Changeset 108933 in vbox

Timestamp:

Apr 10, 2025 12:55:45 PM (4 weeks ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

168442

Message:

libtpms-0.10.0: Applying manually extracted changes from v0.9.6. ​jiraref:VBP-1320

Location:

trunk/src/libs/libtpms-0.10.0

Files:

• .gitignore (deleted)
• Makefile.kmk (modified) (1 diff)
• config.h (modified) (5 diffs)
• src/compiler.h (modified) (1 diff)
• src/tpm12/tpm_crypto.c (modified) (1 diff)
• src/tpm12/tpm_time.c (modified) (3 diffs)
• src/tpm2/BnMath.c (modified) (25 diffs)
• src/tpm2/Clock.c (modified) (14 diffs)
• src/tpm2/ContextCommands.c (modified) (22 diffs)
• src/tpm2/GpMacros.h (modified) (3 diffs)
• src/tpm2/HashTestData.h (modified) (1 diff)
• src/tpm2/NVMarshal.c (modified) (114 diffs)
• src/tpm2/Platform_fp.h (modified) (2 diffs)
• src/tpm2/TPMCmdp.c (modified) (4 diffs)
• src/tpm2/TpmProfile.h (modified) (3 diffs)
• src/tpm2/Volatile.c (modified) (1 diff)
• src/tpm_library.c (modified) (1 diff)
• src/tpm_library_conf.h (modified) (2 diffs)
• src/tpm_library_intern.h (modified) (1 diff)

trunk/src/libs/libtpms-0.10.0/Makefile.kmk ¶

@@ -29 +29 @@
 include $(KBUILD_PATH)/subheader.kmk
 
-VBOX_PATH_LIBTPMS = $(PATH_ROOT)/src/libs/libtpms-0.9.6
+VBOX_PATH_LIBTPMS = $(PATH_ROOT)/src/libs/libtpms-0.10.0
 
 LIBRARIES += VBox-libtpms_tpm12 VBox-libtpms_tpm2 VBox-libtpms

trunk/src/libs/libtpms-0.10.0/config.h ¶

@@ -17 +17 @@
 #define HAVE_LIBCRYPTO 1
 
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
 /* Define to 1 if you have the <openssl/aes.h> header file. */
-#define HAVE_OPENSSL_AES_H 1
+/* #undef HAVE_OPENSSL_AES_H */
 
 /* Define to 1 if you have the <plbase64.h> header file. */
@@ -28 +31 @@
 /* Define to 1 if you have the <stdint.h> header file. */
 #define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdio.h> header file. */
-#define HAVE_STDIO_H 1
 
 /* Define to 1 if you have the <stdlib.h> header file. */
@@ -63 +63 @@
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "libtpms 0.9.0"
+#define PACKAGE_STRING "libtpms 0.10.0"
 
 /* Define to the one symbol short name of this package. */
@@ -72 +72 @@
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "0.9.0"
+#define PACKAGE_VERSION "0.10.0"
 
-/* Define to 1 if all of the C90 standard headers exist (not just the ones
-   required in a freestanding environment). This macro is provided for
-   backward compatibility; new code need not use it. */
+/* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
@@ -86 +84 @@
 
 /* Version number of package */
-#define VERSION "0.9.0"
+#define VERSION "0.10.0"
 
 /* With TPM 1.2 support */

trunk/src/libs/libtpms-0.10.0/src/compiler.h ¶

@@ -40 +40 @@
 
 #ifndef VBOX
-#ifndef __clang__
-# define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK) \
-  __attribute__((format (printf, STRING_IDX, FIRST_TO_CHECK)))
+  #ifndef __clang__
+  # define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK) \
+    __attribute__((format (printf, STRING_IDX, FIRST_TO_CHECK)))
+  #else
+  # define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK) \
+    __attribute__((__format__ (__printf__, STRING_IDX, FIRST_TO_CHECK)))
+  #endif
+  #ifdef __GNUC__ /* gcc and clang */
+  # define LIBTPMS_ATTR_UNUSED __attribute__((unused))
+  #endif
 #else
-# define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK) \
-  __attribute__((__format__ (__printf__, STRING_IDX, FIRST_TO_CHECK)))
-#endif
-#else
-# define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK)
+  # define ATTRIBUTE_FORMAT(STRING_IDX, FIRST_TO_CHECK)
 #endif
 

trunk/src/libs/libtpms-0.10.0/src/tpm12/tpm_crypto.c ¶

@@ -51 +51 @@
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
+
 #ifdef VBOX
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
+  #include <openssl/rsa.h>
+  #include <openssl/err.h>
+  #include <openssl/obj_mac.h>
 #endif
 

trunk/src/libs/libtpms-0.10.0/src/tpm12/tpm_time.c ¶

@@ +1 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              Time Utilities                                  */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: tpm_time.c 4648 2011-10-25 19:22:18Z kgoldman $              */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2006, 2010.                                    */
+/*                                                                              */
+/* All rights reserved.                                                         */
+/*                                                                              */
+/* Redistribution and use in source and binary forms, with or without           */
 /********************************************************************************/
 /*                                                                              */
@@ -76 +88 @@
     return rc;
 }
+
 #endif
 #else
 # include <iprt/time.h>
-
+ 
 TPM_RESULT TPM_GetTimeOfDay(uint32_t *tv_sec, uint32_t *tv_usec)
 {
@@ -85 +98 @@
     RTTIMESPEC Timespec;
     int64_t i64Us;
-
+ 
     RTTimeNow(&Timespec);
     i64Us = RTTimeSpecGetMicro(&Timespec);

trunk/src/libs/libtpms-0.10.0/src/tpm2/BnMath.c ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: BnMath.c 1529 2019-11-21 23:29:01Z kgoldman $                */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2019                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
-/* 10.2.3 BnMath.c */
-
-/* 10.2.3.1     Introduction */
-/* The simulator code uses the canonical form whenever possible in order to make the code in Part 3
-   more accessible. The canonical data formats are simple and not well suited for complex big number
-   computations. When operating on big numbers, the data format is changed for easier
-   manipulation. The format is native words in little-endian format. As the magnitude of the number
-   decreases, the length of the array containing the number decreases but the starting address
-   doesn't change. */
-/* The functions in this file perform simple operations on these big numbers. Only the more complex
-   operations are passed to the underlying support library. Although the support library would have
-   most of these functions, the interface code to convert the format for the values is greater than
-   the size of the code to implement the functions here. So, rather than incur the overhead of
-   conversion, they are done here. */
-/* If an implementer would prefer, the underlying library can be used simply by making code
-   substitutions here. */
-/* NOTE: There is an intention to continue to augment these functions so that there would be no need
-   to use an external big number library. */
-/* Many of these functions have no error returns and will always return TRUE. This is to allow them
-   to be used in guarded sequences. That is: OK = OK || BnSomething(s); where the BnSomething()
-   function should not be called if OK isn't true. */
-
-/* 10.2.3.2 Includes */
-#include "Tpm.h"
-/* A constant value of zero as a stand in for NULL bigNum values */
-const bignum_t   BnConstZero = {1, 0, {0}};
-/* 10.2.3.3 Functions */
-/* 10.2.3.3.1 AddSame() */
-/* Adds two values that are the same size. This function allows result to be the same as either of
-   the addends. This is a nice function to put into assembly because handling the carry for
-   multi-precision stuff is not as easy in C (unless there is a REALLY smart compiler). It would be
-   nice if there were idioms in a language that a compiler could recognize what is going on and
-   optimize loops like this. */
-/* Return Values Meaning */
-/* 0 no carry out */
-/* 1 carry out */
-static BOOL
-AddSame(
-        crypt_uword_t           *result,
-        const crypt_uword_t     *op1,
-        const crypt_uword_t     *op2,
-        int                      count
-        )
-{
-    int         carry = 0;
-    int         i;
+//** Introduction
+// The simulator code uses the canonical form whenever possible in order to make
+// the code in Part 3 more accessible. The canonical data formats are simple and
+// not well suited for complex big number computations. When operating on big
+// numbers, the data format is changed for easier manipulation. The format is native
+// words in little-endian format. As the magnitude of the number decreases, the
+// length of the array containing the number decreases but the starting address
+// doesn't change.
+//
+// The functions in this file perform simple operations on these big numbers. Only
+// the more complex operations are passed to the underlying support library.
+// Although the support library would have most of these functions, the interface
+// code to convert the format for the values is greater than the size of the
+// code to implement the functions here. So, rather than incur the overhead of
+// conversion, they are done here.
+//
+// If an implementer would prefer, the underlying library can be used simply by
+// making code substitutions here.
+//
+// NOTE: There is an intention to continue to augment these functions so that there
+// would be no need to use an external big number library.
+//
+// Many of these functions have no error returns and will always return TRUE. This
+// is to allow them to be used in "guarded" sequences. That is:
+//    OK = OK || BnSomething(s);
+// where the BnSomething() function should not be called if OK isn't true.
+
+//** Includes
+#include "Tpm.h"                // libtpms: for CryptRand.h
+#include "TpmMath_Util_fp.h"
+#include "TpmBigNum.h"
+extern BOOL g_inFailureMode;  // can't use global.h because we can't use tpm.h
+
+// A constant value of zero as a stand in for NULL bigNum values
+const bignum_t BnConstZero = {1, 0, {0}};
+
+//** Functions
+
+//*** AddSame()
+// Adds two values that are the same size. This function allows 'result' to be
+// the same as either of the addends. This is a nice function to put into assembly
+// because handling the carry for multi-precision stuff is not as easy in C
+// (unless there is a REALLY smart compiler). It would be nice if there were idioms
+// in a language that a compiler could recognize what is going on and optimize
+// loops like this.
+//  Return Type: int
+//      0           no carry out
+//      1           carry out
+static BOOL AddSame(crypt_uword_t*       result,
+                    const crypt_uword_t* op1,
+                    const crypt_uword_t* op2,
+                    int                  count)
+{
+    int carry = 0;
+    int i;
+
     for(i = 0; i < count; i++)
         {
-            crypt_uword_t        a = op1[i];
-            crypt_uword_t        sum = a + op2[i];
-            result[i] = sum + carry;
+            crypt_uword_t a   = op1[i];
+            crypt_uword_t sum = a + op2[i];
+            result[i]         = sum + carry;
             // generate a carry if the sum is less than either of the inputs
             // propagate a carry if there was a carry and the sum + carry is zero
@@ -120 +129 @@
     return carry;
 }
-/* 10.2.3.3.2 CarryProp() */
-/* Propagate a carry */
-static int
-CarryProp(
-          crypt_uword_t           *result,
-          const crypt_uword_t     *op,
-          int                      count,
-          int                      carry
-          )
+
+//*** CarryProp()
+// Propagate a carry
+static int CarryProp(
+                     crypt_uword_t* result, const crypt_uword_t* op, int count, int carry)
 {
     for(; count; count--)
@@ -134 +139 @@
     return carry;
 }
-static void
-CarryResolve(
-             bigNum          result,
-             int             stop,
-             int             carry
-             )
+
+static void CarryResolve(bigNum result, int stop, int carry)
 {
     if(carry)
@@ -148 +149 @@
     BnSetTop(result, stop);
 }
-/* 10.2.3.3.3 BnAdd() */
-/* This function adds two bigNum values. Always returns TRUE */
-LIB_EXPORT BOOL
-BnAdd(
-      bigNum           result,
-      bigConst         op1,
-      bigConst         op2
-      )
-{
-    crypt_uword_t    stop;
-    int              carry;
-    const bignum_t   *n1 = op1;
-    const bignum_t   *n2 = op2;
+
+//*** BnAdd()
+// This function adds two bigNum values. This function always returns TRUE.
+LIB_EXPORT BOOL BnAdd(bigNum result, bigConst op1, bigConst op2)
+{
+    crypt_uword_t   stop;
+    int             carry;
+    const bignum_t* n1 = op1;
+    const bignum_t* n2 = op2;
+
     //
     if(n2->size > n1->size)
@@ -168 +166 @@
         }
     pAssert(result->allocated >= n1->size);
-    stop = MIN(n1->size, n2->allocated);
+    stop  = MIN(n1->size, n2->allocated);
     carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop);
     if(n1->size > stop)
-        carry = CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry);
+        carry =
+            CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry);
     CarryResolve(result, (int)n1->size, carry);
     return TRUE;
 }
-/* 10.2.3.3.4 BnAddWord() */
-/* Adds a word value to a bigNum. */
-LIB_EXPORT BOOL
-BnAddWord(
-          bigNum           result,
-          bigConst         op,
-          crypt_uword_t    word
-          )
-{
-    int              carry;
+
+//*** BnAddWord()
+// This function adds a word value to a bigNum. This function always returns TRUE.
+LIB_EXPORT BOOL BnAddWord(bigNum result, bigConst op, crypt_uword_t word)
+{
+    int carry;
     //
     carry = (result->d[0] = op->d[0] + word) < word;
@@ -191 +186 @@
     return TRUE;
 }
-/* 10.2.3.3.5 SubSame() */
-/* Subtract two values that have the same size. */
-static int
-SubSame(
-        crypt_uword_t           *result,
-        const crypt_uword_t     *op1,
-        const crypt_uword_t     *op2,
-        int                      count
-        )
-{
-    int                  borrow = 0;
-    int                  i;
+
+//*** SubSame()
+// This function subtracts two values that have the same size.
+static int SubSame(crypt_uword_t*       result,
+                   const crypt_uword_t* op1,
+                   const crypt_uword_t* op2,
+                   int                  count)
+{
+    int borrow = 0;
+    int i;
     for(i = 0; i < count; i++)
         {
-            crypt_uword_t    a = op1[i];
-            crypt_uword_t    diff = a - op2[i];
-            result[i] = diff - borrow;
+            crypt_uword_t a    = op1[i];
+            crypt_uword_t diff = a - op2[i];
+            result[i]          = diff - borrow;
             //       generate   |      propagate
             borrow = (diff > a) | ((diff == 0) & borrow);
@@ -213 +206 @@
     return borrow;
 }
-/* 10.2.3.3.6 BorrowProp() */
-/* This propagates a borrow. If borrow is true when the end of the array is reached, then it means
-   that op2 was larger than op1 and we don't handle that case so an assert is generated. This design
-   choice was made because our only bigNum computations are on large positive numbers (primes) or on
-   fields. Propagate a borrow. */
-static int
-BorrowProp(
-           crypt_uword_t           *result,
-           const crypt_uword_t     *op,
-           int                      size,
-           int                      borrow
-           )
+
+//*** BorrowProp()
+// This propagates a borrow. If borrow is true when the end
+// of the array is reached, then it means that op2 was larger than
+// op1 and we don't handle that case so an assert is generated.
+// This design choice was made because our only bigNum computations
+// are on large positive numbers (primes) or on fields.
+// Propagate a borrow.
+static int BorrowProp(
+                      crypt_uword_t* result, const crypt_uword_t* op, int size, int borrow)
 {
     for(; size > 0; size--)
@@ -230 +221 @@
     return borrow;
 }
-/* 10.2.3.3.7 BnSub() */
-/* This function does subtraction of two bigNum values and returns result = op1 - op2 when op1 is
-   greater than op2. If op2 is greater than op1, then a fault is generated. This function always
-   returns TRUE. */
-
-LIB_EXPORT BOOL
-BnSub(
-      bigNum           result,
-      bigConst         op1,
-      bigConst         op2
-      )
-{
-    int             borrow;
-    int             stop = (int)MIN(op1->size, op2->allocated);
+
+//*** BnSub()
+// This function does subtraction of two bigNum values and returns result = op1 - op2
+// when op1 is greater than op2. If op2 is greater than op1, then a fault is
+// generated. This function always returns TRUE.
+LIB_EXPORT BOOL BnSub(bigNum result, bigConst op1, bigConst op2)
+{
+    int borrow;
+    int stop = (int)MIN(op1->size, op2->allocated);
     //
     // Make sure that op2 is not obviously larger than op1
@@ -249 +235 @@
     borrow = SubSame(result->d, op1->d, op2->d, stop);
     if(op1->size > (crypt_uword_t)stop)
-        borrow = BorrowProp(&result->d[stop], &op1->d[stop], (int)(op1->size - stop),
-                            borrow);
+        borrow = BorrowProp(
+                            &result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow);
     pAssert(!borrow);
     BnSetTop(result, op1->size);
     return TRUE;
 }
-/* 10.2.3.3.8 BnSubWord() */
-/* This function subtracts a word value from a bigNum. This function always returns TRUE. */
-LIB_EXPORT BOOL
-BnSubWord(
-          bigNum           result,
-          bigConst     op,
-          crypt_uword_t    word
-          )
-{
-    int             borrow;
+
+//*** BnSubWord()
+// This function subtracts a word value from a bigNum. This function always
+// returns TRUE.
+LIB_EXPORT BOOL BnSubWord(bigNum result, bigConst op, crypt_uword_t word)
+{
+    int borrow;
     //
     pAssert(op->size > 1 || word <= op->d[0]);
-    borrow = word > op->d[0];
+    borrow       = word > op->d[0];
     result->d[0] = op->d[0] - word;
-    borrow = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow);
+    borrow       = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow);
     pAssert(!borrow);
     BnSetTop(result, op->size);
     return TRUE;
 }
-/* 10.2.3.3.9 BnUnsignedCmp() */
-/* This function performs a comparison of op1 to op2. The compare is approximately constant time if
-   the size of the values used in the compare is consistent across calls (from the same line in the
-   calling code). */
-/* Return Values Meaning */
-/* < 0 op1 is less than op2 */
-/* 0 op1 is equal to op2 */
-/* > 0 op1 is greater than op2 */
-LIB_EXPORT int
-BnUnsignedCmp(
-              bigConst               op1,
-              bigConst               op2
-              )
-{
-    int             retVal;
-    int             diff;
-    int              i;
+
+//*** BnUnsignedCmp()
+// This function performs a comparison of op1 to op2. The compare is approximately
+// constant time if the size of the values used in the compare is consistent
+// across calls (from the same line in the calling code).
+//  Return Type: int
+//      < 0             op1 is less than op2
+//      0               op1 is equal to op2
+//      > 0             op1 is greater than op2
+LIB_EXPORT int BnUnsignedCmp(bigConst op1, bigConst op2)
+{
+    int retVal;
+    int diff;
+    int i;
     //
     pAssert((op1 != NULL) && (op2 != NULL));
@@ -298 +278 @@
             for(i = (int)(op1->size - 1); i >= 0; i--)
                 {
-                    diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]);
+                    diff   = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]);
                     retVal = retVal == 0 ? diff : retVal;
                 }
@@ -306 +286 @@
     return retVal;
 }
-/* 10.2.3.3.10 BnUnsignedCmpWord() */
-/* Compare a bigNum to a crypt_uword_t. */
-/* Return Value Meaning */
-/* -1   op1 is less that word */
-/* 0    op1 is equal to word */
-/* 1    op1 is greater than word */
-LIB_EXPORT int
-BnUnsignedCmpWord(
-                  bigConst             op1,
-                  crypt_uword_t        word
-                  )
+
+//*** BnUnsignedCmpWord()
+// Compare a bigNum to a crypt_uword_t.
+//  Return Type: int
+//      -1              op1 is less that word
+//      0               op1 is equal to word
+//      1               op1 is greater than word
+LIB_EXPORT int BnUnsignedCmpWord(bigConst op1, crypt_uword_t word)
 {
     if(op1->size > 1)
@@ -322 +299 @@
     else if(op1->size == 1)
         return (op1->d[0] < word) ? -1 : (op1->d[0] > word);
-    else // op1 is zero
+    else  // op1 is zero
         // equal if word is zero
         return (word == 0) ? 0 : -1;
 }
-/* 10.2.3.3.11 BnModWord() */
-/* This function does modular division of a big number when the modulus is a word value. */
-LIB_EXPORT crypt_word_t
-BnModWord(
-          bigConst         numerator,
-          crypt_word_t     modulus
-          )
+
+//*** BnModWord()
+// This function does modular division of a big number when the modulus is a
+// word value.
+LIB_EXPORT crypt_word_t BnModWord(bigConst numerator, crypt_word_t modulus)
 {
     BN_MAX(remainder);
@@ -342 +317 @@
     return remainder->d[0];
 }
-/* 10.2.3.3.12 Msb() */
-/* Returns the bit number of the most significant bit of a crypt_uword_t. The number for the least
-   significant bit of any bigNum value is 0. The maximum return value is RADIX_BITS - 1, */
-/* Return Values Meaning */
-/* -1 the word was zero */
-/* n the bit number of the most significant bit in the word */
-LIB_EXPORT int
-Msb(
-    crypt_uword_t           word
-    )
-{
-    int             retVal = -1;
+
+//*** Msb()
+// This function returns the bit number of the most significant bit of a
+// crypt_uword_t. The number for the least significant bit of any bigNum value is 0.
+// The maximum return value is RADIX_BITS - 1,
+//  Return Type: int
+//      -1              the word was zero
+//      n               the bit number of the most significant bit in the word
+static int Msb(crypt_uword_t word)
+{
+    int retVal = -1;
     //
 #if RADIX_BITS == 64
-    if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; }
+    if(word & 0xffffffff00000000)
+        {
+            retVal += 32;
+            word >>= 32;
+        }
 #endif
-    if(word & 0xffff0000) { retVal += 16; word >>= 16; }
-    if(word & 0x0000ff00) { retVal += 8; word >>= 8; }
-    if(word & 0x000000f0) { retVal += 4; word >>= 4; }
-    if(word & 0x0000000c) { retVal += 2; word >>= 2; }
-    if(word & 0x00000002) { retVal += 1; word >>= 1; }
+    if(word & 0xffff0000)
+        {
+            retVal += 16;
+            word >>= 16;
+        }
+    if(word & 0x0000ff00)
+        {
+            retVal += 8;
+            word >>= 8;
+        }
+    if(word & 0x000000f0)
+        {
+            retVal += 4;
+            word >>= 4;
+        }
+    if(word & 0x0000000c)
+        {
+            retVal += 2;
+            word >>= 2;
+        }
+    if(word & 0x00000002)
+        {
+            retVal += 1;
+            word >>= 1;
+        }
     return retVal + (int)word;
 }
-/* 10.2.3.3.13 BnMsb() */
-/* This function returns the number of the MSb() of a bigNum value. */
-/*     Return Value     Meaning */
-/*     -1       the word was zero or bn was NULL */
-/*     n        the bit number of the most significant bit in the word */
-
-LIB_EXPORT int
-BnMsb(
-      bigConst            bn
-      )
+
+//*** BnMsb()
+// This function returns the number of the MSb of a bigNum value.
+//  Return Type: int
+//      -1              the word was zero or 'bn' was NULL
+//      n               the bit number of the most significant bit in the word
+LIB_EXPORT int BnMsb(bigConst bn)
 {
     // If the value is NULL, or the size is zero then treat as zero and return -1
     if(bn != NULL && bn->size > 0)
         {
-            int         retVal = Msb(bn->d[bn->size - 1]);
+            int retVal = Msb(bn->d[bn->size - 1]);
             retVal += (int)(bn->size - 1) * RADIX_BITS;
             return retVal;
@@ -386 +381 @@
         return -1;
 }
-/* 10.2.3.3.14 BnSizeInBits() */
-/* Returns the number of bits required to hold a number. It is one greater than the Msb. */
-LIB_EXPORT unsigned
-BnSizeInBits(
-             bigConst                 n
-             )
-{
-    int     bits = BnMsb(n) + 1;
+
+//*** BnSizeInBits()
+// This function returns the number of bits required to hold a number. It is one
+// greater than the Msb.
+//
+LIB_EXPORT unsigned BnSizeInBits(bigConst n)
+{
+    int bits = BnMsb(n) + 1;
     //
     return bits < 0 ? 0 : (unsigned)bits;
 }
-/* 10.2.3.3.15 BnSetWord() */
-/* Change the value of a bignum_t to a word value. */
-LIB_EXPORT bigNum
-BnSetWord(
-          bigNum               n,
-          crypt_uword_t        w
-          )
+
+//*** BnSetWord()
+// Change the value of a bignum_t to a word value.
+LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w)
 {
     if(n != NULL)
@@ -413 +405 @@
     return n;
 }
-/* 10.2.3.3.16 BnSetBit() */
-/* SET a bit in a bigNum. Bit 0 is the least-significant bit in the 0th digit_t. The function always
-   return TRUE */
-LIB_EXPORT BOOL
-BnSetBit(
-         bigNum           bn,        // IN/OUT: big number to modify
-         unsigned int     bitNum     // IN: Bit number to SET
-         )
-{
-    crypt_uword_t            offset = bitNum / RADIX_BITS;
-    pAssert(bn->allocated * RADIX_BITS >= bitNum);
+
+//*** BnSetBit()
+// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in
+// the 0th digit_t.  The function will return FALSE if the bitNum is invalid, else TRUE.
+LIB_EXPORT BOOL BnSetBit(bigNum       bn,     // IN/OUT: big number to modify
+                         unsigned int bitNum  // IN: Bit number to SET
+                         )
+{
+    crypt_uword_t offset = bitNum / RADIX_BITS;
+    if(bitNum > bn->allocated * RADIX_BITS)
+        {
+            // out of range
+            return FALSE;
+        }
     // Grow the number if necessary to set the bit.
     while(bn->size <= offset)
@@ -430 +425 @@
     return TRUE;
 }
-/* 10.2.3.3.17 BnTestBit() */
-/* Check to see if a bit is SET in a bignum_t. The 0th bit is the LSb() of d[0]. */
-/* Return Values Meaning */
-/* TRUE the bit is set */
-/* FALSE the bit is not set or the number is out of range */
-LIB_EXPORT BOOL
-BnTestBit(
-          bigNum               bn,        // IN: number to check
-          unsigned int         bitNum     // IN: bit to test
-          )
-{
-    crypt_uword_t         offset = RADIX_DIV(bitNum);
+
+//*** BnTestBit()
+// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit
+// is the LSb of d[0].
+//  Return Type: BOOL
+//      TRUE(1)         the bit is set
+//      FALSE(0)        the bit is not set or the number is out of range
+LIB_EXPORT BOOL BnTestBit(bigNum       bn,     // IN: number to check
+                          unsigned int bitNum  // IN: bit to test
+                          )
+{
+    crypt_uword_t offset = RADIX_DIV(bitNum);
     //
     if(bn->size > offset)
@@ -448 +443 @@
         return FALSE;
 }
-/* 10.2.3.3.18 BnMaskBits() */
-/* Function to mask off high order bits of a big number. The returned value will have no more than
-   maskBit bits set. */
-/* NOTE: There is a requirement that unused words of a bignum_t are set to zero. */
-/* Return Values Meaning */
-/* TRUE result masked */
-/* FALSE the input was not as large as the mask */
-LIB_EXPORT BOOL
-BnMaskBits(
-           bigNum           bn,        // IN/OUT: number to mask
-           crypt_uword_t    maskBit    // IN: the bit number for the mask.
-           )
-{
-    crypt_uword_t    finalSize;
-    BOOL             retVal;
+
+//***BnMaskBits()
+// This function is used to mask off high order bits of a big number.
+// The returned value will have no more than 'maskBit' bits
+// set.
+// Note: There is a requirement that unused words of a bignum_t are set to zero.
+//  Return Type: BOOL
+//      TRUE(1)         result masked
+//      FALSE(0)        the input was not as large as the mask
+LIB_EXPORT BOOL BnMaskBits(bigNum        bn,      // IN/OUT: number to mask
+                           crypt_uword_t maskBit  // IN: the bit number for the mask.
+                           )
+{
+    crypt_uword_t finalSize;
+    BOOL          retVal;
+
     finalSize = BITS_TO_CRYPT_WORDS(maskBit);
-    retVal = (finalSize <= bn->allocated);
+    retVal    = (finalSize <= bn->allocated);
     if(retVal && (finalSize > 0))
         {
-            crypt_uword_t   mask;
+            crypt_uword_t mask;
             mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit);
             bn->d[finalSize - 1] &= mask;
@@ -474 +470 @@
     return retVal;
 }
-/* 10.2.3.3.19 BnShiftRight() */
-/* Function will shift a bigNum to the right by the shiftAmount. This function always returns
-   TRUE. */
-LIB_EXPORT BOOL
-BnShiftRight(
-             bigNum           result,
-             bigConst         toShift,
-             uint32_t         shiftAmount
-             )
-{
-    uint32_t         offset = (shiftAmount >> RADIX_LOG2);
-    uint32_t         i;
-    uint32_t         shiftIn;
-    crypt_uword_t    finalSize;
+
+//*** BnShiftRight()
+// This function will shift a bigNum to the right by the shiftAmount.
+// This function always returns TRUE.
+LIB_EXPORT BOOL BnShiftRight(bigNum result, bigConst toShift, uint32_t shiftAmount)
+{
+    uint32_t      offset = (shiftAmount >> RADIX_LOG2);
+    uint32_t      i;
+    uint32_t      shiftIn;
+    crypt_uword_t finalSize;
     //
     shiftAmount = shiftAmount & RADIX_MASK;
-    shiftIn = RADIX_BITS - shiftAmount;
+    shiftIn     = RADIX_BITS - shiftAmount;
+
     // The end size is toShift->size - offset less one additional
     // word if the shiftAmount would make the upper word == 0
@@ -500 +493 @@
     else
         finalSize = 0;
+
     pAssert(finalSize <= result->allocated);
     if(finalSize != 0)
@@ -514 +508 @@
     return TRUE;
 }
-/* 10.2.3.3.20  BnGetRandomBits() */
-/* Return Value Meaning */
-/* TRUE(1)      success */
-/* FALSE(0)     failure */
-LIB_EXPORT BOOL
-BnGetRandomBits(
-                bigNum           n,
-                size_t           bits,
-                RAND_STATE      *rand
-                )
-{
-    // Since this could be used for ECC key generation using the extra bits method,
-    // make sure that the value is large enough
-    TPM2B_TYPE(LARGEST, LARGEST_NUMBER + 8);
-    TPM2B_LARGEST    large;
-    //
-    large.b.size = (UINT16)BITS_TO_BYTES(bits);
-    if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size)
-        {
-            if(BnFrom2B(n, &large.b) != NULL)
-                {
-                    if(BnMaskBits(n, (crypt_uword_t)bits))
-                        return TRUE;
-                }
-        }
-    return FALSE;
-}
-/* 10.2.3.3.21 BnGenerateRandomInRange() */
-/* Function to generate a random number r in the range 1 <= r < limit. The function gets a random
-   number of bits that is the size of limit. There is some some probability that the returned number
-   is going to be greater than or equal to the limit. If it is, try again. There is no more than 50%
-   chance that the next number is also greater, so try again. We keep trying until we get a value
-   that meets the criteria. Since limit is very often a number with a LOT of high order ones, this
-   rarely would need a second try. */
-/* Return Value Meaning */
-/* TRUE(1)      success */
-/* FALSE(0)     failure */
-LIB_EXPORT BOOL
-BnGenerateRandomInRange(
-                        bigNum           dest,
-                        bigConst         limit,
-                        RAND_STATE      *rand
-                        )
-{
-    size_t   bits = BnSizeInBits(limit);
-    //
-    if(bits < 2)
-        {
-            BnSetWord(dest, 0);
-            return FALSE;
-        }
+
+//*** BnIsPointOnCurve()
+// This function checks if a point is on the curve.
+BOOL BnIsPointOnCurve(pointConst Q, const TPMBN_ECC_CURVE_CONSTANTS* C)
+{
+    BN_VAR(right, (MAX_ECC_KEY_BITS * 3));
+    BN_VAR(left, (MAX_ECC_KEY_BITS * 2));
+    bigConst prime = BnCurveGetPrime(C);
+    //
+    // Show that point is on the curve y^2 = x^3 + ax + b;
+    // Or y^2 = x(x^2 + a) + b
+    // y^2
+    BnMult(left, Q->y, Q->y);
+
+    BnMod(left, prime);
+    // x^2
+    BnMult(right, Q->x, Q->x);
+
+    // x^2 + a
+    BnAdd(right, right, BnCurveGet_a(C));
+
+    //    ExtMath_Mod(right, CurveGetPrime(C));
+    // x(x^2 + a)
+    BnMult(right, right, Q->x);
+
+    // x(x^2 + a) + b
+    BnAdd(right, right, BnCurveGet_b(C));
+
+    BnMod(right, prime);
+    if(BnUnsignedCmp(left, right) == 0)
+        return TRUE;
     else
-        {
-            while(BnGetRandomBits(dest, bits, rand)
-                  && (BnEqualZero(dest) || (BnUnsignedCmp(dest, limit) >= 0)));
-        }
-    return !g_inFailureMode;
+        return FALSE;
 }
 
