define TSS_ALLOC_MAX 0x10000 /* 64k bytes */ +#endif + +extern int tssVerbose; +extern int tssVverbose; + +/* TSS_Malloc() is a general purpose wrapper around malloc() + */ + +TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size) +{ + TPM_RC rc = 0; + + /* assertion test. The coding style requires that all allocated pointers are initialized to + NULL. A non-NULL value indicates either a missing initialization or a pointer reuse (a + memory leak). */ + if (rc == 0) { + if (*buffer != NULL) { + if (tssVerbose) + printf("TSS_Malloc: Error (fatal), *buffer %p should be NULL before malloc\n", + *buffer); + rc = TSS_RC_ALLOC_INPUT; + } + } + /* verify that the size is not "too large" */ + if (rc == 0) { + if (size > TSS_ALLOC_MAX) { + if (tssVerbose) printf("TSS_Malloc: Error, size %u greater than maximum allowed\n", + size); + rc = TSS_RC_MALLOC_SIZE; + } + } + /* verify that the size is not 0, this would be implementation defined and should never occur */ + if (rc == 0) { + if (size == 0) { + if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n"); + rc = TSS_RC_MALLOC_SIZE; + } + } + if (rc == 0) { + *buffer = malloc(size); + if (*buffer == NULL) { + if (tssVerbose) printf("TSS_Malloc: Error allocating %u bytes\n", size); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + return rc; +} + +TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size) +{ + TPM_RC rc = 0; + unsigned char *tmpptr = NULL; + + /* verify that the size is not "too large" */ + if (rc == 0) { + if (size > TSS_ALLOC_MAX) { + if (tssVerbose) printf("TSS_Realloc: Error, size %u greater than maximum allowed\n", + size); + rc = TSS_RC_MALLOC_SIZE; + } + } + /* verify that the size is not 0, this should never occur */ + if (rc == 0) { + if (size == 0) { + if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n"); + rc = TSS_RC_MALLOC_SIZE; + } + } + if (rc == 0) { + tmpptr = realloc(*buffer, size); + if (tmpptr == NULL) { + if (tssVerbose) printf("TSS_Realloc: Error reallocating %u bytes\n", size); + rc = TSS_RC_OUT_OF_MEMORY; + } + } + if (rc == 0) { + *buffer = tmpptr; + } + return rc; +} + + +/* TSS_Structure_Marshal() is a general purpose "marshal a structure" function. + + It marshals the structure using "marshalFunction", and returns the malloc'ed stream. + +*/ + +TPM_RC TSS_Structure_Marshal(uint8_t **buffer, /* freed by caller */ + uint16_t *written, + void *structure, + MarshalFunction_t marshalFunction) +{ + TPM_RC rc = 0; + uint8_t *buffer1 = NULL; /* for marshaling, moves pointer */ + + /* marshal once to calculates the byte length */ + if (rc == 0) { + *written = 0; + rc = marshalFunction(structure, written, NULL, NULL); + } + if (rc == 0) { + rc = TSS_Malloc(buffer, *written); + } + if (rc == 0) { + buffer1 = *buffer; + *written = 0; + rc = marshalFunction(structure, written, &buffer1, NULL); + } + return rc; +} + +/* TSS_TPM2B_Copy() copies source to target if the source fits the target size */ + +TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (source->size > targetSize) { + if (tssVerbose) printf("TSS_TPM2B_Copy: size %u greater than target %u\n", + source->size, targetSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + memmove(target->buffer, source->buffer, source->size); + target->size = source->size; + } + return rc; +} + +/* TSS_TPM2B_Append() appends the source TPM2B to the target TPM2B. + + It checks that the source fits the target size. The target size is the total size, not the size + remaining. +*/ + +TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (target->size + source->size > targetSize) { + if (tssVerbose) printf("TSS_TPM2B_Append: size %u greater than target %u\n", + target->size + source->size, targetSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + memmove(target->buffer + target->size, source->buffer, source->size); + target->size += source->size; + } + return rc; +} + +/* TSS_TPM2B_Create() copies the buffer of 'size' into target, checking targetSize */ + +TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (size > targetSize) { + if (tssVerbose) printf("TSS_TPM2B_Create: size %u greater than target %u\n", + size, targetSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + target->size = size; + if (size != 0) { /* because buffer can be NULL if size os 0 */ + memmove(target->buffer, buffer, size); + } + } + return rc; +} + +/* TSS_TPM2B_CreateUint32() creates a TPM2B from a uint32_t, typically a permanent handle */ + +TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (sizeof(uint32_t) > targetSize) { + if (tssVerbose) printf("TSS_TPM2B_CreateUint32: size %u greater than target %u\n", + (unsigned int)sizeof(uint32_t), targetSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + uint32_t sourceNbo = htonl(source); + memmove(target->buffer, (uint8_t *)&sourceNbo, sizeof(uint32_t)); + target->size = sizeof(uint32_t); + } + return rc; +} + +/* TSS_TPM2B_StringCopy() copies a NUL terminated string (omitting the NUL) from source to target. + + It checks that the string will fit in targetSize. + + If source is NULL, creates a TPM2B of size 0. +*/ + +TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize) +{ + TPM_RC rc = 0; + size_t length; + uint16_t length16; + + if (source != NULL) { + if (rc == 0) { + length = strlen(source); + if (length > 0xffff) { /* overflow TPM2B uint16_t */ + if (tssVerbose) printf("TSS_TPM2B_StringCopy: size %u greater than 0xffff\n", + (unsigned int)length); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + length16 = (uint16_t )length; /* cast safe after range test */ + if (length16 > targetSize) { + if (tssVerbose) printf("TSS_TPM2B_StringCopy: size %u greater than target %u\n", + length16, targetSize); + rc = TSS_RC_INSUFFICIENT_BUFFER; + } + } + if (rc == 0) { + target->size = length16; + memcpy(target->buffer, source, length); + } + } + else { + target->size = 0; + } + return rc; +} + +int TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual) +{ + int irc; + int match = YES; + + if (match == YES) { + if (expect->size != actual->size) { + match = NO; + } + } + if (match == YES) { + irc = memcmp(expect->buffer, actual->buffer, expect->size); + if (irc != 0) { + match = NO; + } + } + return match; +} + +/* TSS_GetDigestSize() returns the digest size in bytes based on the hash algorithm. + + Returns 0 for an unknown algorithm. +*/ + +/* NOTE: Marked as const function in header */ + +uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg) +{ + uint16_t size; + + switch (hashAlg) { +#ifdef TPM_ALG_SHA1 + case TPM_ALG_SHA1: + size = SHA1_DIGEST_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA256 + case TPM_ALG_SHA256: + size = SHA256_DIGEST_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA384 + case TPM_ALG_SHA384: + size = SHA384_DIGEST_SIZE; + break; +#endif +#ifdef TPM_ALG_SHA512 + case TPM_ALG_SHA512: + size = SHA512_DIGEST_SIZE; + break; +#endif +#if 0 + case TPM_ALG_SM3_256: + size = SM3_256_DIGEST_SIZE; + break; +#endif + default: + size = 0; + } + return size; +} diff --git a/libstb/tss2/ibmtpm20tss/utils/tssutilsverbose.c b/libstb/tss2/ibmtpm20tss/utils/tssutilsverbose.c new file mode 100644 index 000000000000..e7d1a328c93a --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/tssutilsverbose.c @@ -0,0 +1,43 @@ +/********************************************************************************/ +/* */ +/* tssUtilsVerbose Definition */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* This file is used for a minimal TSS that does not include the sample utilities code. */ + +/* verbose tracing flag shared by command line utilities */ + +int tssUtilsVerbose; diff --git a/libstb/tss2/ibmtpm20tss/utils/unseal.c b/libstb/tss2/ibmtpm20tss/utils/unseal.c new file mode 100644 index 000000000000..661f8b8c258d --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/unseal.c @@ -0,0 +1,253 @@ +/********************************************************************************/ +/* */ +/* Unseal */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + Unseal_In in; + Unseal_Out out; + TPMI_DH_OBJECT itemHandle = 0; + const char *outDataFilename = NULL; + const char *password = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (itemHandle == 0) { + printf("Missing handle parameter -ha\n"); + printUsage(); + } + if (rc == 0) { + in.itemHandle = itemHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_Unseal, + sessionHandle0, password, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (outDataFilename != NULL)) { + rc = TSS_File_WriteBinaryFile(out.outData.t.buffer, + out.outData.t.size, + outDataFilename); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_PrintAll("outData", + out.outData.t.buffer, + out.outData.t.size); + if (tssUtilsVerbose) printf("unseal: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("unseal: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("unseal\n"); + printf("\n"); + printf("Runs TPM2_Unseal\n"); + printf("\n"); + printf("\t-ha\tsealed data item handle\n"); + printf("\t[-pwd\tpassword