@@ -578 +548 @@
 // and thus calculates the bits that OpenSSL will work with after truncating
 // the leading zeros
-static /*VBOX: LIB_EXPORT*/ unsigned
-BnSizeInBitsSkipLeadingZeros(
-             bigConst                 n
-             )
+static unsigned BnSizeInBitsSkipLeadingZeros(bigConst n)
 {
     int                firstByte;
@@ -609 +576 @@
    will not have a timing-sidechannel
  */
-LIB_EXPORT BOOL
-BnGenerateRandomInRangeAllBytes(
-                        bigNum           dest,
-                        bigConst         limit,
-                        RAND_STATE      *rand
-                        )
+LIB_EXPORT BOOL BnGenerateRandomInRangeAllBytes(bigNum      dest,
+                                                bigConst    limit,
+                                                RAND_STATE* rand
+                                                )
 {
     BOOL     OK;
@@ -624 +589 @@
 
     if (rand)
-        return BnGenerateRandomInRange(dest, limit, rand);
+        return TpmMath_GetRandomInRange((Crypt_Int*)dest, (const Crypt_Int*)limit, rand);
 
     // a 'limit' like 'BN_P638_n' has leading zeros and we only need 73 bytes not 80
@@ -634 +599 @@
 
     while (true) {
-        OK = BnGenerateRandomInRange(dest, limit, rand);
+        OK = TpmMath_GetRandomInRange((Crypt_Int*)dest, (const Crypt_Int*)limit, rand);
         if (!OK)
             break;

trunk/src/libs/libtpms-0.10.0/src/tpm2/Clock.c ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: Clock.c 1529 2019-11-21 23:29:01Z kgoldman $                 */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2019                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
-/* added for portability because Linux clock is 32 bits */
-
-#include <stdint.h>
-#include <stdio.h>
-#ifndef VBOX
-#include <time.h>
-#else
-# include <iprt/time.h>
-#endif
-
-/* C.3 Clock.c */
-/* C.3.1. Description */
-/* This file contains the routines that are used by the simulator to mimic a hardware clock on a
-   TPM. In this implementation, all the time values are measured in millisecond. However, the
-   precision of the clock functions may be implementation dependent. */
-/* C.3.2. Includes and Data Definitions */
+//** Description
+//
+// This file contains the routines that are used by the simulator to mimic
+// a hardware clock on a TPM.
+//
+// In this implementation, all the time values are measured in millisecond.
+// However, the precision of the clock functions may be implementation dependent.
+
+//** Includes and Data Definitions
 #include <assert.h>
 #include "Platform.h"
-#include "TpmFail_fp.h"
+
+#ifndef VBOX
+# include <time.h>
+#else
+# include <iprt/time.h>
+#endif
+
+// CLOCK_NOMINAL is the number of hardware ticks per ms. A value of 30000 means
+// that the nominal clock rate used to drive the hardware clock is 30 MHz. The
+// adjustment rates are used to determine the conversion of the hardware ticks to
+// internal hardware clock value. In practice, we would expect that there would be
+// a hardware register will accumulated mS. It would be incremented by the output
+// of a pre-scaler. The pre-scaler would divide the ticks from the clock by some
+// value that would compensate for the difference between clock time and real time.
+// The code in Clock does the emulation of this function.
+#define CLOCK_NOMINAL 30000
+// A 1% change in rate is 300 counts
+#define CLOCK_ADJUST_COARSE 300
+// A 0.1% change in rate is 30 counts
+#define CLOCK_ADJUST_MEDIUM 30
+// A minimum change in rate is 1 count
+#define CLOCK_ADJUST_FINE 1
+// The clock tolerance is +/-15% (4500 counts)
+// Allow some guard band (16.7%)
+#define CLOCK_ADJUST_LIMIT 5000
 
 /* libtpms added begin */
@@ -85 +101 @@
 ClockGetTime(
 #ifndef VBOX
-               clockid_t clk_id
-#else
-               TPM_CLOCK_ID clk_id
+    clockid_t clk_id
+#else
+    TPM_CLOCK_ID clk_id
 #endif
                )
@@ -103 +119 @@
 
     return time;
-#else
+#else /* VBOX */
     if (clk_id == CLOCK_REALTIME)
     {
@@ -115 +131 @@
 
     return 0;
-#endif
+#endif /* !VBOX */
 }
 
@@ -133 +149 @@
 #else
         s_hostMonotonicAdjustTime = -(int64_t)ClockGetTime(CLOCK_MONOTONIC);
-#endif
+#endif /* !VBOX */
 
         /* s_lastSystemTime & s_lastReportTime need to be set as well */
@@ -144 +160 @@
 /* libtpms added end */
 
-/* C.3.3. Simulator Functions */
-/* C.3.3.1. Introduction */
-/* This set of functions is intended to be called by the simulator environment in order to simulate
-   hardware events. */
-/* C.3.3.2. _plat__TimerReset() */
-/* This function sets current system clock time as t0 for counting TPM time. This function is called
-   at a power on event to reset the clock.  When the clock is reset, the indication that the clock
-   was stopped is also set. */
-LIB_EXPORT void
-_plat__TimerReset(
-                  void
-                  )
+//** Simulator Functions
+//*** Introduction
+// This set of functions is intended to be called by the simulator environment in
+// order to simulate hardware events.
+
+//***_plat__TimerReset()
+// This function sets current system clock time as t0 for counting TPM time.
+// This function is called at a power on event to reset the clock. When the clock
+// is reset, the indication that the clock was stopped is also set.
+LIB_EXPORT void _plat__TimerReset(void)
 {
     s_lastSystemTime = 0;
-    s_tpmTime = 0;
-    s_adjustRate = CLOCK_NOMINAL;
-    s_timerReset = TRUE;
-    s_timerStopped = TRUE;
+    s_tpmTime        = 0;
+    s_adjustRate     = CLOCK_NOMINAL;
+    s_timerReset     = TRUE;
+    s_timerStopped   = TRUE;
     s_hostMonotonicAdjustTime = 0; /* libtpms added */
     s_suspendedElapsedTime = 0; /* libtpms added */
     return;
 }
-/* C.3.3.3. _plat__TimerRestart() */
-/* This function should be called in order to simulate the restart of the timer should it be stopped
-   while power is still applied. */
-LIB_EXPORT void
-_plat__TimerRestart(
-                    void
-                    )
+
+//*** _plat__TimerRestart()
+// This function should be called in order to simulate the restart of the timer
+// should it be stopped while power is still applied.
+LIB_EXPORT void _plat__TimerRestart(void)
 {
     s_timerStopped = TRUE;
@@ -178 +190 @@
 }
 
-/* C.3.4. Functions Used by TPM */
-/* C.3.4.1. Introduction */
-/* These functions are called by the TPM code. They should be replaced by appropriated hardware
-   functions. */
-
-clock_t     debugTime;
-/* C.3.4.2.     _plat__Time() */
-/* This is another, probably futile, attempt to define a portable function that will return a 64-bit
-   clock value that has mSec resolution. */
-LIB_EXPORT uint64_t
-_plat__RealTime(
-                void
-                )
-{
-    clock64_t           time;
+//** Functions Used by TPM
+//*** Introduction
+// These functions are called by the TPM code. They should be replaced by
+// appropriated hardware functions.
+
+clock_t debugTime;
+
+//*** _plat__RealTime()
+// This is another, probably futile, attempt to define a portable function
+// that will return a 64-bit clock value that has mSec resolution.
+LIB_EXPORT uint64_t _plat__RealTime(void)
+{
+    clock64_t time;
     //#ifdef _MSC_VER   kgold
-#ifndef VBOX
 #ifdef TPM_WINDOWS
     #include <sys/timeb.h>
-    struct _timeb       sysTime;
+    struct _timeb sysTime;
     //
     _ftime(&sysTime);   /* kgold, mingw doesn't have _ftime_s */
@@ -206 +215 @@
 #else
     // hopefully, this will work with most UNIX systems
-    struct timespec     systime;
+    struct timespec systime;
     //
     clock_gettime(CLOCK_MONOTONIC, &systime);
     time = (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000);
-#endif
-#else
-    time = (clock64_t)RTTimeMilliTS();
 #endif
     /* libtpms added begin */
@@ -229 +235 @@
 }
 
-
-
-/* C.3.4.3. _plat__TimerRead() */
-/* This function provides access to the tick timer of the platform. The TPM code uses this value to
-   drive the TPM Clock. */
-/* The tick timer is supposed to run when power is applied to the device. This timer should not be
-   reset by time events including _TPM_Init(). It should only be reset when TPM power is
-   re-applied. */
-/* If the TPM is run in a protected environment, that environment may provide the tick time to the
-   TPM as long as the time provided by the environment is not allowed to go backwards. If the time
-   provided by the system can go backwards during a power discontinuity, then the
-   _plat__Signal_PowerOn() should call _plat__TimerReset(). */
-LIB_EXPORT uint64_t
-_plat__TimerRead(
-                 void
-                 )
+//***_plat__TimerRead()
+// This function provides access to the tick timer of the platform. The TPM code
+// uses this value to drive the TPM Clock.
+//
+// The tick timer is supposed to run when power is applied to the device. This timer
+// should not be reset by time events including _TPM_Init. It should only be reset
+// when TPM power is re-applied.
+//
+// If the TPM is run in a protected environment, that environment may provide the
+// tick time to the TPM as long as the time provided by the environment is not
+// allowed to go backwards. If the time provided by the system can go backwards
+// during a power discontinuity, then the _plat__Signal_PowerOn should call
+// _plat__TimerReset().
+LIB_EXPORT uint64_t _plat__TimerRead(void)
 {
 #ifdef HARDWARE_CLOCK
-#error      "need a definition for reading the hardware clock"
+#  error "need a defintion for reading the hardware clock"
     return HARDWARE_CLOCK
 #else
-    clock64_t         timeDiff;
-    clock64_t         adjustedTimeDiff;
-    clock64_t         timeNow;
-    clock64_t         readjustedTimeDiff;
+        clock64_t timeDiff;
+    clock64_t adjustedTimeDiff;
+    clock64_t timeNow;
+    clock64_t readjustedTimeDiff;
+
     // This produces a timeNow that is basically locked to the system clock.
     timeNow = _plat__RealTime();
+
     // if this hasn't been initialized, initialize it
     if(s_lastSystemTime == 0)
         {
-            s_lastSystemTime = timeNow;
-            debugTime = clock();
+            s_lastSystemTime   = timeNow;
+            debugTime          = clock();
             s_lastReportedTime = 0;
             s_realTimePrevious = 0;
@@ -270 +276 @@
         s_lastSystemTime = timeNow;
     s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime;
-    s_lastSystemTime = timeNow;
-    timeNow = s_lastReportedTime;
+    s_lastSystemTime   = timeNow;
+    timeNow            = s_lastReportedTime;
+
     // The code above produces a timeNow that is similar to the value returned
     // by Clock(). The difference is that timeNow does not max out, and it is
@@ -281 +288 @@
     // Compute the amount of time since the last update of the system clock
     timeDiff = timeNow - s_realTimePrevious;
+
     // Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec
     adjustedTimeDiff = (timeDiff * CLOCK_NOMINAL) / ((uint64_t)s_adjustRate);
+
     // update the TPM time with the adjusted timeDiff
     s_tpmTime += (clock64_t)adjustedTimeDiff;
+
     // Might have some rounding error that would loose CLOCKS. See what is not
     // being used. As mentioned above, this could result in putting back more than
     // is taken out. Here, we are trying to recreate timeDiff.
-    readjustedTimeDiff = (adjustedTimeDiff * (uint64_t)s_adjustRate )
-                         / CLOCK_NOMINAL;
+    readjustedTimeDiff = (adjustedTimeDiff * (uint64_t)s_adjustRate) / CLOCK_NOMINAL;
+
     // adjusted is now converted back to being the amount we should advance the
     // previous sampled time. It should always be less than or equal to timeDiff.
     // That is, we could not have use more time than we started with.
     s_realTimePrevious = s_realTimePrevious + readjustedTimeDiff;
-#ifdef  DEBUGGING_TIME
+
+#  ifdef DEBUGGING_TIME
     // Put this in so that TPM time will pass much faster than real time when
     // doing debug.
@@ -300 +311 @@
     // A good value might be 100
     return (s_tpmTime * DEBUG_TIME_MULTIPLIER);
-#endif
+#  endif
     return s_tpmTime;
 #endif
 }
 
-
-/* C.3.4.3. _plat__TimerWasReset() */
-/* This function is used to interrogate the flag indicating if the tick timer has been reset. */
-/* If the resetFlag parameter is SET, then the flag will be CLEAR before the function returns. */
-LIB_EXPORT int
-_plat__TimerWasReset(
-                     void
-                     )
-{
-    int retVal = s_timerReset;
+//*** _plat__TimerWasReset()
+// This function is used to interrogate the flag indicating if the tick timer has
+// been reset.
+//
+// If the resetFlag parameter is SET, then the flag will be CLEAR before the
+// function returns.
+LIB_EXPORT int _plat__TimerWasReset(void)
+{
+    int retVal   = s_timerReset;
     s_timerReset = FALSE;
     return retVal;
 }
-/* C.3.4.4. _plat__TimerWasStopped() */
-/* This function is used to interrogate the flag indicating if the tick timer has been stopped. If
-   so, this is typically a reason to roll the nonce. */
-/* This function will CLEAR the s_timerStopped flag before returning. This provides functionality
-   that is similar to status register that is cleared when read. This is the model used here because
-   it is the one that has the most impact on the TPM code as the flag can only be accessed by one
-   entity in the TPM. Any other implementation of the hardware can be made to look like a read-once
-   register. */
-LIB_EXPORT int
-_plat__TimerWasStopped(
-                       void
-                       )
-{
-    BOOL         retVal = s_timerStopped;
+
+//*** _plat__TimerWasStopped()
+// This function is used to interrogate the flag indicating if the tick timer has
+// been stopped. If so, this is typically a reason to roll the nonce.
+//
+// This function will CLEAR the s_timerStopped flag before returning. This provides
+// functionality that is similar to status register that is cleared when read. This
+// is the model used here because it is the one that has the most impact on the TPM
+// code as the flag can only be accessed by one entity in the TPM. Any other
+// implementation of the hardware can be made to look like a read-once register.
+LIB_EXPORT int _plat__TimerWasStopped(void)
+{
+    int retVal     = s_timerStopped;
     s_timerStopped = FALSE;
     return retVal;
 }
-/* C.3.4.5. _plat__ClockAdjustRate() */
-/* Adjust the clock rate */
-LIB_EXPORT void
-_plat__ClockAdjustRate(
-                       int      adjust         // IN: the adjust number.  It could be positive
-                       //     or negative
-                       )
+
+//***_plat__ClockAdjustRate()
+// Adjust the clock rate
+LIB_EXPORT void _plat__ClockRateAdjust(_plat__ClockAdjustStep adjust)
 {
     // We expect the caller should only use a fixed set of constant values to
@@ -347 +353 @@
     switch(adjust)
         {
-          case CLOCK_ADJUST_COARSE:
+            // slower increases the divisor
+          case PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER:
             s_adjustRate += CLOCK_ADJUST_COARSE;
             break;
-          case -CLOCK_ADJUST_COARSE:
+          case PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER:
+            s_adjustRate += CLOCK_ADJUST_MEDIUM;
+            break;
+          case PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER:
+            s_adjustRate += CLOCK_ADJUST_FINE;
+            break;
+            // faster decreases the divisor
+          case PLAT_TPM_CLOCK_ADJUST_FINE_FASTER:
+            s_adjustRate -= CLOCK_ADJUST_FINE;
+            break;
+          case PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER:
+            s_adjustRate -= CLOCK_ADJUST_MEDIUM;
+            break;
+          case PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER:
             s_adjustRate -= CLOCK_ADJUST_COARSE;
             break;
-          case CLOCK_ADJUST_MEDIUM:
-            s_adjustRate += CLOCK_ADJUST_MEDIUM;
-            break;
-          case -CLOCK_ADJUST_MEDIUM:
-            s_adjustRate -= CLOCK_ADJUST_MEDIUM;
-            break;
-          case CLOCK_ADJUST_FINE:
-            s_adjustRate += CLOCK_ADJUST_FINE;
-            break;
-          case -CLOCK_ADJUST_FINE:
-            s_adjustRate -= CLOCK_ADJUST_FINE;
-            break;
-          default:
-            // ignore any other values;
-            break;
         }
+
     if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT))
         s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT;
     if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT))
         s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT;
+
     return;
 }
+
+#if 0
+
+/* added for portability because Linux clock is 32 bits */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <time.h>
+
+#include "TpmFail_fp.h"
+
+LIB_EXPORT uint64_t
+_plat__RealTime(
+                void
+                )
+{
+    clock64_t           time;
+    //#ifdef _MSC_VER   kgold
+#ifndef VBOX
+#ifdef TPM_WINDOWS
+    #include <sys/timeb.h>
+    struct _timeb       sysTime;
+    //
+    _ftime(&sysTime);   /* kgold, mingw doesn't have _ftime_s */
+    time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm;
+    // set the time back by one hour if daylight savings
+    if(sysTime.dstflag)
+        time -= 1000 * 60 * 60;  // mSec/sec * sec/min * min/hour = ms/hour
+#else
+    // hopefully, this will work with most UNIX systems
+    struct timespec     systime;
+    //
+    clock_gettime(CLOCK_MONOTONIC, &systime);
+    time = (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000);
+#endif
+#else
+    time = (clock64_t)RTTimeMilliTS();
+#endif
+    return time;
+}
+
+#endif

trunk/src/libs/libtpms-0.10.0/src/tpm2/ContextCommands.c ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: ContextCommands.c 1658 2021-01-22 23:14:01Z kgoldman $       */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2021                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
 #include "Tpm.h"
-#include "ContextSave_fp.h"
-#include "NVMarshal.h" // libtpms added
+
 #if CC_ContextSave  // Conditional expansion of this file
-#include "Context_spt_fp.h"
-/* Error Returns Meaning */
-/* TPM_RC_CONTEXT_GAP a contextID could not be assigned for a session context save */
-/* TPM_RC_TOO_MANY_CONTEXTS no more contexts can be saved as the counter has maxed out */
+
+#  include "ContextSave_fp.h"
+#  include "Marshal.h"
+#  include "Context_spt_fp.h"
+#  include "NVMarshal.h" // libtpms added
+
+/*(See part 3 specification)
+  Save context
+*/
+//  Return Type: TPM_RC
+//      TPM_RC_CONTEXT_GAP          a contextID could not be assigned for a session
+//                                  context save
+//      TPM_RC_TOO_MANY_CONTEXTS    no more contexts can be saved as the counter has
+//                                  maxed out
 TPM_RC
-TPM2_ContextSave(
-                 ContextSave_In      *in,            // IN: input parameter list
-                 ContextSave_Out     *out            // OUT: output parameter list
+TPM2_ContextSave(ContextSave_In*  in,  // IN: input parameter list
+                 ContextSave_Out* out  // OUT: output parameter list
                  )
 {
-    TPM_RC          result = TPM_RC_SUCCESS;
-    UINT16          fingerprintSize;    // The size of fingerprint in context
+    TPM_RC result = TPM_RC_SUCCESS;
+    UINT16 fingerprintSize;  // The size of fingerprint in context
     // blob.
-    UINT64          contextID = 0;      // session context ID
-    TPM2B_SYM_KEY   symKey;
-    TPM2B_IV        iv;
-    TPM2B_DIGEST    integrity;
-    UINT16          integritySize;
-    BYTE            *buffer;
+    UINT64        contextID = 0;  // session context ID
+    TPM2B_SYM_KEY symKey;
+    TPM2B_IV      iv;
+
+    TPM2B_DIGEST  integrity;
+    UINT16        integritySize;
+    BYTE*         buffer;
     // This command may cause the orderlyState to be cleared due to
     // the update of state reset data. If the state is orderly and
     // cannot be changed, exit early.
     RETURN_IF_ORDERLY;
-    
+
     // Internal Data Update
-    
+
     // This implementation does not do things in quite the same way as described in
-    // Part 2 of the specification. In Part 2, it indicates that the 
-    // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is 
-    // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to 
-    // determine the amount of data in the encrypted data. That part is not 
-    // independently sized. This makes the actual size 2 bytes smaller than 
-    // calculated using Part 2. Since this is opaque to the caller, it is not 
+    // Part 2 of the specification. In Part 2, it indicates that the
+    // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is
+    // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to
+    // determine the amount of data in the encrypted data. That part is not
+    // independently sized. This makes the actual size 2 bytes smaller than
+    // calculated using Part 2. Since this is opaque to the caller, it is not
     // necessary to fix. The actual size is returned by TPM2_GetCapabilties().
-    
+
     // Initialize output handle.  At the end of command action, the output
     // handle of an object will be replaced, while the output handle
     // for a session will be the same as input
     out->context.savedHandle = in->saveHandle;
+
     // Get the size of fingerprint in context blob.  The sequence value in
     // TPMS_CONTEXT structure is used as the fingerprint
     fingerprintSize = sizeof(out->context.sequence);
+
     // Compute the integrity size at the beginning of context blob
-    integritySize = sizeof(integrity.t.size)
-                    + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG);
+    integritySize =
+        sizeof(integrity.t.size) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG);
+
     // Perform object or session specific context save
     switch(HandleGetType(in->saveHandle))
@@ -114 +125 @@
           case TPM_HT_TRANSIENT:
               {
-                  OBJECT              *object = HandleToObject(in->saveHandle);
-                  ANY_OBJECT_BUFFER   *outObject;
+                  OBJECT*            object = HandleToObject(in->saveHandle);
+                  ANY_OBJECT_BUFFER* outObject;
 #ifndef VBOX
-                  unsigned char        buffer[sizeof(OBJECT) * 2];              // libtpms changed begin
-                  BYTE                *bufptr = &buffer[0];
-                  INT32                size = sizeof(buffer);
+                  unsigned char      objbuf[sizeof(OBJECT) * 2];                // libtpms changed begin
+                  BYTE*              bufptr = &objbuf[0];
+                  INT32              size = sizeof(objbuf);
 #else
                   unsigned char        abBuf[sizeof(OBJECT) * 2];               // libtpms changed begin
                   BYTE                *bufptr = &abBuf[0];
                   INT32                size = sizeof(abBuf);
-#endif
-                  UINT16               written = ANY_OBJECT_Marshal(object, &bufptr, &size);
-                  UINT16               objectSize = written;                    // libtpms changed end
-                  outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer
-                                                    + integritySize + fingerprintSize);
+#endif /* VBOX */
+                  
+                  UINT16             objectSize;                                // libtpms changed end
+                  outObject         = (ANY_OBJECT_BUFFER*)(out->context.contextBlob.t.buffer
+                                                           + integritySize + fingerprintSize);
                   // Set size of the context data.  The contents of context blob is vendor
                   // defined.  In this implementation, the size is size of integrity
                   // plus fingerprint plus the whole internal OBJECT structure
-                  out->context.contextBlob.t.size = integritySize +
-                                                    fingerprintSize + objectSize;
+#  if 0                                                                                 // libtpms: added
+                  out->context.contextBlob.t.size =
+                      integritySize + fingerprintSize + objectSize;
+#  endif                                                                                // libtpms: added
+#  if ALG_RSA
+                  // For an RSA key, make sure that the key has had the private exponent
+                  // computed before saving.
+                  if(object->publicArea.type == TPM_ALG_RSA
+                     && !(object->attributes.publicOnly))
+                      CryptRsaLoadPrivateExponent(&object->publicArea, &object->sensitive, object); // libtpms: added object param
+#  endif
+                  objectSize = ANY_OBJECT_Marshal(object, &bufptr, &size, &g_RuntimeProfile);   // libtpms: added begin
+
+                  out->context.contextBlob.t.size =
+                      integritySize + fingerprintSize + objectSize;
                   // Make sure things fit
                   pAssert(out->context.contextBlob.t.size
@@ -139 +163 @@
                   // Copy the whole internal OBJECT structure to context blob
 #ifndef VBOX
-                  MemoryCopy(outObject, buffer, written);                       // libtpms changed
+                  MemoryCopy(outObject, objbuf, objectSize);                    // libtpms changed
 #else
-                  MemoryCopy(outObject, &abBuf, written);                       // libtpms changed
-#endif
+                  MemoryCopy(outObject, &abBuf, objectSize);                    // libtpms changed
+#endif /* VBOX */                 
                   // Increment object context ID
                   gr.objectContextID++;
@@ -148 +172 @@
                   if(gr.objectContextID == 0)
                       FAIL(FATAL_ERROR_INTERNAL);
+
                   // Fill in other return values for an object.
                   out->context.sequence = gr.objectContextID;
@@ -157 +182 @@
                           out->context.savedHandle = 0x80000001;
                         /* ANY_OBJECT_Marshal already wrote it                  // libtpms changed begin
-                          SequenceDataExport((HASH_OBJECT *)object,
-                                             (HASH_OBJECT_BUFFER *)outObject);
+                          SequenceDataExport((HASH_OBJECT*)object,
+                                             (HASH_OBJECT_BUFFER*)outObject);
                          */                                                     // libtpms changed end
                       }
                   else
-                      out->context.savedHandle = (object->attributes.stClear == SET)
-                                                 ? 0x80000002 : 0x80000000;
+                      out->context.savedHandle =
+                          (object->attributes.stClear == SET) ? 0x80000002 : 0x80000000;
                   // Get object hierarchy
-                  out->context.hierarchy = ObjectGetHierarchy(object);
+                  out->context.hierarchy = object->hierarchy;
+
                   break;
               }
@@ -171 +197 @@
           case TPM_HT_POLICY_SESSION:
               {
-                  SESSION         *session = SessionGet(in->saveHandle);
+                  SESSION* session = SessionGet(in->saveHandle);
+
                   // Set size of the context data.  The contents of context blob is vendor
                   // defined.  In this implementation, the size of context blob is the
                   // size of a internal session structure plus the size of
                   // fingerprint plus the size of integrity
-                  out->context.contextBlob.t.size = integritySize +
-                                                    fingerprintSize + sizeof(*session);
+                  out->context.contextBlob.t.size =
+                      integritySize + fingerprintSize + sizeof(*session);
+
                   // Make sure things fit
                   pAssert(out->context.contextBlob.t.size
                           < sizeof(out->context.contextBlob.t.buffer));
+
                   // Copy the whole internal SESSION structure to context blob.
                   // Save space for fingerprint at the beginning of the buffer
@@ -187 +216 @@
                   pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer)
                           - integritySize - fingerprintSize);
-                  MemoryCopy(out->context.contextBlob.t.buffer + integritySize
-                             + fingerprintSize, session, sizeof(*session));
+                  MemoryCopy(
+                             out->context.contextBlob.t.buffer + integritySize + fingerprintSize,
+                             session,
+                             sizeof(*session));
                   // Fill in the other return parameters for a session
                   // Get a context ID and set the session tracking values appropriately
@@ -199 +230 @@
                   // sequence number is the current session contextID
                   out->context.sequence = contextID;
+
                   // use TPM_RH_NULL as hierarchy for session context
                   out->context.hierarchy = TPM_RH_NULL;
+
                   break;
               }
@@ -209 +242 @@
             break;
         }
+
     // Save fingerprint at the beginning of encrypted area of context blob.
     // Reserve the integrity space
-    pAssert(sizeof(out->context.sequence) <=
-            sizeof(out->context.contextBlob.t.buffer) - integritySize);
+    pAssert(sizeof(out->context.sequence)
+            <= sizeof(out->context.contextBlob.t.buffer) - integritySize);
     MemoryCopy(out->context.contextBlob.t.buffer + integritySize,
-               &out->context.sequence, sizeof(out->context.sequence));
+               &out->context.sequence,
+               sizeof(out->context.sequence));
+
     // Compute context encryption key
-    ComputeContextProtectionKey(&out->context, &symKey, &iv);
+    result = ComputeContextProtectionKey(&out->context, &symKey, &iv);
+    if(result != TPM_RC_SUCCESS)
+        return result;
+
     // Encrypt context blob
     CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize,
-                          CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS,
-                          symKey.t.buffer, &iv, TPM_ALG_CFB,
+                          CONTEXT_ENCRYPT_ALG,
+                          CONTEXT_ENCRYPT_KEY_BITS,
+                          symKey.t.buffer,
+                          &iv,
+                          TPM_ALG_CFB,
                           out->context.contextBlob.t.size - integritySize,
                           out->context.contextBlob.t.buffer + integritySize);
+
     // Compute integrity hash for the object
     // In this implementation, the same routine is used for both sessions
     // and objects.
-    ComputeContextIntegrity(&out->context, &integrity);
+    result = ComputeContextIntegrity(&out->context, &integrity);
+    if(result != TPM_RC_SUCCESS)
+        return result;
+
     // add integrity at the beginning of context blob
     buffer = out->context.contextBlob.t.buffer;
     TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL);
+
     // orderly state should be cleared because of the update of state reset and
     // state clear data
     g_clearOrderly = TRUE;
+
     return result;
 }
-#endif // CC_ContextSave
+
+#endif  // CC_ContextSave
+
 #include "Tpm.h"
-#include "ContextLoad_fp.h"
+
 #if CC_ContextLoad  // Conditional expansion of this file
-#include "Context_spt_fp.h"
+
+#  include "ContextLoad_fp.h"
+#  include "Marshal.h"
+#  include "Context_spt_fp.h"
+
+/*(See part 3 specification)
+// Load context
+*/
+
+//  Return Type: TPM_RC
+//      TPM_RC_CONTEXT_GAP          there is only one available slot and this is not
+//                                  the oldest saved session context
+//      TPM_RC_HANDLE               'context.savedHandle' does not reference a saved
+//                                  session
+//      TPM_RC_HIERARCHY            'context.hierarchy' is disabled
+//      TPM_RC_INTEGRITY            'context' integrity check fail
+//      TPM_RC_OBJECT_MEMORY        no free slot for an object
+//      TPM_RC_SESSION_MEMORY       no free session slots
+//      TPM_RC_SIZE                 incorrect context blob size
 TPM_RC
-TPM2_ContextLoad(
-                 ContextLoad_In      *in,            // IN: input parameter list
-                 ContextLoad_Out     *out            // OUT: output parameter list
+TPM2_ContextLoad(ContextLoad_In*  in,  // IN: input parameter list
+                 ContextLoad_Out* out  // OUT: output parameter list
                  )
 {
-    TPM_RC              result;
-    TPM2B_DIGEST        integrityToCompare;
-    TPM2B_DIGEST        integrity;
-    BYTE                *buffer;    // defined to save some typing
-    INT32               size;       // defined to save some typing
-    TPM_HT              handleType;
-    TPM2B_SYM_KEY       symKey;
-    TPM2B_IV            iv;
+    TPM_RC        result;
+    TPM2B_DIGEST  integrityToCompare;
+    TPM2B_DIGEST  integrity;
+    BYTE*         buffer;  // defined to save some typing
+    INT32         size;    // defined to save some typing
+    TPM_HT        handleType;
+    TPM2B_SYM_KEY symKey;
+    TPM2B_IV      iv;
+
     // Input Validation
 
@@ -260 +328 @@
     // IF this is a session context, make sure that the sequence number is
     // consistent with the version in the slot
+
     // Check context blob size
     handleType = HandleGetType(in->context.savedHandle);
+
     // Get integrity from context blob
     buffer = in->context.contextBlob.t.buffer;
-    size = (INT32)in->context.contextBlob.t.size;
+    size   = (INT32)in->context.contextBlob.t.size;
     result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size);
     if(result != TPM_RC_SUCCESS)
         return result;
+
     // the size of the integrity value has to match the size of digest produced
     // by the integrity hash
     if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
         return TPM_RCS_SIZE + RC_ContextLoad_context;
+
     // Make sure that the context blob has enough space for the fingerprint. This
     // is elastic pants to go with the belt and suspenders we already have to make
@@ -277 +349 @@
     if((unsigned)size < sizeof(in->context.sequence))
         return TPM_RCS_SIZE + RC_ContextLoad_context;
+
     // After unmarshaling the integrity value, 'buffer' is pointing at the first
     // byte of the integrity protected and encrypted buffer and 'size' is the number
     // of integrity protected and encrypted bytes.
+
     // Compute context integrity
-    ComputeContextIntegrity(&in->context, &integrityToCompare);
+    result = ComputeContextIntegrity(&in->context, &integrityToCompare);
+    if(result != TPM_RC_SUCCESS)
+        return result;
+
     // Compare integrity
     if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b))
         return TPM_RCS_INTEGRITY + RC_ContextLoad_context;
     // Compute context encryption key
-    ComputeContextProtectionKey(&in->context, &symKey, &iv);
+    result = ComputeContextProtectionKey(&in->context, &symKey, &iv);
+    if(result != TPM_RC_SUCCESS)
+        return result;
+
     // Decrypt context data in place
-    CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS,
-                          symKey.t.buffer, &iv, TPM_ALG_CFB, size, buffer);
+    CryptSymmetricDecrypt(buffer,
+                          CONTEXT_ENCRYPT_ALG,
+                          CONTEXT_ENCRYPT_KEY_BITS,
+                          symKey.t.buffer,
+                          &iv,
+                          TPM_ALG_CFB,
+                          size,
+                          buffer);
     // See if the fingerprint value matches. If not, it is symptomatic of either
     // a broken TPM or that the TPM is under attack so go into failure mode.
     if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence)))
         FAIL(FATAL_ERROR_INTERNAL);
+
     // step over fingerprint
     buffer += sizeof(in->context.sequence);
+
     // set the remaining size of the context
     size -= sizeof(in->context.sequence);
+
     // Perform object or session specific input check
     switch(handleType)
@@ -303 +392 @@
           case TPM_HT_TRANSIENT:
               {
-                  OBJECT      *outObject;
+                  OBJECT* outObject;
+
                   if(size > (INT32)sizeof(OBJECT))
                       FAIL(FATAL_ERROR_INTERNAL);
+
                   // Discard any changes to the handle that the TRM might have made
                   in->context.savedHandle = TRANSIENT_FIRST;
+
                   // If hierarchy is disabled, no object context can be loaded in this
                   // hierarchy
                   if(!HierarchyIsEnabled(in->context.hierarchy))
                       return TPM_RCS_HIERARCHY + RC_ContextLoad_context;
+
                   // Restore object. If there is no empty space, indicate as much
                   outObject = ObjectContextLoadLibtpms(buffer, size,       // libtpms changed
@@ -317 +410 @@
                   if(outObject == NULL)
                       return TPM_RC_OBJECT_MEMORY;
+
                   break;
               }
@@ -324 +418 @@
                   if(size != sizeof(SESSION))
                       FAIL(FATAL_ERROR_INTERNAL);
+
                   // This command may cause the orderlyState to be cleared due to
                   // the update of state reset data.  If this is the case, check if NV is
                   // available first
                   RETURN_IF_ORDERLY;
+
                   // Check if input handle points to a valid saved session and that the
                   // sequence number makes sense
                   if(!SequenceNumberForSavedContextIsValid(&in->context))
                       return TPM_RCS_HANDLE + RC_ContextLoad_context;
+
                   // Restore session.  A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error
                   // may be returned at this point
-                  result = SessionContextLoad((SESSION_BUF *)buffer,
-                                              &in->context.savedHandle);
+                  result =
+                      SessionContextLoad((SESSION_BUF*)buffer, &in->context.savedHandle);
                   if(result != TPM_RC_SUCCESS)
                       return result;
+
                   out->loadedHandle = in->context.savedHandle;
+
                   // orderly state should be cleared because of the update of state
                   // reset and state clear data
                   g_clearOrderly = TRUE;
+
                   break;
               }
@@ -352 +452 @@
     return TPM_RC_SUCCESS;
 }
+
 #endif // CC_ContextLoad
+
 #include "Tpm.h"
 #include "FlushContext_fp.h"
@@ -393 +495 @@
 }
 #endif // CC_FlushContext
+
 #include "Tpm.h"
 #include "EvictControl_fp.h"
+
 #if CC_EvictControl  // Conditional expansion of this file
+
+/*(See part 3 specification)
+// Make a transient object persistent or evict a persistent object
+*/
+//  Return Type: TPM_RC
+//      TPM_RC_ATTRIBUTES   an object with 'temporary', 'stClear' or 'publicOnly'
+//                          attribute SET cannot be made persistent
+//      TPM_RC_HIERARCHY    'auth' cannot authorize the operation in the hierarchy
+//                          of 'evictObject';
+//                          an object in a firmware-bound or SVN-bound hierarchy
+//                          cannot be made persistent.
+//      TPM_RC_HANDLE       'evictHandle' of the persistent object to be evicted is
+//                          not the same as the 'persistentHandle' argument
+//      TPM_RC_NV_HANDLE    'persistentHandle' is unavailable
+//      TPM_RC_NV_SPACE     no space in NV to make 'evictHandle' persistent
+//      TPM_RC_RANGE        'persistentHandle' is not in the range corresponding to
+//                          the hierarchy of 'evictObject'
 TPM_RC
-TPM2_EvictControl(
-                  EvictControl_In     *in             // IN: input parameter list
+TPM2_EvictControl(EvictControl_In* in  // IN: input parameter list
                   )
 {
-    TPM_RC      result;
-    OBJECT      *evictObject;
+    TPM_RC  result;
+    OBJECT* evictObject;
     // Input Validation
+
     // Get internal object pointer
     evictObject = HandleToObject(in->objectHandle);
+
+    // Objects in a firmware-limited or SVN-limited hierarchy cannot be made
+    // persistent.
+    if(HierarchyIsFirmwareLimited(evictObject->hierarchy)
+       || HierarchyIsSvnLimited(evictObject->hierarchy))
+        return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
+
     // Temporary, stClear or public only objects can not be made persistent
     if(evictObject->attributes.temporary == SET
@@ -411 +539 @@
        || evictObject->attributes.publicOnly == SET)
         return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle;
+
     // If objectHandle refers to a persistent object, it should be the same as
     // input persistentHandle
@@ -416 +545 @@
        && evictObject->evictHandle != in->persistentHandle)
         return TPM_RCS_HANDLE + RC_EvictControl_objectHandle;
+
     // Additional authorization validation
     if(in->auth == TPM_RH_PLATFORM)
@@ -421 +551 @@
             // To make persistent
             if(evictObject->attributes.evict == CLEAR)
-                {
-                    // PlatformAuth can not set evict object in storage or endorsement
-                    // hierarchy
-                    if(evictObject->attributes.ppsHierarchy == CLEAR)
-                        return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
-                    // Platform cannot use a handle outside of platform persistent range.
-                    if(!NvIsPlatformPersistentHandle(in->persistentHandle))
-                        return TPM_RCS_RANGE + RC_EvictControl_persistentHandle;
-                }
+                {
+                    // PlatformAuth can not set evict object in storage or endorsement
+                    // hierarchy
+                    if(evictObject->attributes.ppsHierarchy == CLEAR)
+                        return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
+                    // Platform cannot use a handle outside of platform persistent range.
+                    if(!NvIsPlatformPersistentHandle(in->persistentHandle))
+                        return TPM_RCS_RANGE + RC_EvictControl_persistentHandle;
+                }
             // PlatformAuth can delete any persistent object
         }
@@ -437 +567 @@
             if(evictObject->attributes.ppsHierarchy == SET)
                 return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
+
             // Owner cannot use a handle outside of owner persistent range.
             if(evictObject->attributes.evict == CLEAR
@@ -466 +597 @@
     return result;
 }
-#endif // CC_EvictControl
+
+#endif  // CC_EvictControl