sealed data item (default empty)]\n"); + printf("\t[-of\toutput data (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/verifysignature.c b/libstb/tss2/ibmtpm20tss/utils/verifysignature.c new file mode 100644 index 000000000000..31551abb3150 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/verifysignature.c @@ -0,0 +1,488 @@ +/********************************************************************************/ +/* */ +/* VerifySignature */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + +*/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "cryptoutils.h" + +static void printUsage(void); +TPM_RC rawUnmarshal(TPMT_SIGNATURE *target, + TPMI_ALG_PUBLIC algPublic, + TPMI_ALG_HASH halg, + uint8_t *buffer, size_t length); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + VerifySignature_In in; + VerifySignature_Out out; + TPMI_DH_OBJECT keyHandle = 0; + const char *pemFilename = NULL; + const char *hmacKeyFilename = NULL; + const char *signatureFilename = NULL; + TPMI_ALG_HASH halg = TPM_ALG_SHA256; + TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; + const char *messageFilename = NULL; + int doHash = TRUE; + const char *ticketFilename = NULL; + int raw = FALSE; /* default TPMT_SIGNATURE */ + unsigned char *data = NULL; /* message */ + size_t dataLength; + uint8_t *buffer = NULL; /* for the free */ + uint8_t *buffer1 = NULL; /* for marshaling */ + size_t length = 0; + uint32_t sizeInBytes; /* hash algorithm mapped to size */ + TPMT_HA digest; /* digest of the message */ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if ((keyHandle == 0) && (pemFilename == NULL) && (hmacKeyFilename == NULL)) { + printf("Missing handle parameter -hk, PEM file name -ipem, or HMAC key file name -ihmac\n"); + printUsage(); + } + if (messageFilename == NULL) { + printf("Missing message file name -if or hash file name -ih\n"); + printUsage(); + } + if (signatureFilename == NULL) { + printf("Missing signature parameter -is\n"); + printUsage(); + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&data, /* freed @1 */ + &dataLength, + messageFilename); + } + /* hash the file */ + if (rc == 0) { + if (doHash) { + if (rc == 0) { + if (tssUtilsVerbose) printf("verifysignature: Hashing message file %s with halg %04x\n", + messageFilename, halg); + digest.hashAlg = halg; + sizeInBytes = TSS_GetDigestSize(digest.hashAlg); + rc = TSS_Hash_Generate(&digest, + dataLength, data, + 0, NULL); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("verifysignature: Copying hash\n"); + /* digest to be verified */ + in.digest.t.size = sizeInBytes; + memcpy(&in.digest.t.buffer, (uint8_t *)&digest.digest, sizeInBytes); + } + } + else { + if (tssUtilsVerbose) printf("verifysignature: Using hash input file %s\n", messageFilename); + in.digest.t.size = (uint16_t)dataLength; + memcpy(&in.digest.t.buffer, (uint8_t *)data, dataLength); + } + if (rc == 0) { + if (tssUtilsVerbose) TSS_PrintAll("verifysignature: hash", + (uint8_t *)&in.digest.t.buffer, in.digest.t.size); + } + } + if (rc == 0) { + rc = TSS_File_ReadBinaryFile(&buffer, /* freed @2 */ + &length, + signatureFilename); + } + if (rc == 0) { + if (!raw) { + uint32_t ilength = length; /* values that can move during the unmarshal */ + buffer1 = buffer; + /* input is TPMT_SIGNATURE */ + rc = TSS_TPMT_SIGNATURE_Unmarshalu(&in.signature, &buffer1, &ilength, NO); + } + else { + /* input is raw bytes */ + rc = rawUnmarshal(&in.signature, algPublic, halg, buffer, length); + } + } + if (keyHandle != 0) { + if (rc == 0) { + /* Handle of key that will perform verifying */ + in.keyHandle = keyHandle; + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_VerifySignature, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (ticketFilename != NULL)) { + rc = TSS_File_WriteStructure(&out.validation, + (MarshalFunction_t)TSS_TPMT_TK_VERIFIED_Marshalu, + ticketFilename); + } + } + if (pemFilename != NULL) { + if (rc == 0) { + rc = verifySignatureFromPem((uint8_t *)&in.digest.t.buffer, + in.digest.t.size, + &in.signature, + halg, + pemFilename); + } + if (tssUtilsVerbose) printf("verifysignature: verifySignatureFromPem rc %08x\n", rc); + } + if (hmacKeyFilename != NULL) { + if (rc == 0) { + rc = verifySignatureFromHmacKey((uint8_t *)&in.digest.t.buffer, + in.digest.t.size, + &in.signature, + halg, + hmacKeyFilename); + } + if (tssUtilsVerbose) printf("verifysignature: verifySignatureFromHmacKey rc %08x\n", rc); + } + if (rc == 0) { + if (tssUtilsVerbose) printf("verifysignature: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("verifysignature: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + free(data); /* @1 */ + free(buffer); /* @2 */ + return rc; +} + +/* rawUnmarshal() unmarshals a raw openssl signature 'buffer' into the TPMT_SIGNATURE structure. + + It handles RSA and ECC P256. +*/ + +TPM_RC rawUnmarshal(TPMT_SIGNATURE *tSignature, + TPMI_ALG_PUBLIC algPublic, + TPMI_ALG_HASH halg, + uint8_t *signatureBin, size_t signatureBinLen) +{ + TPM_RC rc = 0; + switch (algPublic) { + case TPM_ALG_RSA: + rc = convertRsaBinToTSignature(tSignature, + halg, + signatureBin, + signatureBinLen); + break; +#ifndef TPM_TSS_NOECC + case TPM_ALG_ECC: + /* TPM_ALG_ECC, the raw signature is DER encoded R and S elements */ + rc = convertEcBinToTSignature(tSignature, + halg, + signatureBin, + signatureBinLen); + break; +#endif /* TPM_TSS_NOECC */ + default: + printf("rawUnmarshal: algorithm %04x not supported\n", algPublic); + rc = TPM_RC_ASYMMETRIC; + } + return rc; +} + +static void printUsage(void) +{ + printf("\n"); + printf("verifysignature\n"); + printf("\n"); + printf("Runs TPM2_VerifySignature and/or verifies using the PEM public key\n"); + printf("\n"); + printf("\t-if\tinput message file name\n"); + printf("\t-ih\tinput hash file name\n"); + printf("\n"); + printf("\t\tOne of -if, -ih must be specified\n"); + printf("\n"); + printf("\t-is\tsignature file name\n"); + printf("\t[-raw\tsignature specified by -is is in raw format]\n"); + printf("\t\t(default TPMT_SIGNATURE)\n"); + printf("\t-hk\tkey handle\n"); + printf("\t-ipem\tpublic key PEM format file name to verify signature\n"); + printf("\t-ihmac\tHMAC key in raw binary format file name to verify signature\n"); + printf("\n"); + printf("\t\tOne of -hk, -ipem, -ihmac must be specified\n"); + printf("\n"); + printf("\t[-tk\tticket file name (requires -hk)]\n"); + printf("\n"); + printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n"); + printf("\n"); + printf("\t[Asymmetric Key Algorithm]\n"); + printf("\n"); + printf("\t[-rsa\t(default)]\n"); + printf("\t[-ecc\t]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default NULL)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t80\taudit\n"); + exit(1); +} diff --git a/libstb/tss2/ibmtpm20tss/utils/writeapp.c b/libstb/tss2/ibmtpm20tss/utils/writeapp.c new file mode 100644 index 000000000000..151a2630191c --- /dev/null +++ b/libstb/tss2/ibmtpm20tss/utils/writeapp.c @@ -0,0 +1,416 @@ +/********************************************************************************/ +/* */ +/* NV Write Application */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* + Demo application, and test of "no file TSS" + + Create an EK for the salt + + Start a session, salt with EK + + Define an NV index, salted session + + Flush the session + + Start a session, salt with EK, bind to unwritten NV index + + Write NV, changes the Name, bound, salt, encrypt session + + Start a session, salt with EK, bind to written NV index + + Write NV, bound, salt, encrypt session + + Undefine NV index + + Flush EK +*/ + +#define NVINDEX 0x01000000 +#define NVPWD "pwd" + +#include +#include +#include +#include + +#include +#include +#include +#include "ekutils.h" +#include "cryptoutils.h" + +static TPM_RC nvReadPublic(TSS_CONTEXT *tssContext); +static TPM_RC startSession(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION *sessionHandle, + TPMI_DH_OBJECT tpmKey, + TPMI_DH_ENTITY bind); +static TPM_RC flush(TSS_CONTEXT *tssContext, + TPMI_DH_CONTEXT flushHandle); +static TPM_RC defineSpace(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC nvWrite(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); +static TPM_RC undefineSpace(TSS_CONTEXT *tssContext, + TPMI_SH_AUTH_SESSION sessionHandle); + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + TSS_CONTEXT *tssContext = NULL; + int pwSession = FALSE; /* default HMAC session */ + TPM_HANDLE ekKeyHandle = TPM_RH_NULL; /* primary key handle */ + TPMI_SH_AUTH_SESSION sessionHandle = TPM_RH_NULL; + + int i; /* argc iterator */ + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + for (i=1 ; (i +#include +#include +#include + +#include +#include +#include +#include +#include + +static void printUsage(void); + +extern int tssUtilsVerbose; + +int main(int argc, char *argv[]) +{ + TPM_RC rc = 0; + int i; /* argc iterator */ + TSS_CONTEXT *tssContext = NULL; + ZGen_2Phase_In in; + ZGen_2Phase_Out out; + TPMI_DH_OBJECT keyHandle = 0; + const char *qsbFilename = NULL; + const char *qebFilename = NULL; + const char *counterFilename = NULL; + const char *z1Filename = NULL; + const char *z2Filename = NULL; + const char *keyPassword = NULL; + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + unsigned int sessionAttributes0 = 0; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + unsigned int sessionAttributes1 = 0; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes2 = 0; + + setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); + tssUtilsVerbose = FALSE; + + /* command line argument defaults */ + in.inScheme = TPM_ALG_ECDH; + + for (i=1 ; (i 0xff) { + printf("Out of range session attributes for -se0\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se0\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se1") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle1); + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes1); + if (sessionAttributes1 > 0xff) { + printf("Out of range session attributes for -se1\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se1\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-se2") == 0) { + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionHandle2); + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + i++; + if (i < argc) { + sscanf(argv[i],"%x", &sessionAttributes2); + if (sessionAttributes2 > 0xff) { + printf("Out of range session attributes for -se2\n"); + printUsage(); + } + } + else { + printf("Missing parameter for -se2\n"); + printUsage(); + } + } + else if (strcmp(argv[i],"-h") == 0) { + printUsage(); + } + else if (strcmp(argv[i],"-v") == 0) { + tssUtilsVerbose = TRUE; + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + } + else { + printf("\n%s is not a valid option\n", argv[i]); + printUsage(); + } + } + if (keyHandle == 0) { + printf("Missing handle parameter -hk\n"); + printUsage(); + } + if (qsbFilename == NULL) { + printf("Missing handle parameter -qsb\n"); + printUsage(); + } + if (qebFilename == NULL) { + printf("Missing handle parameter -qeb\n"); + printUsage(); + } + if (counterFilename == NULL) { + printf("Missing handle parameter -cf\n"); + printUsage(); + } + if (rc == 0) { + in.keyA = keyHandle; + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.inQsB, + (UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu, + qsbFilename); + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.inQeB, + (UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu, + qebFilename); + } + if (rc == 0) { + rc = TSS_File_ReadStructure(&in.counter, + (UnmarshalFunction_t)TSS_UINT16_Unmarshalu, + counterFilename); + } + /* Start a TSS context */ + if (rc == 0) { + rc = TSS_Create(&tssContext); + } + /* call TSS to execute the command */ + if (rc == 0) { + rc = TSS_Execute(tssContext, + (RESPONSE_PARAMETERS *)&out, + (COMMAND_PARAMETERS *)&in, + NULL, + TPM_CC_ZGen_2Phase, + sessionHandle0, keyPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + } + { + TPM_RC rc1 = TSS_Delete(tssContext); + if (rc == 0) { + rc = rc1; + } + } + if ((rc == 0) && (z1Filename != NULL)) { + rc = TSS_File_WriteStructure(&out.outZ1, + (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu, + z1Filename); + + + } + if ((rc == 0) && (z2Filename != NULL)) { + rc = TSS_File_WriteStructure(&out.outZ2, + (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu, + z2Filename); + + + } + if (rc == 0) { + if (tssUtilsVerbose) printf("zgen2phase: success\n"); + } + else { + const char *msg; + const char *submsg; + const char *num; + printf("zgen2phase: failed, rc %08x\n", rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); + rc = EXIT_FAILURE; + } + return rc; +} + + +static void printUsage(void) +{ + printf("\n"); + printf("zgen2phase\n"); + printf("\n"); + printf("Runs TPM2_ZGen_2Phase\n"); + printf("\n"); + printf("\t-hk\tunrestricted decryption key handle\n"); + printf("\t[-pwdk\tpassword for key (default empty)]\n"); + printf("\t-qsb\tQsB point input file name\n"); + printf("\t-qeb\tQeB point input file name\n"); + printf("\t-cf\tcounter file name\n"); + printf("\t[-scheme\t(default ecdh)]\n"); + printf("\t\tecdh\n"); + printf("\t\tecmqv\n"); + printf("\t\tsm2\n"); + printf("\t[-z1\tZ1 output data file name (default do not save)]\n"); + printf("\t[-z2\tZ2 output data file name (default do not save)]\n"); + printf("\n"); + printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); + printf("\t01\tcontinue\n"); + printf("\t20\tcommand decrypt\n"); + printf("\t40\tresponse encrypt\n"); + exit(1); +} + + +