trunk/src/libs/libtpms-0.10.0/src/tpm2/GpMacros.h ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: GpMacros.h 1658 2021-01-22 23:14:01Z kgoldman $              */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2021                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2024                             */
 /*                                                                              */
 /********************************************************************************/
 
-#ifndef GPMACROS_H
-#define GPMACROS_H
-
-/* 5.10.1       Introduction */
-/* This file is a collection of miscellaneous macros. */
+//** Introduction
+// This file is a collection of miscellaneous macros.
+
+#ifndef GP_MACROS_H
+#define GP_MACROS_H
+
 #ifndef NULL
-#define NULL 0
-#endif
-#include "swap.h"
-#include "VendorString.h"
-/* 5.10.2       For Self-test */
-/* These macros are used in CryptUtil() to invoke the incremental self test. */
-#if SELF_TEST
-#   define     TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL)
-/* Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash
-   with that value, don't do it. */
-#   define     TEST_HASH(alg)                                           \
-    if(TEST_BIT(alg, g_toTest)                                          \
-       &&  (alg != TPM_ALG_NULL))                                       \
-        CryptTestAlgorithm(alg, NULL)
+#  define NULL 0
+#endif
+
+#include "endian_swap.h"
+#include "VendorInfo.h"
+
+//** For Self-test
+// These macros are used in CryptUtil to invoke the incremental self test.
+#if ENABLE_SELF_TESTS
+#  define TPM_DO_SELF_TEST(alg)              \
+      do                                     \
+      {                                      \
+          if(TEST_BIT(alg, g_toTest))        \
+              CryptTestAlgorithm(alg, NULL); \
+      } while(0)
 #else
-#   define TEST(alg)
-#   define TEST_HASH(alg)
-#endif // SELF_TEST
-/* 5.10.3       For Failures */
+#  define TPM_DO_SELF_TEST(alg)
+#endif  // ENABLE_SELF_TESTS
+
+//** For Failures
 #if defined _POSIX_
-#   define FUNCTION_NAME        __func__     /* libtpms changed */
+#  define FUNCTION_NAME __func__     /* libtpms changed */
 #else
-#   define FUNCTION_NAME        __FUNCTION__
-#endif
-#if !FAIL_TRACE
-#   define FAIL(errorCode) (TpmFail(errorCode))
-#   define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode))
+#  define FUNCTION_NAME __FUNCTION__
+#endif
+
+#if defined(FAIL_TRACE) && FAIL_TRACE != 0
+#  define CODELOCATOR() FUNCTION_NAME, __LINE__
+#else  // !FAIL_TRACE
+// if provided, use the definition of CODELOCATOR from TpmConfiguration so
+// implementor can customize this.
+#  ifndef CODELOCATOR
+#    define CODELOCATOR() 0
+#  endif
+#endif  // FAIL_TRACE
+
+        // SETFAILED calls TpmFail.  It may or may not return based on the NO_LONGJMP flag.
+        // CODELOCATOR is a macro that expands to either one 64-bit value that encodes the
+        // location, or two parameters: Function Name and Line Number.
+#define SETFAILED(errorCode) (TpmFail(CODELOCATOR(), errorCode))
+
+// If implementation is using longjmp, then calls to TpmFail() will never
+// return.  However, without longjmp facility, TpmFail will return while most of
+// the code currently expects FAIL() calls to immediately abort the current
+// command. If they don't, some commands return success instead of failure.  The
+// family of macros below are provided to allow the code to be modified to
+// correctly propagate errors correctly, based on the context.
+//
+// * Some functions, particularly the ECC crypto have state cleanup at the end
+//   of the function and need to use the goto Exit pattern.
+// * Other functions return TPM_RC values, which should return TPM_RC_FAILURE
+// * Still other functions return an isOK boolean and need to return FALSE.
+//
+// if longjmp is available, all these macros just call SETFAILED and immediately
+// abort.  Note any of these approaches could leak memory if the crypto adapter
+// libraries are using dynamic memory.
+//
+// FAIL vs. FAIL_NORET
+// ===================
+// Be cautious with these macros.  FAIL_NORET is intended as an affirmation
+// that the upstream code calling the function using this macro has been
+// investigated to confirm that upstream functions correctly handle this
+// function putting the TPM into failure mode without returning an error.
+//
+// The TPM library was originally written with a lot of error checking omitted,
+// which means code occurring after a FAIL macro may not expect to be called
+// when the TPM is in failure mode.  When NO_LONGJMP is false (the system has a
+// longjmp API), then none of that code is executed because the sample platform
+// sets up longjmp before calling ExecuteCommand.  However, in the NO_LONGJMP
+// case, code following a FAIL or FAIL_NORET macro will get run.  The
+// conservative assumption is that code is untested and may be unsafe in such a
+// situation.  FAIL_NORET can replace FAIL when the code has been reviewed to
+// ensure the post-FAIL code is safe.  Of course, this is a point-in-time
+// assertion that is only true when the FAIL_NORET macro is first inserted;
+// hence it is better to use one of the early-exit macros to immediately return.
+// However, the necessary return-code plumbing may be large and FAIL/FAIL_NORET
+// are provided to support gradual improvement over time.
+
+#ifndef NO_LONGJMP
+// has longjmp
+// necesary to reference Exit, even though the code is no-return
+#  define TPM_FAIL_RETURN NORETURN void
+
+// see discussion above about FAIL/FAIL_NORET
+#  define FAIL(failCode)                   SETFAILED(failCode)
+#  define FAIL_NORET(failCode)             SETFAILED(failCode)
+#  define FAIL_IMMEDIATE(failCode, retval) SETFAILED(failCode)
+#  define FAIL_BOOL(failCode)              SETFAILED(failCode)
+#  define FAIL_RC(failCode)                SETFAILED(failCode)
+#  define FAIL_VOID(failCode)              SETFAILED(failCode)
+#  define FAIL_NULL(failCode)              SETFAILED(failCode)
+#  define FAIL_EXIT(failCode, returnVar, returnCode)         \
+    do                                                               \
+        {                                                            \
+            SETFAILED(failCode);                                     \
+            goto Exit;                                               \
+        } while(0)
+
+#else  // NO_LONGJMP
+// no longjmp service is available
+#  define TPM_FAIL_RETURN      void
+
+// This macro is provided for existing code and should not be used in new code.
+// see discussion above.
+#  define FAIL(failCode)       FAIL_NORET(failCode)
+
+// Be cautious with this macro, see discussion above.
+#  define FAIL_NORET(failCode) SETFAILED(failCode)
+
+// fail and immediately return void
+#  define FAIL_VOID(failCode)                  \
+    do                                                 \
+        {                                              \
+            SETFAILED(failCode);                       \
+            return;                                    \
+        } while(0)
+
+// fail and immediately return a value
+#  define FAIL_IMMEDIATE(failCode, retval)                         \
+    do                                                             \
+        {                                                               \
+            SETFAILED(failCode);                                        \
+            return retval;                                              \
+        } while(0)
+
+// fail and return FALSE
+#  define FAIL_BOOL(failCode) FAIL_IMMEDIATE(failCode, FALSE)
+
+// fail and return TPM_RC_FAILURE
+#  define FAIL_RC(failCode)   FAIL_IMMEDIATE(failCode, TPM_RC_FAILURE)
+
+// fail and return NULL
+#  define FAIL_NULL(failCode) FAIL_IMMEDIATE(failCode, NULL)
+
+// fail and return using the goto exit pattern
+#  define FAIL_EXIT(failCode, returnVar, returnCode)                    \
+    do                                                                  \
+        {                                                               \
+            SETFAILED(failCode);                                        \
+            returnVar = returnCode;                                     \
+            goto Exit;                                                  \
+        } while(0)
+
+#endif
+
+// This macro tests that a condition is TRUE and puts the TPM into failure mode
+// if it is not. If longjmp is being used, then the macro makes a call from
+// which there is no return. Otherwise, the function will return the given
+// return code.
+#define VERIFY(condition, failCode, returnCode)                         \
+    do                                                                  \
+        {                                                               \
+            if(!(condition))                                            \
+                {                                                       \
+                    FAIL_IMMEDIATE(failCode, returnCode);               \
+                }                                                       \
+        } while(0)
+
+// this function also verifies a condition and enters failure mode, but sets a
+// return value and jumps to Exit on failure - allowing for cleanup.
+#define VERIFY_OR_EXIT(condition, failCode, returnVar, returnCode)      \
+    do                                                                  \
+        {                                                               \
+            if(!(condition))                                            \
+                {                                                       \
+                    FAIL_EXIT(failCode, returnVar, returnCode);         \
+                }                                                       \
+        } while(0)
+
+// verify the given TPM_RC is success and we are not in
+// failure mode.  Otherwise, return immediately with TPM_RC_FAILURE.
+// note that failure mode is checked first so that an existing FATAL_* error code
+// is not overwritten with the default from this macro.
+#define VERIFY_RC(rc)                                                   \
+    do                                                                  \
+        {                                                               \
+            if(g_inFailureMode)                                         \
+                {                                                       \
+                    return TPM_RC_FAILURE;                              \
+                }                                                       \
+            if(rc != TPM_RC_SUCCESS)                                    \
+                {                                                       \
+                    FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, TPM_RC_FAILURE); \
+                }                                                       \
+        } while(0)
+
+// verify the TPM is not in failure mode or return failure
+#define VERIFY_NOT_FAILED()                                             \
+    do                                                                  \
+        {                                                               \
+            if(g_inFailureMode)                                         \
+                {                                                       \
+                    return TPM_RC_FAILURE;                              \
+                }                                                       \
+        } while(0)
+
+// Enter failure mode if the given TPM_RC is not success, return void.
+#define VERIFY_RC_VOID(rc)                                              \
+    do                                                                  \
+        {                                                               \
+            if(g_inFailureMode)                                         \
+                {                                                       \
+                    return;                                             \
+                }                                                       \
+            if(rc != TPM_RC_SUCCESS)                                    \
+                {                                                       \
+                    FAIL_VOID(FATAL_ERROR_ASSERT);                      \
+                }                                                       \
+        } while(0)
+
+// These VERIFY_CRYPTO macros all set failure mode to FATAL_ERROR_CRYPTO
+// and immediately return.  The general way to parse the names is:
+// VERIFY_CRYPTO_[conditionType]_[OR_EXIT]_[retValType]
+// if conditionType is omitted, it is taken as BOOL.
+// Without OR_EXIT, implies an immediate return. Thus VERIFY_CRYPTO_BOOL:
+// 1. check fn against TRUE
+// 2. if false,  set failure mode to FATAL_ERROR_CRYPTO
+// 3. immediately return FALSE.
+// and, VERIFY_CRYPTO_OR_EXIT_RC translates to:
+// 1. Check a BOOL
+// 2. If false, set failure mode with FATAL_ERROR_CRYPTO,
+// 3. assume retVal is type TPM_RC, set it to TPM_RC_FAILURE
+// 4. Goto Exit
+// while VERIFY_CRYPTO_RC_OR_EXIT translates to:
+// 1. Check fn result against TPM_RC_SUCCESS
+// 2. if not equal, set failure mode to FATAL_ERROR_CRYPTO
+// 3. assume retVal is type TPM_RC, set it to TPM_RC_FAILURE
+// 4. Goto Exit.
+#define VERIFY_CRYPTO(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, TPM_RC_FAILURE)
+
+#define VERIFY_CRYPTO_BOOL(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, FALSE)
+
+#define VERIFY_CRYPTO_OR_NULL(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, NULL)
+
+// these VERIFY_CRYPTO macros all set a result value and goto Exit
+#define VERIFY_CRYPTO_OR_EXIT(fn, returnVar, returnCode)                \
+    VERIFY_OR_EXIT(fn, FATAL_ERROR_CRYPTO, returnVar, returnCode);
+
+// these VERIFY_CRYPTO_OR_EXIT functions assume the return value variable is
+// named retVal
+#define VERIFY_CRYPTO_OR_EXIT_RC(fn)                                    \
+    VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, TPM_RC_FAILURE)
+
+#define VERIFY_CRYPTO_OR_EXIT_FALSE(fn)                         \
+    VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, FALSE)
+
+#define VERIFY_CRYPTO_RC_OR_EXIT(fn)                           \
+    do                                                         \
+        {                                                              \
+            TPM_RC rc = fn;                                            \
+            if(rc != TPM_RC_SUCCESS)                                   \
+                {                                                       \
+                    FAIL_EXIT(FATAL_ERROR_CRYPTO, retVal, rc);          \
+                }                                                       \
+        } while(0)
+
+#if(defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO)
+#  define pAssert(a) ((void)0)
 #else
-#   define FAIL(errorCode)        TpmFail(FUNCTION_NAME, __LINE__, errorCode)
-#   define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode)
-#endif
-/* If implementation is using longjmp, then the call to TpmFail() does not return and the compiler
-   will complain about unreachable code that comes after. To allow for not having longjmp, TpmFail()
-   will return and the subsequent code will be executed. This macro accounts for the difference. */
-#ifndef NO_LONGJMP
-#   define FAIL_RETURN(returnCode)
-#   define TPM_FAIL_RETURN     NORETURN void
-#else
-#   define FAIL_RETURN(returnCode) return (returnCode)
-#   define TPM_FAIL_RETURN     void
-#endif
-/* This macro tests that a condition is TRUE and puts the TPM into failure mode if it is not. If
-   longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes a call from which there is no
-   return. Otherwise, it returns and the function will exit with the appropriate return code. */
-#define REQUIRE(condition, errorCode, returnCode)               \
-    {                                                           \
-        if(!!(condition))                                       \
-            {                                                   \
-                FAIL(FATAL_ERROR_errorCode);                    \
-                FAIL_RETURN(returnCode);                        \
-            }                                                   \
+#  define pAssert(a)                                       \
+    do                                                     \
+        {                                                          \
+            if(!(a))                                               \
+                FAIL(FATAL_ERROR_PARAMETER);                       \
+        } while(0)
+
+#  define pAssert_ZERO(a)                                               \
+    do                                                                  \
+        {                                                               \
+            if(!(a))                                                    \
+                FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, 0);                  \
+        } while(0);
+
+#  define pAssert_RC(a)                            \
+    do                                             \
+        {                                                  \
+            if(!(a))                                       \
+                FAIL_RC(FATAL_ERROR_ASSERT);               \
+        } while(0);
+
+#  define pAssert_BOOL(a)                            \
+    do                                               \
+        {                                                    \
+            if(!(a))                                         \
+                FAIL_BOOL(FATAL_ERROR_ASSERT);               \
+        } while(0);
+
+#  define pAssert_NULL(a)                            \
+    do                                               \
+        {                                                    \
+            if(!(a))                                         \
+                FAIL_NULL(FATAL_ERROR_ASSERT);               \
+        } while(0);
+
+// using FAIL_NORET isn't optimium but is available in limited cases that
+// result in wrong calculated values, and can be checked later
+// but should have no vulnerability implications.
+#  define pAssert_NORET(a)                            \
+    {                                                 \
+        if(!(a))                                              \
+            FAIL_NORET(FATAL_ERROR_ASSERT);                   \
     }
-#define PARAMETER_CHECK(condition, returnCode)          \
-    REQUIRE((condition), PARAMETER, returnCode)
-#if defined EMPTY_ASSERT && (EMPTY_ASSERT != NO)
-#   define pAssert(a)  ((void)0)
-#else
-#   define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);}
-#endif
-/* 5.10.4       Derived from Vendor-specific values */
-/* Values derived from vendor specific settings in TpmProfile.h */
-#define PCR_SELECT_MIN          ((PLATFORM_PCR+7)/8)
-#define PCR_SELECT_MAX          ((IMPLEMENTATION_PCR+7)/8)
-#define MAX_ORDERLY_COUNT       ((1 << ORDERLY_BITS) - 1)
-#define RSA_MAX_PRIME           (MAX_RSA_KEY_BYTES / 2)
-#define RSA_PRIVATE_SIZE        (RSA_MAX_PRIME * 5)
-
-/* 5.10.5       Compile-time Checks */
-/* In some cases, the relationship between two values may be dependent on things that change based
-   on various selections like the chosen cryptographic libraries. It is possible that these
-   selections will result in incompatible settings. These are often detectable by the compiler but
-   it isn't always possible to do the check in the preprocessor code. For example, when the check
-   requires use of sizeof then the preprocessor can't do the comparison. For these cases, we include
-   a special macro that, depending on the compiler will generate a warning to indicate if the check
-   always passes or always fails because it involves fixed constants. To run these checks, define
-   COMPILER_CHECKS in TpmBuildSwitches.h */
-#if COMPILER_CHECKS
-#   define  cAssert     pAssert
-#else
-#   define cAssert(value)
-#endif
-/* This is used commonly in the Crypt code as a way to keep listings from getting too long. This is
-   not to save paper but to allow one to see more useful stuff on the screen at any given time. */
-#define     ERROR_RETURN(returnCode)            \
-    {                                           \
-        retVal = returnCode;                    \
-        goto Exit;                              \
+
+// this macro is used where a calling code has been verified to function correctly
+// when the failing assert immediately returns without an error code.
+// this can be because either the caller checks the fatal error flag, or
+// the state is safe and a higher-level check will catch it.
+#  define pAssert_VOID_OK(a)                         \
+    {                                                \
+        if(!(a))                                             \
+            FAIL_VOID(FATAL_ERROR_ASSERT);                   \
     }
-#ifndef MAX
-#  define MAX(a, b) ((a) > (b) ? (a) : (b))
-#endif
-#ifndef MIN
-#  define MIN(a, b) ((a) < (b) ? (a) : (b))
-#endif
+
+#endif
+
+// These macros are commonly used in the "Crypt" code as a way to keep listings from
+// getting too long. This is not to save paper but to allow one to see more
+// useful stuff on the screen at any given time.  Neither macro sets failure mode.
+#define ERROR_EXIT(returnCode)         \
+    do                                 \
+        {                                      \
+            retVal = returnCode;               \
+            goto Exit;                         \
+        } while(0)
+
+// braces are necessary for this usage:
+// if (y)
+//     GOTO_ERROR_UNLESS(x)
+// else ...
+// without braces the else would attach to the GOTO macro instead of the
+// outer if statement; given the amount of TPM code that doesn't use braces on
+// if statements, this is a live risk.
+#define GOTO_ERROR_UNLESS(_X)                 \
+    do                                        \
+        {                                     \
+            if(!(_X))                                 \
+                goto Error;                           \
+        } while(0)
+
+#include "MinMax.h"
+
 #ifndef IsOdd
-#  define IsOdd(a)        (((a) & 1) != 0)
-#endif
+#  define IsOdd(a) (((a)&1) != 0)
+#endif
+
 #ifndef BITS_TO_BYTES
 #  define BITS_TO_BYTES(bits) (((bits) + 7) >> 3)
 #endif
-#ifndef DIV_UP
-#  define DIV_UP(var, div) ((var + div - 1) / (div))
-#endif
-/* These are defined for use when the size of the vector being checked is known at compile time. */
-#define TEST_BIT(bit, vector)   TestBit((bit), (BYTE *)&(vector), sizeof(vector))
-#define SET_BIT(bit, vector)    SetBit((bit), (BYTE *)&(vector), sizeof(vector))
-#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector))
-/* The following definitions are used if they have not already been defined. The defaults for these
-   settings are compatible with ISO/IEC 9899:2011 (E) */
+
+// These are defined for use when the size of the vector being checked is known
+// at compile time.
+#define TEST_BIT(bit, vector)  TestBit((bit), (BYTE*)&(vector), sizeof(vector))
+#define SET_BIT(bit, vector)   SetBit((bit), (BYTE*)&(vector), sizeof(vector))
+#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE*)&(vector), sizeof(vector))
+
+// The following definitions are used if they have not already been defined. The
+// defaults for these settings are compatible with ISO/IEC 9899:2011 (E)
 #ifndef LIB_EXPORT
-#   define LIB_EXPORT
-#   define LIB_IMPORT
+#  define LIB_EXPORT
+#  define LIB_IMPORT
 #endif
 #ifndef NORETURN
-#   define NORETURN _Noreturn
+#  define NORETURN _Noreturn
 #endif
 #ifndef NOT_REFERENCED
-#   define NOT_REFERENCED(x = x)   ((void) (x))
-#endif
+#  define NOT_REFERENCED(x = x) ((void)(x))
+#endif
+
 #define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC))
-#define JOIN(x,y) x##y
-#define JOIN3(x, y, z) x##y##z
-#define CONCAT(x,y) JOIN(x, y)
-#define CONCAT3(x, y, z) JOIN3(x,y,z)
-
-/*     If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style
-       table. Otherwise, pick the strongest implemented hash algorithm as the context hash. */
-
-#if defined(VBOX)
-/*
- * Our openssl symbol mangling clashes with teh defines below prefixing them with VBox_
- * which of course breaks everything else... Lets just hope libtpms doesn't call SHA512(), etc.
- */
-# undef SHA1
-# undef SHA256
-# undef SHA384
-# undef SHA512
-#endif
-
-#ifndef CONTEXT_HASH_ALGORITHM
-#   if defined ALG_SHA3_512 && ALG_SHA3_512 == YES
-#       define CONTEXT_HASH_ALGORITHM   SHA3_512
-#   elif defined ALG_SHA512 && ALG_SHA512 == YES
-#       define CONTEXT_HASH_ALGORITHM    SHA512
-#   elif defined ALG_SHA3_384 && ALG_SHA3_384 == YES
-#       define CONTEXT_HASH_ALGORITHM    SHA3_384
-#   elif defined ALG_SHA384 && ALG_SHA384 == YES
-#       define CONTEXT_HASH_ALGORITHM    SHA384
-#   elif defined ALG_SHA3_256 && ALG_SHA3_256 == YES
-#       define CONTEXT_HASH_ALGORITHM    SHA3_256
-#   elif defined ALG_SHA256 && ALG_SHA256 == YES
-#       define CONTEXT_HASH_ALGORITHM    SHA256
-#   elif defined ALG_SM3_256 && ALG_SM3_256 == YES
-#       define CONTEXT_HASH_ALGORITHM    SM3_256
-#   elif defined ALG_SHA1 && ALG_SHA1 == YES
-#       define CONTEXT_HASH_ALGORITHM  SHA1
-#   endif
-#   define CONTEXT_INTEGRITY_HASH_ALG  CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM)
-#if CONTEXT_HASH_ALGORITHM != SHA512    // libtpms added begin
-#error CONTEXT_HASH_ALGORITHM must remain SHA512
-#endif                                  // libtpms added end
-#endif
-
-#ifndef CONTEXT_INTEGRITY_HASH_SIZE
-#define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE)
-#endif
-#if ALG_RSA
-#define     RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 :    \
-                                  (MAX_RSA_KEY_BITS >=  7680 ? 192 :    \
-                                  (MAX_RSA_KEY_BITS >=  3072 ? 128 :    \
-                                  (MAX_RSA_KEY_BITS >=  2048 ? 112 :    \
-                                  (MAX_RSA_KEY_BITS >=  1024 ?  80 :  0)))))
+
+// This bit is used to indicate that an authorization ticket expires on TPM Reset
+// and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned()
+// and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is
+// relative to Time (g_time). Time is reset whenever the TPM loses power and cannot
+// be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing
+// time in ms. Stealing the MSb for a flag means that the TPM needs to be reset
+// at least once every 292,471,208 years rather than once every 584,942,417 years.
+#define EXPIRATION_BIT ((UINT64)1 << 63)
+
+// Check for consistency of the bit ordering of bit fields
+#if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES
+#  error "Settings not consistent"
+#endif
+
+// These macros are used to handle the variation in handling of bit fields. If
+#if USE_BIT_FIELD_STRUCTURES  // The default, old version, with bit fields
+#  define IS_ATTRIBUTE(a, type, b)    ((a.b) != 0)
+#  define SET_ATTRIBUTE(a, type, b)   (a.b = SET)
+#  define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR)
+#  define GET_ATTRIBUTE(a, type, b)   (a.b)
+#  define TPMA_ZERO_INITIALIZER()                 \
+    {                                                     \
+        0                                                 \
+    }
 #else
-#define     RSA_SECURITY_STRENGTH   0
-#endif // ALG_RSA
-#if ALG_ECC
-#define     ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 :      \
-                                  (MAX_ECC_KEY_BITS >= 384 ? 192 :      \
-                                  (MAX_ECC_KEY_BITS >= 256 ? 128 : 0)))
-#else
-#define     ECC_SECURITY_STRENGTH   0
-#endif // ALG_ECC
-#define     MAX_ASYM_SECURITY_STRENGTH                                  \
-    MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH)
-#define     MAX_HASH_SECURITY_STRENGTH  ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2)
-
-/*     Unless some algorithm is broken... */
-
-#define     MAX_SYM_SECURITY_STRENGTH   MAX_SYM_KEY_BITS
-#define MAX_SECURITY_STRENGTH_BITS                                      \
-    MAX(MAX_ASYM_SECURITY_STRENGTH,                                     \
-        MAX(MAX_SYM_SECURITY_STRENGTH,                                  \
-            MAX_HASH_SECURITY_STRENGTH))
-/*     This is the size that was used before the 1.38 errata requiring that P1.14.4 be followed */
-#define PROOF_SIZE      CONTEXT_INTEGRITY_HASH_SIZE
-/*     As required by P1.14.4 */
-#define COMPLIANT_PROOF_SIZE                                            \
-    (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES)))
-/*     As required by P1.14.3.1 */
-#define COMPLIANT_PRIMARY_SEED_SIZE                             \
-    BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2)
-/*     This is the pre-errata version */
-#ifndef PRIMARY_SEED_SIZE
-#   define PRIMARY_SEED_SIZE    PROOF_SIZE
-#endif
-#if USE_SPEC_COMPLIANT_PROOFS
-#   undef PROOF_SIZE
-#   define PROOF_SIZE           COMPLIANT_PROOF_SIZE
-#   undef PRIMARY_SEED_SIZE
-#   define PRIMARY_SEED_SIZE    COMPLIANT_PRIMARY_SEED_SIZE
-#endif  // USE_SPEC_COMPLIANT_PROOFS
-#if !SKIP_PROOF_ERRORS
-#   if PROOF_SIZE < COMPLIANT_PROOF_SIZE
-#       error "PROOF_SIZE is not compliant with TPM specification"
-#   endif
-#   if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE
-#       error  "Non-compliant PRIMARY_SEED_SIZE"
-#   endif
-#endif  // !SKIP_PROOF_ERRORS
-
-/* If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table */
-#if defined CONTEXT_ENCRYPT_ALG
-#   undef CONTEXT_ENCRYPT_ALGORITHM
-#   if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE
-#       define CONTEXT_ENCRYPT_ALGORITHM  AES
-#   elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE
-#       define CONTEXT_ENCRYPT_ALGORITHM  SM4
-#   elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE
-#       define CONTEXT_ENCRYPT_ALGORITHM  CAMELLIA
-#   elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE
-#   error Are you kidding?
-#   else
-#       error Unknown value for CONTEXT_ENCRYPT_ALG
-#   endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE
-#else
-#   define CONTEXT_ENCRYPT_ALG                                          \
-    CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE)
-#endif  // CONTEXT_ENCRYPT_ALG
-#define CONTEXT_ENCRYPT_KEY_BITS                                        \
-    CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS)
-#define CONTEXT_ENCRYPT_KEY_BYTES       ((CONTEXT_ENCRYPT_KEY_BITS+7)/8)
-
-/* This is updated to follow the requirement of P2 that the label not be larger than 32 bytes. */
-#ifndef LABEL_MAX_BUFFER
-#define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE))
-#endif
-/* This bit is used to indicate that an authorization ticket expires on TPM Reset and TPM Restart.It
-   is added to the timeout value returned by TPM2_PoliySigned() and TPM2_PolicySecret() and used by
-   TPM2_PolicyTicket(). The timeout value is relative to Time (g_time). Time is reset whenever the
-   TPM loses power and cannot be moved forward by the user (as can Clock). g_time is a 64-bit value
-   expressing time in ms. Stealing the MSb() for a flag means that the TPM needs to be reset at least
-   once every 292,471,208 years rather than once every 584,942,417 years. */
-#define EXPIRATION_BIT ((UINT64)1 << 63)
-/* Check for consistency of the bit ordering of bit fields */
-#if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES
-#   error "Settings not consistent"
-#endif
-/* These macros are used to handle the variation in handling of bit fields. If */
-#if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields
-#   define IS_ATTRIBUTE(a, type, b)        ((a.b) != 0)
-#   define SET_ATTRIBUTE(a, type, b)       (a.b = SET)
-#   define CLEAR_ATTRIBUTE(a, type, b)     (a.b = CLEAR)
-#   define GET_ATTRIBUTE(a, type, b)       (a.b)
-#   define TPMA_ZERO_INITIALIZER()          {0}
-#else
-#   define IS_ATTRIBUTE(a, type, b)        ((a & type##_##b) != 0)
-#   define SET_ATTRIBUTE(a, type, b)       (a |= type##_##b)
-#   define CLEAR_ATTRIBUTE(a, type, b)     (a &= ~type##_##b)
-#   define GET_ATTRIBUTE(a, type, b)                                    \
-    (type)((a & type##_##b) >> type##_##b##_SHIFT)
-#   define TPMA_ZERO_INITIALIZER()         (0)
-#endif
-#define VERIFY(_X) if(!(_X)) goto Error
+#  define IS_ATTRIBUTE(a, type, b)    ((a & type##_##b) != 0)
+#  define SET_ATTRIBUTE(a, type, b)   (a |= type##_##b)
+#  define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b)
+#  define GET_ATTRIBUTE(a, type, b)   (type)((a & type##_##b) >> type##_##b##_SHIFT)
+#  define TPMA_ZERO_INITIALIZER()     (0)
+#endif
+
 // These macros determine if the values in this file are referenced or instanced.
 // Global.c defines GLOBAL_C so all the values in this file will be instanced in
 // Global.obj. For all other files that include this file, the values will simply
 // be external references. For constants, there can be an initializer.
+#ifndef EXTERN
+#  ifdef GLOBAL_C
+#    define EXTERN
+#  else
+#    define EXTERN extern
+#  endif
+#endif  // EXTERN
 
 #ifdef GLOBAL_C
-#define EXTERN
-#define INITIALIZER(_value_)  = _value_
+#  define INITIALIZER(_value_) = _value_
 #else
-#define EXTERN  extern
-#define INITIALIZER(_value_)
+#  define INITIALIZER(_value_)
 #endif
 
@@ -355 +489 @@
 // 0x06 indicating an OID fallowed by an octet indicating the number of octets in the
 // rest of the OID. This allows a user of this OID to know how much/little to copy.
-#define MAKE_OID(NAME)                                                  \
-    EXTERN  const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE})
-
-/* This definition is moved from TpmProfile.h because it is not actually vendor- specific. It has to
-   be the same size as the sequence parameter of a TPMS_CONTEXT and that is a UINT64. So, this is an
-   invariant value */
-#define CONTEXT_COUNTER         UINT64
-
-#endif // GP_MACROS_H
+#define MAKE_OID(NAME) EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE})
+
+// This definition is moved from TpmProfile.h because it is not actually vendor-
+// specific. It has to be the same size as the 'sequence' parameter of a TPMS_CONTEXT
+// and that is a UINT64. So, this is an invariant value
+#define CONTEXT_COUNTER UINT64
+
+#include "TpmCalculatedAttributes.h"
+
+#endif  // GP_MACROS_H

trunk/src/libs/libtpms-0.10.0/src/tpm2/HashTestData.h ¶

@@ -163 +163 @@
     {
         .key      = &cmac_aeskey.b,
-        .data     = { 0 },
+        .data     = { 0 }, /* VBOX */
         .datalen  = 0,
         .out      = { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,

trunk/src/libs/libtpms-0.10.0/src/tpm2/NVMarshal.c ¶

@@ -55 +55 @@
 #include "TpmTcpProtocol.h"
 #include "Simulator_fp.h"
+#include "BackwardsCompatibilityBitArray.h"
+#include "BackwardsCompatibilityObject.h"
 
 #define TPM_HAVE_TPM2_DECLARATIONS
 #include "tpm_library_intern.h"
+
+MUST_BE(CONTEXT_INTEGRITY_HASH_ALG == TPM_ALG_SHA512);
 
 /*
@@ -83 +87 @@
 
 AssertCompile(NV_USER_DYNAMIC_END >= NV_USER_DYNAMIC);
-#endif
-
+#endif /* VBOX */
+    
 typedef struct
 {
@@ -109 +113 @@
         INT32 size;
     } pos[5]; /* more only needed for nested compile-time #ifdef's */
-} block_skip;
+} block_skip_t;
 
 /*
@@ -119 +123 @@
  */
 static UINT16
-block_skip_write_push(block_skip *bs, BOOL has_block,
+block_skip_write_push(block_skip_t *bs, BOOL has_block,
                       BYTE **buffer, INT32 *size) {
     UINT16 written , w;
@@ -144 +148 @@
  */
 static void
-block_skip_write_pop(block_skip *bs, INT32 *size) {
+block_skip_write_pop(block_skip_t *bs, INT32 *size) {
     UINT16 skip;
     unsigned i = --bs->idx;
@@ -184 +188 @@
             *size -= blocksize;
             *skip_code = TRUE;
+        } else if (!has_block && !needs_block) {
+            /* no block but also none needed */
+            *skip_code = TRUE;
         }
     }
@@ -190 +197 @@
 
 #define BLOCK_SKIP_INIT                         \
-    block_skip block_skip = {                   \
+    block_skip_t block_skip = {                 \
         .idx = 0,                               \
         .sz = ARRAY_SIZE(block_skip.pos),       \
@@ -302 +309 @@
 }
 
+/* Marshal a string including its terminating NUL byte. A NULL pointer will be
+ * marshalled with 0 bytes and will be unmarshalled as a NULL pointer again.
+ */
+static UINT16
+String_Marshal(const char *source, BYTE **buffer, INT32 *size)
+{
+    UINT16 written = 0;
+    UINT16 len = 0;
+
+    if (source)
+        len = (UINT16)strlen(source) + 1;
+    written += UINT16_Marshal(&len, buffer, size);
+
+    if (len > 0 && *size >= len) {
+        memcpy(*buffer, source, len);
+        *buffer += len;
+        *size -= len;
+
+        written += len;
+    }
+
+    return written;
+}
+
+static TPM_RC
+String_Unmarshal(char **target, BYTE **buffer, INT32 *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    UINT16 len;
+
+    *target = NULL;
+
+    if (rc == TPM_RC_SUCCESS) {
+        rc = UINT16_Unmarshal(&len, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        if (*size < len) {
+            rc = TPM_RC_INSUFFICIENT;
+        } else if (len > 0) {
+            *target = malloc(len);
+            if (!*target) {
+                rc = TPM_RC_MEMORY;
+            }
+        }
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        if (len > 0) {
+            memcpy(*target, *buffer, len);
+            *buffer += len;
+            *size -= len;
+        }
+    }
+
+    return rc;
+}
+
 static TPM_RC
 UINT32_Unmarshal_Check(UINT32 *data, UINT32 exp, BYTE **buffer, INT32 *size,
@@ -313 +376 @@
     if (rc == TPM_RC_SUCCESS && exp != *data) {
         TPMLIB_LogTPM2Error("%s: Expected value: 0x%08x, found: 0x%08x\n",
-                            __func__, exp, *data);
+                            msg, exp, *data);
         rc = TPM_RC_BAD_TAG;
     }
@@ -815 +878 @@
         for (j = 0; j < pcrAllocated->pcrSelections[i].sizeofSelect; j++) {
             if (pcrAllocated->pcrSelections[i].pcrSelect[j]) {
+                if (pcrAllocated->pcrSelections[i].hash >= 64) {
+                    TPMLIB_LogTPM2Error("pcrbanks_algs_active: invalid hash alg id: %d\n",
+                                        pcrAllocated->pcrSelections[i].hash);
+                } else {
 #ifndef VBOX
-                algs_active |= 1 << pcrAllocated->pcrSelections[i].hash;
-#else
-                algs_active |= RT_BIT_64(pcrAllocated->pcrSelections[i].hash);
-#endif
+                    algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash);
+#else
+                    algs_active |= RT_BIT_64(pcrAllocated->pcrSelections[i].hash);
+#endif /* VBOX */
+                }
                 break;
             }
@@ -866 +934 @@
                 needed_size = sizeof(data->Sha1);
                 t = (BYTE *)&data->Sha1;
-            break;
+                break;
 #endif
 #if ALG_SHA256
@@ -872 +940 @@
                 needed_size = sizeof(data->Sha256);
                 t = (BYTE *)&data->Sha256;
-            break;
+                break;
 #endif
 #if ALG_SHA384
@@ -878 +946 @@
                 needed_size = sizeof(data->Sha384);
                 t = (BYTE *)&data->Sha384;
-            break;
+                break;
 #endif
 #if ALG_SHA512
@@ -884 +952 @@
                 needed_size = sizeof(data->Sha512);
                 t = (BYTE *)&data->Sha512;
-            break;
+                break;
 #endif
 #if ALG_SM3_256
@@ -890 +958 @@
                 needed_size = sizeof(data->Sm3_256);
                 t = (BYTE *)&data->Sm3_256;
-            break;
+                break;
 #endif
 #if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256
@@ -899 +967 @@
                 end = TRUE;
                 t = NULL;
-            break;
+                break;
             default:
                 TPMLIB_LogTPM2Error("PCR_SAVE: Unsupported algid %d.",
@@ -1048 +1116 @@
                 needed_size = sizeof(data->Sha1Pcr);
                 t = (BYTE *)&data->Sha1Pcr;
-            break;
+                break;
 #endif
 #if ALG_SHA256
@@ -1054 +1122 @@
                 needed_size = sizeof(data->Sha256Pcr);
                 t = (BYTE *)&data->Sha256Pcr;
-            break;
+                break;
 #endif
 #if ALG_SHA384
@@ -1060 +1128 @@
                 needed_size = sizeof(data->Sha384Pcr);
                 t = (BYTE *)&data->Sha384Pcr;
-            break;
+                break;
 #endif
 #if ALG_SHA512
@@ -1066 +1134 @@
                 needed_size = sizeof(data->Sha512Pcr);
                 t = (BYTE *)&data->Sha512Pcr;
-            break;
+                break;
 #endif
 #if ALG_SM3_256
@@ -1072 +1140 @@
                 needed_size = sizeof(data->Sm3_256Pcr);
                 t = (BYTE *)&data->Sm3_256Pcr;
-            break;
+                break;
 #endif
 #if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256
@@ -1081 +1149 @@
                 end = TRUE;
                 t = NULL;
-            break;
+                break;
             default:
                 TPMLIB_LogTPM2Error("PCR: Unsupported algid %d.",
@@ -1319 +1387 @@
             /* version <= 3 was writing an array of UINT8 */
             UINT8 element;
-            for (i = 0; i < array_size && rc == TPM_RC_SUCCESS; i++) {
+            for (i = 0; i < array_size; i++) {
                 rc = UINT8_Unmarshal(&element, buffer, size);
+                if (rc != TPM_RC_SUCCESS)
+                    break;
+
                 data->contextArray[i] = element;
             }
@@ -1483 +1554 @@
 #define BN_PRIME_T_VERSION 2
 static UINT16
-bn_prime_t_Marshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
+ci_prime_t_Marshal(ci_prime_t *data, BYTE **buffer, INT32 *size)
 {
     UINT16 written, numbytes;
@@ -1519 +1590 @@
 
 static TPM_RC
-bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
+ci_prime_t_Unmarshal(ci_prime_t *data, BYTE **buffer, INT32 *size)
 {
     TPM_RC rc = TPM_RC_SUCCESS;
@@ -1542 +1613 @@
         data->size = (numbytes + sizeof(crypt_uword_t) - 1) / sizeof(crypt_word_t);
         if (data->size > data->allocated) {
-            TPMLIB_LogTPM2Error("bn_prime_t: Require size larger %zu than "
+            TPMLIB_LogTPM2Error("ci_prime_t: Require size larger %zu than "
                                 "allocated %zu\n",
                                 (size_t)data->size, (size_t)data->allocated);
@@ -1598 +1669 @@
 #error Missing code
 #else
-    written += bn_prime_t_Marshal(&data->Q, buffer, size);
-    written += bn_prime_t_Marshal(&data->dP, buffer, size);
-    written += bn_prime_t_Marshal(&data->dQ, buffer, size);
-    written += bn_prime_t_Marshal(&data->qInv, buffer, size);
+    written += ci_prime_t_Marshal(&data->Q, buffer, size);
+    written += ci_prime_t_Marshal(&data->dP, buffer, size);
+    written += ci_prime_t_Marshal(&data->dQ, buffer, size);
+    written += ci_prime_t_Marshal(&data->qInv, buffer, size);
 #endif
 
@@ -1630 +1701 @@
 #else
     if (rc == TPM_RC_SUCCESS) {
-        rc = bn_prime_t_Unmarshal(&data->Q, buffer, size);
-    }
-    if (rc == TPM_RC_SUCCESS) {
-        rc = bn_prime_t_Unmarshal(&data->dP, buffer, size);
-    }
-    if (rc == TPM_RC_SUCCESS) {
-        rc = bn_prime_t_Unmarshal(&data->dQ, buffer, size);
-    }
-    if (rc == TPM_RC_SUCCESS) {
-        rc = bn_prime_t_Unmarshal(&data->qInv, buffer, size);
+        rc = ci_prime_t_Unmarshal(&data->Q, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        rc = ci_prime_t_Unmarshal(&data->dP, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        rc = ci_prime_t_Unmarshal(&data->dQ, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        rc = ci_prime_t_Unmarshal(&data->qInv, buffer, size);
     }
 #endif
@@ -2386 +2457 @@
         pAssert(source->authValue.t.size == 0);
         pAssert(source->seedValue.t.size == 0);
-        pAssert(source->sensitiveType == TPM_ALG_ERROR)
+        pAssert(source->sensitiveType == TPM_ALG_ERROR);
         /* public keys */
     }
@@ -2419 +2490 @@
             pAssert(target->authValue.t.size == 0);
             pAssert(target->seedValue.t.size == 0);
-            pAssert(target->sensitiveType == TPM_ALG_ERROR)
+            pAssert(target->sensitiveType == TPM_ALG_ERROR);
             /* nothing do to do */
         }
@@ -2427 +2498 @@
 
 #define OBJECT_MAGIC 0x75be73af
-#define OBJECT_VERSION 3
+#define OBJECT_VERSION 4
 
 static UINT16
-OBJECT_Marshal(OBJECT *data, BYTE **buffer, INT32 *size)
+OBJECT_Marshal(OBJECT *data, BYTE **buffer, INT32 *size,
+               struct RuntimeProfile *RuntimeProfile)
 {
     UINT16 written;
     BOOL has_block;
     BLOCK_SKIP_INIT;
+    UINT16 blob_version;
+
+    switch (RuntimeProfile->stateFormatLevel) {
+    case 0:
+        pAssert(FALSE);
+        break;
+    case 1 ... 5:
+        blob_version = 3;
+        break;
+    default:  // since StateFormatLevel 6
+        blob_version = 4;
+        break;
+    }
 
     written = NV_HEADER_Marshal(buffer, size,
-                                OBJECT_VERSION, OBJECT_MAGIC, 3);
+                                blob_version, OBJECT_MAGIC, blob_version);
 
     /*
@@ -2445 +2530 @@
     written += NV_TPMT_SENSITIVE_Marshal(&data->sensitive, buffer, size);
 
-#if ALG_RSA
+    /* before v4: private exponent was always written
+     *  since v4: private exponent only written for RSA keys
+     */
     has_block = TRUE;
-#else
-    has_block = FALSE;
-#endif
+    if (blob_version >= 4 &&
+        data->sensitive.sensitiveType != TPM_ALG_RSA)
+        has_block = FALSE;
+
     written += BLOCK_SKIP_WRITE_PUSH(has_block, buffer, size);
-#if ALG_RSA
-    written += privateExponent_t_Marshal(&data->privateExponent,
-                                         buffer, size);
-#endif
+    if (has_block)
+        written += privateExponent_t_Marshal(&data->privateExponent,
+                                             buffer, size);
     BLOCK_SKIP_WRITE_POP(size);
 
@@ -2468 +2555 @@
     /* future versions append below this line */
 
+    /* since v4: hierarchy is written */
+    if (blob_version >= 4)
+        written += TPMI_RH_HIERARCHY_Marshal(&data->hierarchy, buffer, size);
+
     BLOCK_SKIP_WRITE_POP(size);
     BLOCK_SKIP_WRITE_POP(size);
@@ -2498 +2589 @@
     }
 
-#if ALG_RSA
+    /* before v4: private exponent was always written
+     *  since v4: private exponent only written for RSA keys
+     */
     needs_block = TRUE;
-#else
-    needs_block = FALSE;
-#endif
+    if (hdr.version >= 4 &&
+        data->sensitive.sensitiveType != TPM_ALG_RSA)
+        needs_block = FALSE;
+
     if (rc == TPM_RC_SUCCESS) {
         BLOCK_SKIP_READ(skip_alg_rsa, needs_block, buffer, size,
                         "OBJECT", "privateExponent");
     }
-#if ALG_RSA
     if (rc == TPM_RC_SUCCESS) {
         rc = privateExponent_t_Unmarshal(&data->privateExponent,
                                          buffer, size);
     }
-#endif
 skip_alg_rsa:
 
@@ -2527 +2619 @@
     /* default values before conditional block */
     data->seedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+    data->hierarchy = ObjectGetHierarchyFromAttributes(data);
 
     /* version 2 starts having indicator for next versions that we can skip;
@@ -2540 +2633 @@
 
         if (rc == TPM_RC_SUCCESS) {
-            BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+            BLOCK_SKIP_READ(skip_future_versions, hdr.version >= 4, buffer, size,
                             "OBJECT", "version 4 or later");
         }
-        /* future versions nest-append here */
+
+        if (rc == TPM_RC_SUCCESS) {
+            rc = TPMI_RH_HIERARCHY_Unmarshal(&data->hierarchy, buffer, size, TRUE);
+        }
     }
 
@@ -2554 +2650 @@
 
 UINT16
-ANY_OBJECT_Marshal(OBJECT *data, BYTE **buffer, INT32 *size)
+ANY_OBJECT_Marshal(OBJECT *data, BYTE **buffer, INT32 *size,
+                   struct RuntimeProfile *RuntimeProfile)
 {
     UINT16 written;
@@ -2569 +2666 @@
             written += HASH_OBJECT_Marshal((HASH_OBJECT *)data, buffer, size);
         else
-            written += OBJECT_Marshal(data, buffer, size);
+            written += OBJECT_Marshal(data, buffer, size, RuntimeProfile);
     }
 
@@ -2664 +2761 @@
     written += TPM2B_NONCE_Marshal(&data->nonceTPM, buffer, size);
     // TPM2B_NAME or TPM2B_DIGEST could be used for marshalling
+    MUST_BE(sizeof(data->u1.boundEntity) == sizeof(data->u1));
     written += TPM2B_NAME_Marshal(&data->u1.boundEntity, buffer, size);
+    MUST_BE(sizeof(data->u2.auditDigest) == sizeof(data->u2));
     written += TPM2B_DIGEST_Marshal(&data->u2.auditDigest, buffer, size);
 
@@ -2828 +2927 @@
 
 UINT16
-VolatileState_Marshal(BYTE **buffer, INT32 *size)
+VolatileState_Marshal(BYTE **buffer, INT32 *size, struct RuntimeProfile *RuntimeProfile)
 {
     UINT16 written;
@@ -2839 +2938 @@
     BLOCK_SKIP_INIT;
     PERSISTENT_DATA pd;
+    TPM2B_AUTH unused = {
+        .b.size = 0,
+    };
 
     written = NV_HEADER_Marshal(buffer, size,
@@ -2863 +2965 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -2870 +2973 @@
     /* g_daUsed: must write */
     written += BOOL_Marshal(&g_daUsed, buffer, size); /* line 484 */
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -2886 +2991 @@
     written += TPM2B_AUTH_Marshal(&g_platformUniqueAuthorities, buffer, size); /* line 535 */
 #endif
-    written += TPM2B_AUTH_Marshal(&g_platformUniqueDetails, buffer, size); /* line 536 */
+    written += TPM2B_AUTH_Marshal(&unused, buffer, size); /* was g_platformUniqueDetails; unused since v0.10 */
 
     /* gp (persistent_data): skip; we assume its latest states in the persistent data file */
@@ -2903 +3008 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -2930 +3036 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -2937 +3044 @@
     /* s_cpHashForCommandAudit: seems not used; better to write it */
     written += TPM2B_DIGEST_Marshal(&s_cpHashForCommandAudit, buffer, size);
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -2945 +3054 @@
     BLOCK_SKIP_WRITE_POP(size);
 
-#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C
+#if defined DA_C || defined GLOBAL_C_UNSUPPORTED || defined MANUFACTURE_C
     has_block = TRUE;
+#error Unsupport #define value(s)
 #else
     has_block = FALSE;
@@ -2952 +3062 @@
     written += BLOCK_SKIP_WRITE_PUSH(has_block, buffer, size);
 
-#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C
-
+#if defined DA_C || defined GLOBAL_C_UNSUPPORTED || defined MANUFACTURE_C
+#error Unsupport #define value(s)
 #if !ACCUMULATE_SELF_HEAL_TIMER
     has_block = TRUE;
@@ -2972 +3082 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -2995 +3106 @@
      * - s_cachedNvRamRef
      */
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -3001 +3114 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -3013 +3127 @@
 
     for (i = 0; i < array_size; i++) {
-        written += ANY_OBJECT_Marshal(&s_objects[i], buffer, size);
-    }
+        written += ANY_OBJECT_Marshal(&s_objects[i], buffer, size, RuntimeProfile);
+    }
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -3021 +3137 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -3033 +3150 @@
         written += PCR_Marshal(&s_pcrs[i], buffer, size);
     }
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -3039 +3158 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -3055 +3175 @@
     /* s_freeSessionSlots: */
     written += UINT32_Marshal((UINT32 *)&s_freeSessionSlots, buffer, size);
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
 
-#if defined IO_BUFFER_C || defined GLOBAL_C
+#if defined IO_BUFFER_C || defined GLOBAL_C_UNSUPPORTED
+# error Unsupport #define value(s)
     /* s_actionInputBuffer: skip; only used during a single command */
     /* s_actionOutputBuffer: skip; only used during a single command */
@@ -3071 +3194 @@
     has_block = TRUE;
 #else
+# error Unsupport #define value(s)
     has_block = FALSE;
 #endif
@@ -3079 +3203 @@
     written += UINT32_Marshal(&s_failLine, buffer, size);
     written += UINT32_Marshal(&s_failCode, buffer, size);
+#else
+# error Unsupport #define value(s)
 #endif // TPM_FAIL_C
     BLOCK_SKIP_WRITE_POP(size);
@@ -3086 +3212 @@
 #else
     has_block = FALSE;
+# error Unsupport #define value(s)
 #endif
     written += BLOCK_SKIP_WRITE_PUSH(has_block, buffer, size);
@@ -3094 +3221 @@
     tmp_uint64 = s_tpmTime;
     written += UINT64_Marshal(&tmp_uint64, buffer, size);
+#else
+# error Unsupport #define value(s)
 #endif
     BLOCK_SKIP_WRITE_POP(size);
@@ -3228 +3357 @@
     UINT16 array_size = 0;
     UINT64 backthen;
+    TPM2B_AUTH unused = {
+        .b.size = 0,
+    };
 
     if (rc == TPM_RC_SUCCESS) {
@@ -3258 +3390 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3268 +3401 @@
         rc = BOOL_Unmarshal(&g_daUsed, buffer, size); /* line 484 */
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_da:
@@ -3286 +3421 @@
 #endif
     if (rc == TPM_RC_SUCCESS) {
-        rc = TPM2B_AUTH_Unmarshal(&g_platformUniqueDetails, buffer, size); /* line 536 */
+        rc = TPM2B_AUTH_Unmarshal(&unused, buffer, size); /* was g_platformUniqueDetails; unused since v0.10 */
     }
 
@@ -3309 +3444 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3357 +3493 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3373 +3510 @@
         rc = BOOL_Unmarshal(&s_DAPendingOnNV, buffer, size);
     }
+#else
+# error Unsupport #define value(s)
 #endif /* SESSION_PROCESS_C */
 skip_session_process:
 
-#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C
+#if defined DA_C || defined GLOBAL_C_UNSUPPORTED || defined MANUFACTURE_C
+# error Unsupport #define value(s)
     needs_block = TRUE;
 #else
@@ -3386 +3526 @@
     }
 
-#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C
+#if defined DA_C || defined GLOBAL_C_UNSUPPORTED || defined MANUFACTURE_C
+# error Unsupport #define value(s)
 #if !ACCUMULATE_SELF_HEAL_TIMER
     needs_block = TRUE;
@@ -3411 +3552 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3444 +3586 @@
      * - s_cachedNvRamRef
      */
+#else
+# error Unsupport #define value(s)
 #endif
 skip_nv:
@@ -3450 +3594 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3470 +3615 @@
         rc = ANY_OBJECT_Unmarshal(&s_objects[i], buffer, size, true);
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_object:
@@ -3476 +3623 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3496 +3644 @@
         rc = PCR_Unmarshal(&s_pcrs[i], buffer, size, &shadow.pcrAllocated);
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_pcr:
@@ -3502 +3652 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3531 +3682 @@
         rc = UINT32_Unmarshal((UINT32 *)&s_freeSessionSlots, buffer, size);
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_session:
@@ -3553 +3706 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3571 +3725 @@
         rc = UINT32_Unmarshal(&s_failCode, buffer, size);
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_fail:
@@ -3577 +3733 @@
     needs_block = TRUE;
 #else
+# error Unsupport #define value(s)
     needs_block = FALSE;
 #endif
@@ -3593 +3750 @@
         s_tpmTime = tmp_uint64;
     }
+#else
+# error Unsupport #define value(s)
 #endif
 skip_hardware_clock:
@@ -3685 +3844 @@
 static const struct _entry {
     UINT32 constant;
-    char *name;
+    const char *name;
     enum CompareOp { EQ, LE, GE, DONTCARE } cmp;
 } pa_compile_constants[] = {
@@ -3763 +3922 @@
     { COMPILE_CONSTANT(MAX_ALG_LIST_SIZE, EQ) },
     { COMPILE_CONSTANT(PRIMARY_SEED_SIZE, EQ) },
-#if CONTEXT_ENCRYPT_ALGORITHM == AES
+#if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE
 #define CONTEXT_ENCRYPT_ALGORITHM_ TPM_ALG_AES
 #endif
@@ -3784 +3943 @@
     /* added for PA_COMPILE_CONSTANTS_VERSION == 3 */
     { COMPILE_CONSTANT(AES_128, LE) },
-    { COMPILE_CONSTANT(AES_192, LE) },
+    { COMPILE_CONSTANT(0, LE) }, /* was: AES_192; now handled via profile */
     { COMPILE_CONSTANT(AES_256, LE) },
     { COMPILE_CONSTANT(SM4_128, LE) },
     { COMPILE_CONSTANT(ALG_CAMELLIA, LE) },
     { COMPILE_CONSTANT(CAMELLIA_128, LE) },
-    { COMPILE_CONSTANT(CAMELLIA_192, LE) },
+    { COMPILE_CONSTANT(0, LE) }, /* was: CAMELLIA_192; now handled via profile */
     { COMPILE_CONSTANT(CAMELLIA_256, LE) },
     { COMPILE_CONSTANT(ALG_SHA3_256, LE) },
@@ -3816 +3975 @@
     { COMPILE_CONSTANT(RH_ACT_F, LE) },
 };
+MUST_BE(CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE);
 
 static TPM_RC
@@ -3917 +4077 @@
             break;
         default:
-            /* we don't suport anything newer - no downgrade */
+            /* we don't support anything newer - no downgrade */
             TPMLIB_LogTPM2Error("Unsupported PA_COMPILE_CONSTANTS version %d. "
                                 "Supporting up to version %d.\n",
@@ -3957 +4117 @@
 }
 
+static UINT16
+PERSISTENT_DATA_PPList_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size,
+                               UINT16 blob_version, UINT32 commandCount)
+{
+    UINT8 ppList[(110 + 7) / 8];
+    UINT16 array_size;
+    UINT16 written;
+    UINT8 *ptr;
+
+    assert(!COMPRESSED_LISTS);
+    if (blob_version <= 4) {
+        /* Custom profile can get here; v0.9 had 110 commands enabled and
+         * was using a COMPRESSED_LIST.
+         */
+        assert(commandCount <= 110);
+        array_size = (commandCount + 7) / 8;
+        assert(sizeof(ppList) >= array_size);
+        ConvertToCompressedBitArray(data->ppList, sizeof(data->ppList),
+                                    ppList, array_size);
+        ptr = ppList;
+    } else {
+        /* write the array as it is */
+        array_size = sizeof(data->ppList);
+        ptr = data->ppList;
+    }
+    written = UINT16_Marshal(&array_size, buffer, size);
+    written += Array_Marshal(ptr, array_size, buffer, size);
+
+    return written;
+}
+
+static TPM_RC
+PERSISTENT_DATA_PPList_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size,
+                                 UINT16 blob_version)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    UINT16 array_size;
+
+    assert(!COMPRESSED_LISTS);
+
+    if (rc == TPM_RC_SUCCESS) {
+        rc = UINT16_Unmarshal(&array_size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+#ifndef VBOX
+        BYTE buf[array_size];
+        rc = Array_Unmarshal(buf, array_size, buffer, size);
+        if (rc == TPM_RC_SUCCESS) {
+            if (blob_version <= 4) {
+                /* version <= 4 used COMPRESSED_LISTS and needs to be converted */
+                rc = ConvertFromCompressedBitArray(buf, array_size,
+                                                   data->ppList, sizeof(data->ppList));
+            } else {
+                memset(data->ppList, 0, sizeof(data->ppList));
+                assert(array_size <= sizeof(data->ppList));
+                memcpy(data->ppList, buf, array_size);
+            }
+        }
+#else
+        BYTE *pBuf = (BYTE *)RTMemTmpAlloc(array_size);
+        if (RT_LIKELY(pBuf))
+        {
+            rc = Array_Unmarshal(pBuf, array_size, buffer, size);
+            memcpy(data->ppList, pBuf, MIN(array_size, sizeof(data->ppList)));
+            RTMemTmpFree(pBuf);
+        }
+        else
+            rc = TPM_RC_SIZE;
+#endif /* VBOX */
+    }
+    return rc;
+}
+
+static UINT16
+PERSISTENT_DATA_AuditCommands_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size,
+                                      UINT16 blob_version, UINT32 commandCount)
+{
+    UINT8 auditCommands[(110 + 1 + 7) / 8];
+    UINT16 array_size;
+    UINT16 written;
+    UINT8 *ptr;
+
+    assert(!COMPRESSED_LISTS);
+
+    if (blob_version <= 4) {
+        /* Custom profile can get here; v0.9 had 110 commands enabled and
+         * was using a COMPRESSED_LIST.
+         */
+        assert(commandCount <= 110);
+        array_size = ((commandCount + 1) + 7) / 8;      /* same as in Global.h PERSISTENT_DATA */
+        assert(sizeof(auditCommands) >= array_size);
+        ConvertToCompressedBitArray(data->auditCommands, sizeof(data->auditCommands),
+                                    auditCommands, array_size);
+        ptr = auditCommands;
+    } else {
+        /* write the array as it is */
+        array_size = sizeof(data->auditCommands);
+        ptr = data->auditCommands;
+    }
+    written = UINT16_Marshal(&array_size, buffer, size);
+    written += Array_Marshal(ptr, array_size, buffer, size);
+
+    return written;
+}
+
+static TPM_RC
+PERSISTENT_DATA_AuditCommands_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size,
+                                        UINT16 blob_version)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    UINT16 array_size;
+
+    assert(!COMPRESSED_LISTS);
+
+    if (rc == TPM_RC_SUCCESS) {
+        rc = UINT16_Unmarshal(&array_size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+#ifndef VBOX
+        BYTE buf[array_size];        
+        rc = Array_Unmarshal(buf, array_size, buffer, size);
+        if (rc == TPM_RC_SUCCESS) {
+            if (blob_version <= 4) {
+                /* version <= 4 used COMPRESSED_LISTS and needs to be converted */
+                rc = ConvertFromCompressedBitArray(buf, array_size,
+                                                   data->auditCommands, sizeof(data->auditCommands));
+            } else {
+                memset(data->auditCommands, 0, sizeof(data->auditCommands));
+                assert(array_size <= sizeof(data->auditCommands));
+                memcpy(data->auditCommands, buf, array_size);
+            }
+        }
+#else
+        BYTE *pBuf = (BYTE *)RTMemTmpAlloc(array_size);
+        if (RT_LIKELY(pBuf))
+        {
+            rc = Array_Unmarshal(pBuf, array_size, buffer, size);
+            memcpy(data->auditCommands, pBuf, MIN(array_size, sizeof(data->auditCommands)));
+            RTMemTmpFree(pBuf);
+        }
+        else
+            rc = TPM_RC_SIZE;
+#endif
+    }
+    return rc;
+}
+
+
 #define PERSISTENT_DATA_MAGIC   0x12213443
-#define PERSISTENT_DATA_VERSION 4
+#define PERSISTENT_DATA_VERSION 5
 
 static UINT16
-PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
-{
+PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size,
+                        struct RuntimeProfile *RuntimeProfile)
+{
+    UINT32 commandCount = RuntimeCommandsCountEnabled(&RuntimeProfile->RuntimeCommands);
     UINT16 written;
-    UINT16 array_size;
     UINT8 clocksize;
     BOOL has_block;
     BLOCK_SKIP_INIT;
+    UINT16 blob_version;
+
+    switch (RuntimeProfile->stateFormatLevel) {
+    case 0:
+        pAssert(FALSE);
+        break;
+    case 1 ... 2:
+        blob_version = 4;
+        break;
+    default:
+        blob_version = 5; /* since stateFormatLevel 3 */
+        break;
+    }
 
     written = NV_HEADER_Marshal(buffer, size,
-                                PERSISTENT_DATA_VERSION,
-                                PERSISTENT_DATA_MAGIC, 4);
+                                blob_version,
+                                PERSISTENT_DATA_MAGIC, blob_version);
+    // platformReserved (added in v0.10) is not persisted
     written += BOOL_Marshal(&data->disableClear, buffer, size);
     written += TPM_ALG_ID_Marshal(&data->ownerAlg, buffer, size);
@@ -4005 +4328 @@
     written += TPML_PCR_SELECTION_Marshal(&data->pcrAllocated, buffer, size);
 
-    /* ppList may grow */
-    array_size = sizeof(data->ppList);
-    written += UINT16_Marshal(&array_size, buffer, size);
-    written += Array_Marshal(&data->ppList[0], array_size, buffer, size);
-
+    written += PERSISTENT_DATA_PPList_Marshal(data, buffer, size, blob_version, commandCount);
     written += UINT32_Marshal(&data->failedTries, buffer, size);
     written += UINT32_Marshal(&data->maxTries, buffer, size);
@@ -4017 +4336 @@
     written += UINT16_Marshal(&data->orderlyState, buffer, size);
 
-    /* auditCommands may grow */
-    array_size = sizeof(data->auditCommands);
-    written += UINT16_Marshal(&array_size, buffer, size);
-    written += Array_Marshal(&data->auditCommands[0], array_size,
-                             buffer, size);
-
+    written += PERSISTENT_DATA_AuditCommands_Marshal(data, buffer, size, blob_version, commandCount);
     written += TPM_ALG_ID_Marshal(&data->auditHashAlg, buffer, size);
     written += UINT64_Marshal(&data->auditCounter, buffer, size);
@@ -4068 +4382 @@
     TPM_RC rc = TPM_RC_SUCCESS;
     NV_HEADER hdr;
-    UINT16 array_size;
     UINT8 clocksize;
     BOOL needs_block;
@@ -4156 +4469 @@
     }
 
-    /* ppList array may not be our size */
-    if (rc == TPM_RC_SUCCESS) {
-        rc = UINT16_Unmarshal(&array_size, buffer, size);
-    }
-    if (rc == TPM_RC_SUCCESS) {
-#ifndef VBOX
-        BYTE buf[array_size];
-        rc = Array_Unmarshal(buf, array_size, buffer, size);
-        memcpy(data->ppList, buf, MIN(array_size, sizeof(data->ppList)));
-#else
-        BYTE *pBuf = (BYTE *)RTMemTmpAlloc(array_size);
-        if (RT_LIKELY(pBuf))
-        {
-            rc = Array_Unmarshal(pBuf, array_size, buffer, size);
-            memcpy(data->ppList, pBuf, MIN(array_size, sizeof(data->ppList)));
-            RTMemTmpFree(pBuf);
-        }
-        else
-            rc = TPM_RC_SIZE;
-#endif
+    if (rc == TPM_RC_SUCCESS) {
+        rc = PERSISTENT_DATA_PPList_Unmarshal(data, buffer, size, hdr.version);
     }
 
@@ -4200 +4495 @@
     /* auditCommands array may not be our size */
     if (rc == TPM_RC_SUCCESS) {
-        rc = UINT16_Unmarshal(&array_size, buffer, size);
-    }
-    if (rc == TPM_RC_SUCCESS) {
-#ifndef VBOX
-        BYTE buf[array_size];
-        rc = Array_Unmarshal(buf, array_size, buffer, size);
-        memcpy(data->auditCommands, buf,
-               MIN(array_size, sizeof(data->auditCommands)));
-#else
-        BYTE *pBuf = (BYTE *)RTMemTmpAlloc(array_size);
-        if (RT_LIKELY(pBuf))
-        {
-            rc = Array_Unmarshal(pBuf, array_size, buffer, size);
-            memcpy(data->auditCommands, pBuf, MIN(array_size, sizeof(data->auditCommands)));
-            RTMemTmpFree(pBuf);
-        }
-        else
-            rc = TPM_RC_SIZE;
-#endif
-    }
-
+        rc = PERSISTENT_DATA_AuditCommands_Unmarshal(data, buffer, size, hdr.version);
+    }
     if (rc == TPM_RC_SUCCESS) {
         rc = TPM_ALG_ID_Unmarshal(&data->auditHashAlg, buffer, size);
@@ -4334 +4610 @@
     while (TRUE) {
 #ifndef VBOX
-        nrhp = array + offset;
+        nrhp = (NV_RAM_HEADER *)((BYTE *)array + offset);
 #else
         nrhp = (NV_RAM_HEADER *)((uint8_t *)array + offset);
 #endif
+        
         /* nrhp may point to misaligned address (ubsan), so use 'nrh'; first access only 'size' */
         memcpy(&nrh, nrhp, sizeof(nrh.size));
@@ -4370 +4647 @@
             /* append the data */
 #ifndef VBOX
-            written += Array_Marshal(array + offset + sizeof(NV_RAM_HEADER),
+            written += Array_Marshal((BYTE *)array + offset + sizeof(NV_RAM_HEADER),
                                      datasize, buffer, size);
 #else
@@ -4425 +4702 @@
          */
 #ifndef VBOX
-        nrhp = array + offset;
+        nrhp = (NV_RAM_HEADER *)((BYTE *)array + offset);
 #else
         nrhp = (NV_RAM_HEADER *)((uint8_t *)array + offset);
@@ -4475 +4752 @@
             /* append the data */
 #ifndef VBOX
-            rc = Array_Unmarshal(array + offset + sizeof(NV_RAM_HEADER),
+            rc = Array_Unmarshal((BYTE *)array + offset + sizeof(NV_RAM_HEADER),
                                  datasize, buffer, size);
 #else
@@ -4543 +4820 @@
             /* NV_INDEX has the index again at offset 0! */
             NvReadNvIndexInfo(entryRef + offset, &nvi);
-            offset += sizeof(nvi);
             datasize = entrysize - sizeof(UINT32) - sizeof(nvi);
-            fprintf(stderr, " datasize: %u\n",datasize);
+            fprintf(stderr, " datasize: %u\n", datasize);
             break;
-        break;
         case TPM_HT_PERSISTENT:
             fprintf(stderr, " (PERSISTENT)");
-            offset += sizeof(handle);
-
-            NvRead(&obj, entryRef + offset, sizeof(obj));
-            offset += sizeof(obj);
-            fprintf(stderr, " sizeof(obj): %zu\n", sizeof(obj));
-        break;
+
+            NvReadObject(entryRef + offset, &obj);
+            fprintf(stderr, " sizeof(obj): %zu  entrysize: %u\n", sizeof(obj), entrysize);
+            break;
+#if CC_NV_DefineSpace2
+# error Missing support for TPM_HT_PERMANENT_NV
+#endif
         default:
             TPMLIB_LogTPM2Error("USER_NVRAM: Corrupted handle: %08x\n", handle);
@@ -4572 +4848 @@
 #define USER_NVRAM_MAGIC   0x094f22c3
 static UINT32
-USER_NVRAM_Marshal(BYTE **buffer, INT32 *size)
+USER_NVRAM_Marshal(BYTE **buffer, INT32 *size, struct RuntimeProfile *RuntimeProfile)
 {
     UINT32 written;
@@ -4632 +4908 @@
                     RTMemTmpFree(pBuf);
                 }
-#endif
+#endif /* VBOX */
             }
-        break;
+            break;
         case TPM_HT_PERSISTENT:
-            offset += sizeof(handle);
-
-            NvRead(&obj, entryRef + offset, sizeof(obj));
-            offset += sizeof(obj);
-            written += ANY_OBJECT_Marshal(&obj, buffer, size);
-        break;
+            NvReadObject(entryRef + offset, &obj);
+            written += ANY_OBJECT_Marshal(&obj, buffer, size, RuntimeProfile);
+            break;
+#if CC_NV_DefineSpace2
+# error Missing support for TPM_HT_PERMANENT_NV
+#endif
         default:
             TPMLIB_LogTPM2Error("USER_NVRAM: Corrupted handle: %08x\n", handle);
@@ -4678 +4954 @@
     UINT32 entrysize;
     UINT64 offset, o = 0;
-    NV_INDEX nvi;
+    NV_INDEX nvi = {
+        .publicArea.attributes = 0, // Coverity
+    };
     UINT64 maxCount;
     TPM_HANDLE handle;
@@ -4704 +4982 @@
         if (rc == TPM_RC_SUCCESS) {
             rc = UINT32_Unmarshal(&entrysize, buffer, size);
-
+        }
+        if (rc == TPM_RC_SUCCESS) {
             /* the entrysize also depends on the sizeof(nvi); we may have to
                update it if sizeof(nvi) changed between versions */
@@ -4712 +4991 @@
             if (entrysize == 0)
                 break;
-        }
-        /* 2nd: handle */
-        if (rc == TPM_RC_SUCCESS) {
+
+            /* 2nd: handle */
             rc = TPM_HANDLE_Unmarshal(&handle, buffer, size);
         }
@@ -4729 +5007 @@
                 if (rc == TPM_RC_SUCCESS) {
                     rc = NV_INDEX_Unmarshal(&nvi, buffer, size);
-                    NvWrite(entryRef + o + offset, sizeof(nvi), &nvi);
-                    offset += sizeof(nvi);
+                    if (rc == TPM_RC_SUCCESS) {
+                        NvWrite(entryRef + o + offset, sizeof(nvi), &nvi);
+                        offset += sizeof(nvi);
+                    }
                 }
                 if (rc == TPM_RC_SUCCESS) {
@@ -4769 +5049 @@
                     entrysize = sizeof(UINT32) + sizeof(nvi) + datasize;
                 }
-            break;
+                break;
             case TPM_HT_PERSISTENT:
                 if (rc == TPM_RC_SUCCESS &&
@@ -4779 +5059 @@
 
                 if (rc == TPM_RC_SUCCESS) {
+                    BYTE objBuffer[MAX_MARSHALLED_OBJECT_SIZE];
+                    UINT32 marshalledObjectSize;
+
                     NvWrite(entryRef + o + offset, sizeof(handle), &handle);
                     offset += sizeof(TPM_HANDLE);
@@ -4784 +5067 @@
                     memset(&obj, 0, sizeof(obj));
                     rc = ANY_OBJECT_Unmarshal(&obj, buffer, size, true);
-                    NvWrite(entryRef + o + offset, sizeof(obj), &obj);
-                    offset += sizeof(obj);
+                    pAssert(rc == TPM_RC_SUCCESS);
+                    // convert the OBJECT into a buffer to copy into NVRAM
+                    marshalledObjectSize = NvObjectToBuffer(&obj, objBuffer, sizeof(objBuffer));
+                    NvWrite(entryRef + o + offset, marshalledObjectSize, objBuffer);
+                    offset += marshalledObjectSize;
+
+                    entrysize = sizeof(UINT32) + sizeof(TPM_HANDLE) + marshalledObjectSize;
                 }
-                entrysize = sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(obj);
-            break;
+                break;
             default:
                 TPMLIB_LogTPM2Error("USER_NVRAM: "
@@ -4849 +5136 @@
  * - NVRAM locations  (NV_USER_DYNAMIC)
  */
-#define PERSISTENT_ALL_VERSION 3
+#define PERSISTENT_ALL_VERSION 4
 #define PERSISTENT_ALL_MAGIC   0xab364723
 UINT32
 PERSISTENT_ALL_Marshal(BYTE **buffer, INT32 *size)
 {
+    struct RuntimeProfile *RuntimeProfile = &g_RuntimeProfile;
+    const char *profileJSON;
     UINT32 magic;
     PERSISTENT_DATA pd;
@@ -4863 +5152 @@
     BLOCK_SKIP_INIT;
     BOOL writeSuState;
+    UINT16 blob_version;
 
     NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
@@ -4872 +5162 @@
     NvRead(indexOrderlyRam, NV_INDEX_RAM_DATA, sizeof(indexOrderlyRam));
 
+    /* If we previously read state that did not contain a profile then
+     * we don't want to upgrade the state unnecessarily but still write
+     * it as v3.
+     */
+    switch (RuntimeProfile->stateFormatLevel) {
+    case 1:
+        blob_version = 3;
+        break;
+    default:
+        blob_version = 4; /* since stateFormatLevel 2 */
+        break;
+    }
+
+    if (RuntimeProfileWasNullProfile(RuntimeProfile) && blob_version != 3)
+        assert(false);
+    else if (!RuntimeProfileWasNullProfile(RuntimeProfile) && blob_version == 3)
+        assert(false);
+
     written = NV_HEADER_Marshal(buffer, size,
-                                PERSISTENT_ALL_VERSION,
-                                PERSISTENT_ALL_MAGIC, 3);
+                                blob_version,
+                                PERSISTENT_ALL_MAGIC, blob_version);
+    if (blob_version >= 4) {
+        profileJSON = RuntimeProfileGetJSON(RuntimeProfile);
+        assert(profileJSON);
+        written += String_Marshal(profileJSON, buffer, size); // since v4
+    }
     written += PACompileConstants_Marshal(buffer, size);
-    written += PERSISTENT_DATA_Marshal(&pd, buffer, size);
+    written += PERSISTENT_DATA_Marshal(&pd, buffer, size, RuntimeProfile);
     written += ORDERLY_DATA_Marshal(&od, buffer, size);
     writeSuState = (pd.orderlyState & TPM_SU_STATE_MASK) == TPM_SU_STATE;
@@ -4886 +5199 @@
     written += INDEX_ORDERLY_RAM_Marshal(indexOrderlyRam, sizeof(indexOrderlyRam),
                                          buffer, size);
-    written += USER_NVRAM_Marshal(buffer, size);
+    written += USER_NVRAM_Marshal(buffer, size, RuntimeProfile);
 
     written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4911 +5224 @@
     STATE_CLEAR_DATA scd;
     BYTE indexOrderlyRam[sizeof(s_indexOrderlyRam)];
+    unsigned int stateFormatLevel = 0; // ignored
     BOOL readSuState = false;
+    char *profileJSON = NULL;
 
     memset(&pd, 0, sizeof(pd));
@@ -4924 +5239 @@
                                  PERSISTENT_ALL_MAGIC);
     }
-
+    if (rc == TPM_RC_SUCCESS) {
+        if (hdr.version >= 4) {
+            rc = String_Unmarshal(&profileJSON, buffer, size);
+        }
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        /* set the profile read from the state */
+        rc = RuntimeProfileSet(&g_RuntimeProfile, profileJSON, false);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+        /* allow all algorithms to be unmarshalled */
+        rc = RuntimeAlgorithmSetProfile(&g_RuntimeProfile.RuntimeAlgorithm, NULL, &stateFormatLevel, ~0);
+    }
     if (rc == TPM_RC_SUCCESS) {
         rc = PACompileConstants_Unmarshal(buffer, size);
@@ -4961 +5288 @@
     if (rc == TPM_RC_SUCCESS && hdr.version >= 2) {
         BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
-                        "USER NVRAM", "version 3 or later");
+                        "PERSISTENT_ALL", "version 3 or later");
         /* future versions nest-append here */
     }
@@ -4978 +5305 @@
         NvWrite(NV_STATE_CLEAR_DATA, sizeof(scd), &scd);
         NvWrite(NV_INDEX_RAM_DATA, sizeof(indexOrderlyRam), indexOrderlyRam);
-    }
+        /* Activate a profile read from the state of the TPM 2 */
+        rc = RuntimeProfileSet(&g_RuntimeProfile, profileJSON, false);
+    }
+
+    free(profileJSON);
 
     return rc;

trunk/src/libs/libtpms-0.10.0/src/tpm2/Platform_fp.h ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: Platform_fp.h 1594 2020-03-26 22:15:48Z kgoldman $           */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2020                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
-/* C.8 Platform_fp.h */
-#ifndef    _PLATFORM_FP_H_
-#define    _PLATFORM_FP_H_
-
-#include "BaseTypes.h"
-
-/* C.8.1. From Cancel.c */
-/* C.8.1.1. _plat__IsCanceled() */
-/* Check if the cancel flag is set */
-/* Return Values Meaning */
-/* TRUE(1) if cancel flag is set */
-/* FALSE(0) if cancel flag is not set */
-LIB_EXPORT int
-_plat__IsCanceled(
-                  void
-                  );
-/* Set cancel flag. */
-LIB_EXPORT void
-_plat__SetCancel(
-                 void
-                 );
-/* C.8.1.2. _plat__ClearCancel() */
-/* Clear cancel flag */
-LIB_EXPORT void
-_plat__ClearCancel(
-                   void
-                   );
-/* C.8.2. From Clock.c */
-/* C.8.2.1. _plat__TimerReset() */
-/* This function sets current system clock time as t0 for counting TPM time. This function is called
-   at a power on event to reset the clock. When the clock is reset, the indication that the clock
-   was stopped is also set. */
-LIB_EXPORT void
-_plat__TimerReset(
-                  void
-                  );
-/* C.8.2.2. _plat__TimerRestart() */
-/* This function should be called in order to simulate the restart of the timer should it be stopped
-   while power is still applied. */
-LIB_EXPORT void
-_plat__TimerRestart(
-                    void
-                    );
-// C.8.2.3. _plat__Time() This is another, probably futile, attempt to define a portable function
-// that will return a 64-bit clock value that has mSec resolution.
-LIB_EXPORT uint64_t
-_plat__RealTime(
-                void
-                );
-/* C.8.2.4. _plat__TimerRead() */
-/* This function provides access to the tick timer of the platform. The TPM code uses this value to
-   drive the TPM Clock. */
-/* The tick timer is supposed to run when power is applied to the device. This timer should not be
-   reset by time events including _TPM_Init(). It should only be reset when TPM power is
-   re-applied. */
-/* If the TPM is run in a protected environment, that environment may provide the tick time to the
-   TPM as long as the time provided by the environment is not allowed to go backwards. If the time
-   provided by the system can go backwards during a power discontinuity, then the
-   _plat__Signal_PowerOn() should call _plat__TimerReset(). */
-LIB_EXPORT uint64_t
-_plat__TimerRead(
-                 void
-                 );
-/* C.8.2.5. _plat__TimerWasReset() */
-/* This function is used to interrogate the flag indicating if the tick timer has been reset. */
-/* If the resetFlag parameter is SET, then the flag will be CLEAR before the function returns. */
-LIB_EXPORT int
-_plat__TimerWasReset(
-                     void
-                     );
-/* C.8.2.6. _plat__TimerWasStopped() */
-/* This function is used to interrogate the flag indicating if the tick timer has been stopped. If
-   so, this is typically a reason to roll the nonce. */
-/* This function will CLEAR the s_timerStopped flag before returning. This provides functionality
-   that is similar to status register that is cleared when read. This is the model used here because
-   it is the one that has the most impact on the TPM code as the flag can only be accessed by one
-   entity in the TPM. Any other implementation of the hardware can be made to look like a read-once
-   register. */
-LIB_EXPORT int
-_plat__TimerWasStopped(
-                       void
-                       );
-/* C.8.2.7. _plat__ClockAdjustRate() */
-/* Adjust the clock rate */
-LIB_EXPORT void
-_plat__ClockAdjustRate(
-                       int              adjust         // IN: the adjust number.  It could be positive
-                       //     or negative
-                       );
-/* C.8.3. From Entropy.c */
-// C.8.4. _plat__GetEntropy()
-// This function is used to get available hardware entropy. In a hardware implementation of this
-// function, there would be no call to the system to get entropy.
-/* Return Values Meaning */
-/* < 0 hardware failure of the entropy generator, this is sticky */
-/* >= 0 the returned amount of entropy (bytes) */
-LIB_EXPORT int32_t
-_plat__GetEntropy(
-                  unsigned char       *entropy,           // output buffer
-                  uint32_t             amount             // amount requested
-                  );
-/* C.8.4. From LocalityPlat.c */
-/* C.8.4.1. _plat__LocalityGet() */
-/* Get the most recent command locality in locality value form. This is an integer value for
-   locality and not a locality structure The locality can be 0-4 or 32-255. 5-31 is not allowed. */
-LIB_EXPORT unsigned char
-_plat__LocalityGet(
-                   void
-                   );
-/* C.8.4.2. _plat__LocalitySet() */
-/* Set the most recent command locality in locality value form */
-LIB_EXPORT void
-_plat__LocalitySet(
-                   unsigned char    locality
-                   );
-/* C.8.5. From NVMem.c */
-#if 0 /* libtpms added */
-/* C.8.5.1. _plat__NvErrors() */
-/* This function is used by the simulator to set the error flags in the NV subsystem to simulate an error in the NV loading process */
-LIB_EXPORT void
-_plat__NvErrors(
-                int              recoverable,
-                int            unrecoverable
-                );
-#endif /* libtpms added */
-/* C.8.5.2. _plat__NVEnable() */
-/* Enable NV memory. */
-/* This version just pulls in data from a file. In a real TPM, with NV on chip, this function would
-   verify the integrity of the saved context. If the NV memory was not on chip but was in something
-   like RPMB, the NV state would be read in, decrypted and integrity checked. */
-/* The recovery from an integrity failure depends on where the error occurred. It it was in the
-   state that is discarded by TPM Reset, then the error is recoverable if the TPM is
-   reset. Otherwise, the TPM must go into failure mode. */
-/* Return Values Meaning */
-/* 0 if success */
-/* > 0 if receive recoverable error */
-/* <0 if unrecoverable error */
-LIB_EXPORT int
-_plat__NVEnable(
-                void            *platParameter  // IN: platform specific parameters
-                );
-/* libtpms added begin */
-LIB_EXPORT int
-_plat__NVEnable_NVChipFile(
-                void            *platParameter  // IN: platform specific parameters
-                );
-/* libtpms added end */
-/* C.8.5.3. _plat__NVDisable() */
-/* Disable NV memory */
-LIB_EXPORT void
-_plat__NVDisable(
-                 int             delete           // IN: If TRUE, delete the NV contents.
-                 );
-/* C.8.6.4. _plat__IsNvAvailable() */
-/* Check if NV is available */
-/* Return Values Meaning */
-/* 0 NV is available */
-/* 1 NV is not available due to write failure */
-/* 2 NV is not available due to rate limit */
-LIB_EXPORT int
-_plat__IsNvAvailable(
-                     void
-                     );
-/* C.8.5.5. _plat__NvMemoryRead() */
-/* Function: Read a chunk of NV memory */
-LIB_EXPORT void
-_plat__NvMemoryRead(
-                    unsigned int     startOffset,   // IN: read start
-                    unsigned int     size,          // IN: size of bytes to read
-                    void            *data           // OUT: data buffer
-                    );
-/* C.8.5.6. _plat__NvIsDifferent() */
-/* This function checks to see if the NV is different from the test value. This is so that NV will
-   not be written if it has not changed. */
-/* Return Values Meaning */
-/* TRUE(1) the NV location is different from the test value */
-/* FALSE(0) the NV location is the same as the test value */
-LIB_EXPORT int
-_plat__NvIsDifferent(
-                     unsigned int     startOffset,   // IN: read start
-                     unsigned int     size,          // IN: size of bytes to read
-                     void            *data           // IN: data buffer
-                     );
-/* C.8.5.7. _plat__NvMemoryWrite() */
-/* This function is used to update NV memory. The write is to a memory copy of NV. At the end of the
-   current command, any changes are written to the actual NV memory. */
-/* NOTE: A useful optimization would be for this code to compare the current contents of NV with the
-   local copy and note the blocks that have changed. Then only write those blocks when
-   _plat__NvCommit() is called. */
-LIB_EXPORT int
-_plat__NvMemoryWrite(
-                     unsigned int     startOffset,   // IN: write start
-                     unsigned int     size,          // IN: size of bytes to write
-                     void            *data           // OUT: data buffer
-                     );
-/* C.8.6.8. _plat__NvMemoryClear() */
-/* Function is used to set a range of NV memory bytes to an implementation-dependent value. The
-   value represents the erase state of the memory. */
-LIB_EXPORT void
-_plat__NvMemoryClear(
-                     unsigned int     start,         // IN: clear start
-                     unsigned int     size           // IN: number of bytes to clear
-                     );
-/* C.8.5.9. _plat__NvMemoryMove() */
-/* Function: Move a chunk of NV memory from source to destination This function should ensure that
-   if there overlap, the original data is copied before it is written */
-LIB_EXPORT void
-_plat__NvMemoryMove(
-                    unsigned int     sourceOffset,  // IN: source offset
-                    unsigned int     destOffset,    // IN: destination offset
-                    unsigned int     size           // IN: size of data being moved
-                    );
-/* C.8.5.10. _plat__NvCommit() */
-// This function writes the local copy of NV to NV for permanent store. It will write NV_MEMORY_SIZE
-// bytes to NV. If a file is use, the entire file is written.
-/* Return Values Meaning */
-/* 0 NV write success */
-/* non-0 NV write fail */
-LIB_EXPORT int
-_plat__NvCommit(
-                void
-                );
-/* C.8.5.11. _plat__SetNvAvail() */
-/* Set the current NV state to available.  This function is for testing purpose only.  It is not
-   part of the platform NV logic */
-LIB_EXPORT void
-_plat__SetNvAvail(
-                  void
-                  );
-/* C.8.5.12. _plat__ClearNvAvail() */
-/* Set the current NV state to unavailable.  This function is for testing purpose only.  It is not
-   part of the platform NV logic */
-LIB_EXPORT void
-_plat__ClearNvAvail(
-                    void
-                    );
-
-/* C.6.2.15.    _plat__NVNeedsManufacture() */
-/* This function is used by the simulator to determine when the TPM's NV state needs to be manufactured. */
-
-LIB_EXPORT int
-_plat__NVNeedsManufacture(
-                          void
-                          );
-
-/* C.8.6. From PowerPlat.c */
-/* C.8.6.1. _plat__Signal_PowerOn() */
-/* Signal platform power on */
-LIB_EXPORT int
-_plat__Signal_PowerOn(
-                      void
-                      );
-/* C.8.6.2. _plat__WasPowerLost() */
-/* Test whether power was lost before a _TPM_Init(). */
-/* This function will clear the hardware indication of power loss before return. This means that
-   there can only be one spot in the TPM code where this value gets read. This method is used here
-   as it is the most difficult to manage in the TPM code and, if the hardware actually works this
-   way, it is hard to make it look like anything else. So, the burden is placed on the TPM code
-   rather than the platform code */
-/* Return Values Meaning */
-/* TRUE(1) power was lost */
-/* FALSE(0) power was not lost */
-LIB_EXPORT int
-_plat__WasPowerLost(
-                    void
-                    );
-/* C.8.6.3. _plat_Signal_Reset() */
-/* This a TPM reset without a power loss. */
-LIB_EXPORT int
-_plat__Signal_Reset(
-                    void
-                    );
-/* C.8.6.4. _plat__Signal_PowerOff() */
-/* Signal platform power off */
-LIB_EXPORT void
-_plat__Signal_PowerOff(
-                       void
-                       );
-
-/* C.8.7. From PPPlat.c */
-/* C.8.7.1. _plat__PhysicalPresenceAsserted() */
-/* Check if physical presence is signaled */
-/* Return Values Meaning */
-/* TRUE(1) if physical presence is signaled */
-/* FALSE(0) if physical presence is not signaled */
-LIB_EXPORT int
-_plat__PhysicalPresenceAsserted(
-                                void
-                                );
-#if 0 /* libtpms added */
-/* C.8.7.2. _plat__Signal_PhysicalPresenceOn() */
-/* Signal physical presence on */
-LIB_EXPORT void
-_plat__Signal_PhysicalPresenceOn(
-                                 void
-                                 );
-/* C.8.7.3. _plat__Signal_PhysicalPresenceOff() */
-/* Signal physical presence off */
-LIB_EXPORT void
-_plat__Signal_PhysicalPresenceOff(
-                                  void
-                                  );
-#endif /* libtpms added */
-
-/* C.8.8. From RunCommand.c */
-/* C.8.8.1. _plat__RunCommand() */
-/* This version of RunCommand() will set up a jum_buf and call ExecuteCommand(). If the command
-   executes without failing, it will return and RunCommand() will return. If there is a failure in
-   the command, then _plat__Fail() is called and it will longjump back to RunCommand() which will
-   call ExecuteCommand() again. However, this time, the TPM will be in failure mode so
-   ExecuteCommand() will simply build a failure response and return. */
-LIB_EXPORT void
-_plat__RunCommand(
-                  uint32_t         requestSize,   // IN: command buffer size
-                  unsigned char   *request,       // IN: command buffer
-                  uint32_t        *responseSize,  // IN/OUT: response buffer size
-                  unsigned char   **response      // IN/OUT: response buffer
-                  );
-/* C.8.8.2. _plat__Fail() */
-/* This is the platform depended failure exit for the TPM. */
-LIB_EXPORT NORETURN void
-_plat__Fail(
-            void
-            );
-
-/* C.8.9. From Unique.c */
-/* C.8.9.1 _plat__GetUnique() */
-/* This function is used to access the platform-specific unique value. This function places the
-   unique value in the provided buffer (b) and returns the number of bytes transferred. The function
-   will not copy more data than bSize. */
-/* NOTE: If a platform unique value has unequal distribution of uniqueness and bSize is smaller than
-   the size of the unique value, the bSize portion with the most uniqueness should be returned. */
-LIB_EXPORT uint32_t
-_plat__GetUnique(
-                 uint32_t             which,         // authorities (0) or details
-                 uint32_t             bSize,         // size of the buffer
-                 unsigned char       *b              // output buffer
-                 );
-
-/* libtpms added begin */
-#ifndef VBOX
-#include <time.h>
-#else
-#undef CLOCK_REALTIME
-#undef CLOCK_MONOTONIC
-typedef enum
-{
-    CLOCK_REALTIME = 0,
-    CLOCK_MONOTONIC
-} TPM_CLOCK_ID;
-#endif
-void ClockAdjustPostResume(UINT64 backthen, BOOL timesAreRealtime);
-#ifndef VBOX
-uint64_t ClockGetTime(clockid_t clk_id);
-#else
-uint64_t ClockGetTime(TPM_CLOCK_ID clk_id);
-#endif
-/* libtpms added end */
-
-#endif  // _PLATFORM_FP_H_
+#include "platform_public_interface.h"          // libtpms added

trunk/src/libs/libtpms-0.10.0/src/tpm2/TPMCmdp.c ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: TPMCmdp.c 1658 2021-01-22 23:14:01Z kgoldman $               */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2016 - 2021                             */
+/*  (c) Copyright IBM Corp. and others, 2016 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
+//** Description
+// This file contains the functions that process the commands received on the
+// control port or the command port of the simulator. The control port is used
+// to allow simulation of hardware events (such as, _TPM_Hash_Start) to test
+// the simulated TPM's reaction to those events. This improves code coverage
+// of the testing.
+
+//** Includes and Data Definitions
+#include "simulatorPrivate.h"
+
+static bool s_isPowerOn = false;
+
+//** Functions
+
+//*** Signal_PowerOn()
+// This function processes a power-on indication. Among other things, it
+// calls the _TPM_Init() handler.
+void _rpc__Signal_PowerOn(bool isReset)
+{
+    // if power is on and this is not a call to do TPM reset then return
+    if(s_isPowerOn && !isReset)
+        return;
+    // If this is a reset but power is not on, then return
+    if(isReset && !s_isPowerOn)
+        return;
+    // Unless this is just a reset, pass power on signal to platform
+    if(!isReset)
+        _plat__Signal_PowerOn();
+    // Power on and reset both lead to _TPM_Init()
+    _plat__Signal_Reset();
+
+    // Set state as power on
+    s_isPowerOn = true;
+}
+
+#if 0 /* libtpms added */
+//*** Signal_Restart()
+// This function processes the clock restart indication. All it does is call
+// the platform function.
+void _rpc__Signal_Restart(void)
+{
+    _plat__TimerRestart();
+}
+#endif /* libtpms added */
+
+//***Signal_PowerOff()
+// This function processes the power off indication. Its primary function is
+// to set a flag indicating that the next power on indication should cause
+// _TPM_Init() to be called.
+void _rpc__Signal_PowerOff(void)
+{
+    if(s_isPowerOn)
+        // Pass power off signal to platform
+        _plat__Signal_PowerOff();
+    // This could be redundant, but...
+    s_isPowerOn = false;
+
+    return;
+}
+#if 0 /* libtpms added */
+
+//*** _rpc__ForceFailureMode()
+// This function is used to debug the Failure Mode logic of the TPM. It will set
+// a flag in the TPM code such that the next call to TPM2_SelfTest() will result
+// in a failure, putting the TPM into Failure Mode.
+void _rpc__ForceFailureMode(void)
+{
+#if SIMULATION
+    SetForceFailureMode();
+#endif
+    return;
+}
+
+//*** _rpc__Signal_PhysicalPresenceOn()
+// This function is called to simulate activation of the physical presence "pin".
+void _rpc__Signal_PhysicalPresenceOn(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... pass physical presence on to platform
+        _plat__Signal_PhysicalPresenceOn();
+    return;
+}
+
+//*** _rpc__Signal_PhysicalPresenceOff()
+// This function is called to simulate deactivation of the physical presence "pin".
+void _rpc__Signal_PhysicalPresenceOff(void)
+{
+    // If TPM is power on...
+    if(s_isPowerOn)
+        // ... pass physical presence off to platform
+        _plat__Signal_PhysicalPresenceOff();
+    return;
+}
+
+//*** _rpc__Signal_Hash_Start()
+// This function is called to simulate a _TPM_Hash_Start event. It will call
+//
+void _rpc__Signal_Hash_Start(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... pass _TPM_Hash_Start signal to TPM
+        _TPM_Hash_Start();
+    return;
+}
+
+//*** _rpc__Signal_Hash_Data()
+// This function is called to simulate a _TPM_Hash_Data event.
+void _rpc__Signal_Hash_Data(_IN_BUFFER input)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... pass _TPM_Hash_Data signal to TPM
+        _TPM_Hash_Data(input.BufferSize, input.Buffer);
+    return;
+}
+
+//*** _rpc__Signal_HashEnd()
+// This function is called to simulate a _TPM_Hash_End event.
+void _rpc__Signal_HashEnd(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... pass _TPM_HashEnd signal to TPM
+        _TPM_Hash_End();
+    return;
+}
+#endif /* libtpms added */
+
+//*** _rpc__Send_Command()
+// This is the interface to the TPM code.
+//  Return Type: void
+void _rpc__Send_Command(
+                        unsigned char locality, _IN_BUFFER request, _OUT_BUFFER* response)
+{
+    // If TPM is power off, reject any commands.
+    if(!s_isPowerOn)
+        {
+            response->BufferSize = 0;
+            return;
+        }
+    // Set the locality of the command so that it doesn't change during the command
+    _plat__LocalitySet(locality);
+    // Do implementation-specific command dispatch
+    _plat__RunCommand(
+                      request.BufferSize, request.Buffer, &response->BufferSize, &response->Buffer);
+    return;
+}
+
+//*** _rpc__Signal_CancelOn()
+// This function is used to turn on the indication to cancel a command in process.
+// An executing command is not interrupted. The command code may periodically check
+// this indication to see if it should abort the current command processing and
+// returned TPM_RC_CANCELLED.
+void _rpc__Signal_CancelOn(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... set the platform canceling flag.
+        _plat__SetCancel();
+    return;
+}
+
+//*** _rpc__Signal_CancelOff()
+// This function is used to turn off the indication to cancel a command in process.
+void _rpc__Signal_CancelOff(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... set the platform canceling flag.
+        _plat__ClearCancel();
+    return;
+}
+
+//*** _rpc__Signal_NvOn()
+// In a system where the NV memory used by the TPM is not within the TPM, the
+// NV may not always be available. This function turns on the indicator that
+// indicates that NV is available.
+void _rpc__Signal_NvOn(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... make the NV available
+        _plat__SetNvAvail();
+    return;
+}
+#if 0 /* libtpms added */
+
+//*** _rpc__Signal_NvOff()
+// This function is used to set the indication that NV memory is no
+// longer available.
+void _rpc__Signal_NvOff(void)
+{
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... make NV not available
+        _plat__ClearNvAvail();
+    return;
+}
+
+void RsaKeyCacheControl(int state);
+
+//*** _rpc__RsaKeyCacheControl()
+// This function is used to enable/disable the use of the RSA key cache during
+// simulation.
+void _rpc__RsaKeyCacheControl(int state)
+{
+#if USE_RSA_KEY_CACHE
+    RsaKeyCacheControl(state);
+#else
+    NOT_REFERENCED(state);
+#endif
+    return;
+}
+
+//*** _rpc__ACT_GetSignaled()
+// This function is used to count the ACT second tick.
+bool _rpc__ACT_GetSignaled(uint32_t actHandle)
+{
+#if ACT_SUPPORT
+    // If TPM power is on...
+    if(s_isPowerOn)
+        // ... query the platform
+        return _plat__ACT_GetSignaled(actHandle - TPM_RH_ACT_0);
+#else   // ACT_SUPPORT
+    NOT_REFERENCED(actHandle);
+#endif  // ACT_SUPPORT
+    return false;
+}
+
+//*** _rpc__SetTpmFirmwareHash()
+// This function is used to modify the firmware's hash during simulation.
+void _rpc__SetTpmFirmwareHash(uint32_t hash)
+{
+#if SIMULATION
+    _plat__SetTpmFirmwareHash(hash);
+#endif
+}
+
+//*** _rpc__SetTpmFirmwareSvn()
+// This function is used to modify the firmware's SVN during simulation.
+void _rpc__SetTpmFirmwareSvn(uint16_t svn)
+{
+#if SIMULATION
+    _plat__SetTpmFirmwareSvn(svn);
+#endif
+}
+#endif /* libtpms added */
+
+/* libtpms added begin */
+static bool tpmEstablished;
+
+void _rpc__Signal_SetTPMEstablished(void)
+{
+    tpmEstablished = TRUE;
+}
+
+void _rpc__Signal_ResetTPMEstablished(void)
+{
+    /* check for locality 3 or 4 already done by caller */
+    tpmEstablished = FALSE;
+}
+
+bool _rpc__Signal_GetTPMEstablished(void)
+{
+    return tpmEstablished;
+}
+
+bool _rpc__Signal_IsPowerOn(void)
+{
+    return s_isPowerOn;
+}
+/* libtpms added end */
+
+#if 0
 /* D.4 TPMCmdp.c */
 /* D.4.1. Description */
@@ -77 +352 @@
 #include <winsock.h>
 #endif
-#endif
-#include "Platform_fp.h"
+#endif /* VBOX*/
+//#include "Platform_fp.h"
 #include "PlatformACT_fp.h"
 #include "ExecCommand_fp.h"
@@ -96 +371 @@
 #include "TcpServerPosix_fp.h"  /* kgold */
 #endif
-#endif
+#endif /* VBOX */
 #include "TpmProfile.h"         /* kgold */
 
-static bool     s_isPowerOn = false;
-/* D.4.3. Functions */
-/* D.4.3.1. Signal_PowerOn() */
-/* This function processes a power-on indication. Among other things, it calls the _TPM_Init()
-   handler. */
-void
-_rpc__Signal_PowerOn(
-                     bool        isReset
-                     )
-{
-    // if power is on and this is not a call to do TPM reset then return
-    if(s_isPowerOn && !isReset)
-        return;
-    // If this is a reset but power is not on, then return
-    if(isReset && !s_isPowerOn)
-        return;
-    // Unless this is just a reset, pass power on signal to platform
-    if(!isReset)
-        _plat__Signal_PowerOn();
-    // Power on and reset both lead to _TPM_Init()
-    _plat__Signal_Reset();
-    // Set state as power on
-    s_isPowerOn = true;
-}
-#if 0 /* libtpms added */
-/* D.4.3.2. Signal_Restart() */
-/* This function processes the clock restart indication. All it does is call the platform
-   function. */
-void
-_rpc__Signal_Restart(
-                     void
-                     )
-{
-    _plat__TimerRestart();
-}
-#endif /* libtpms added */
-/* D.4.3.3. Signal_PowerOff() */
-/* This function processes the power off indication. Its primary function is to set a flag
-   indicating that the next power on indication should cause _TPM_Init() to be called. */
-void
-_rpc__Signal_PowerOff(
-                      void
-                      )
-{
-    if(s_isPowerOn)
-        // Pass power off signal to platform
-        _plat__Signal_PowerOff();
-    // This could be redundant, but...
-    s_isPowerOn = false;
-    return;
-}
-#if 0 /* libtpms added */
-/* D.4.3.4. _rpc__ForceFailureMode() */
-/* This function is used to debug the Failure Mode logic of the TPM. It will set a flag in the TPM
-   code such that the next call to TPM2_SelfTest() will result in a failure, putting the TPM into
-   Failure Mode. */
-void
-_rpc__ForceFailureMode(
-                       void
-                       )
-{
-    SetForceFailureMode();
-    return;
-}
-/* D.4.3.5. _rpc__Signal_PhysicalPresenceOn() */
-/* This function is called to simulate activation of the physical presence pin. */
-void
-_rpc__Signal_PhysicalPresenceOn(
-                                void
-                                )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Pass physical presence on to platform
-        _plat__Signal_PhysicalPresenceOn();
-    return;
-}
-/* D.4.3.6. _rpc__Signal_PhysicalPresenceOff() */
-/* This function is called to simulate deactivation of the physical presence pin. */
-void
-_rpc__Signal_PhysicalPresenceOff(
-                                 void
-                                 )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Pass physical presence off to platform
-        _plat__Signal_PhysicalPresenceOff();
-    return;
-}
-/* D.4.3.7. _rpc__Signal_Hash_Start() */
-/* This function is called to simulate a _TPM_Hash_Start() event. It will call */
-void
-_rpc__Signal_Hash_Start(
-                        void
-                        )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Pass _TPM_Hash_Start signal to TPM
-        _TPM_Hash_Start();
-    return;
-}
-/* D.4.3.8. _rpc__Signal_Hash_Data() */
-/* This function is called to simulate a _TPM_Hash_Data() event. */
-void
-_rpc__Signal_Hash_Data(
-                       _IN_BUFFER       input
-                       )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Pass _TPM_Hash_Data signal to TPM
-        _TPM_Hash_Data(input.BufferSize, input.Buffer);
-    return;
-}
-/* D.4.3.9. _rpc__Signal_HashEnd() */
-/* This function is called to simulate a _TPM_Hash_End() event. */
-void
-_rpc__Signal_HashEnd(
-                     void
-                     )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Pass _TPM_HashEnd signal to TPM
-        _TPM_Hash_End();
-    return;
-}
-#endif /* libtpms added */
-/* D.4.3.10. rpc_Send_Command() */
-/* This is the interface to the TPM code. */
-void
-_rpc__Send_Command(
-                   unsigned char    locality,
-                   _IN_BUFFER       request,
-                   _OUT_BUFFER     *response
-                   )
-{
-    // If TPM is power off, reject any commands.
-    if(!s_isPowerOn)
-        {
-            response->BufferSize = 0;
-            return;
-        }
-    // Set the locality of the command so that it doesn't change during the command
-    _plat__LocalitySet(locality);
-    // Do implementation-specific command dispatch
-    _plat__RunCommand(request.BufferSize, request.Buffer,
-                      &response->BufferSize, &response->Buffer);
-    return;
-}
-/* D.4.3.10. _rpc__Signal_CancelOn() */
-/* This function is used to turn on the indication to cancel a command in process. An executing
-   command is not interrupted. The command code may periodically check this indication to see if it
-   should abort the current command processing and returned TPM_RC_CANCELLED. */
-void
-_rpc__Signal_CancelOn(
-                      void
-                      )
-{
-    // If TPM is power off, reject this signal
-    if(s_isPowerOn)
-        // Set the platform canceling flag.
-        _plat__SetCancel();
-    return;
-}
-/* D.4.3.11. _rpc__Signal_CancelOff() */
-/* This function is used to turn off the indication to cancel a command in process. */
-void
-_rpc__Signal_CancelOff(
-                       void
-                       )
-{
-    // If TPM power is n
-    if(s_isPowerOn)
-        // Set the platform canceling flag.
-        _plat__ClearCancel();
-    return;
-}
-/* D.4.3.12. _rpc__Signal_NvOn() */
-/* In a system where the NV memory used by the TPM is not within the TPM, the NV may not always be
-   available. This function turns on the indicator that indicates that NV is available. */
-void
-_rpc__Signal_NvOn(
-                  void
-                  )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Make the NV available
-        _plat__SetNvAvail();
-    return;
-}
-#if 0 /* libtpms added */
-/* D.4.3.13. _rpc__Signal_NvOff() */
-/* This function is used to set the indication that NV memory is no longer available. */
-void
-_rpc__Signal_NvOff(
-                   void
-                   )
-{
-    // If TPM power is on
-    if(s_isPowerOn)
-        // Make NV not available
-        _plat__ClearNvAvail();
-    return;
-}
-void RsaKeyCacheControl(int state);
-/* D.4.3.14. _rpc__RsaKeyCacheControl() */
-/* This function is used to enable/disable the use of the RSA key cache during simulation. */
-void
-_rpc__RsaKeyCacheControl(
-                         int              state
-                         )
-{
-#if USE_RSA_KEY_CACHE
-    RsaKeyCacheControl(state);
-#else
-    NOT_REFERENCED(state);
-#endif
-}
+
+
 
 #define TPM_RH_ACT_0        0x40000110
 
-/* D.4.2.15.    _rpc__ACT_GetSignaled() */
-/* This function is used to count the ACT second tick. */
-bool
-_rpc__ACT_GetSignaled(
-                      uint32_t actHandle
-                      )
-{
-    // If TPM power is on
-    if (s_isPowerOn)
-        // Query the platform
-        return _plat__ACT_GetSignaled(actHandle - TPM_RH_ACT_0);
-    return false;
-}
-#endif /* libtpms added */
-
-/* libtpms added begin */
-static bool tpmEstablished;
-
-void
-_rpc__Signal_SetTPMEstablished(void)
-{
-    tpmEstablished = TRUE;
-}
-
-void
-_rpc__Signal_ResetTPMEstablished(void)
-{
-    /* check for locality 3 or 4 already done by caller */
-    tpmEstablished = FALSE;
-}
-
-bool
-_rpc__Signal_GetTPMEstablished(void)
-{
-    return tpmEstablished;
-}
-
-bool
-_rpc__Signal_IsPowerOn(void)
-{
-    return s_isPowerOn;
-}
-/* libtpms added end */
+
+#endif

trunk/src/libs/libtpms-0.10.0/src/tpm2/TpmProfile.h ¶

@@ -4 +4 @@
 /*                           Written by Ken Goldman                             */
 /*                     IBM Thomas J. Watson Research Center                     */
-/*            $Id: TpmProfile.h 1629 2020-06-01 20:50:13Z kgoldman $            */
 /*                                                                              */
 /*  Licenses and Notices                                                        */
@@ -56 +55 @@
 /*    information herein.                                                       */
 /*                                                                              */
-/*  (c) Copyright IBM Corp. and others, 2019 - 2020                             */
+/*  (c) Copyright IBM Corp. and others, 2019 - 2023                             */
 /*                                                                              */
 /********************************************************************************/
 
-// FOR LIBTPMS: DO NOT EDIT THIS FILE!
+// FOR LIBTPMS: DO NOT EDIT THIS or INCLUDED FILES!
 // ANY MODIFICATION WILL LEAD TO AN UNSUPPORTED CONFIGURATION
 
-// A.2  TpmProfile.h
+// The primary configuration file that collects all configuration options for a
+// TPM build.
 #ifndef _TPM_PROFILE_H_
 #define _TPM_PROFILE_H_
-// Table 2:4 - Defines for Logic Values
-#undef TRUE
-#define TRUE                1
-#undef FALSE
-#define FALSE               0
-#undef YES
-#define YES                 1
-#undef NO
-#define NO                  0
-#undef SET
-#define SET                 1
-#undef CLEAR
-#define CLEAR               0
-// Table 0:1 - Defines for Processor Values
-#ifndef VBOX
-#if defined __FreeBSD__ || defined __DragonFly__   /* libtpms added begin */
-# include <sys/endian.h>
-#elif defined __APPLE__
-# include <libkern/OSByteOrder.h>
-#else
-# include <endian.h>
-#endif
-#if defined __linux__ || defined __CYGWIN__
- #if __BYTE_ORDER == __LITTLE_ENDIAN
-  #define  BIG_ENDIAN_TPM       NO
- #endif
- #if __BYTE_ORDER == __BIG_ENDIAN
-  #define  BIG_ENDIAN_TPM       YES
- #endif
-#elif defined __OpenBSD__ || defined __FreeBSD__ || defined __NetBSD__ \
-   || defined __DragonFly__
- #if _BYTE_ORDER == _LITTLE_ENDIAN
-  #define  BIG_ENDIAN_TPM       NO
- #endif
- #if _BYTE_ORDER == _BIG_ENDIAN
-  #define  BIG_ENDIAN_TPM       YES
- #endif
-#elif defined __APPLE__
- #define  BIG_ENDIAN_TPM       NO
-#else
- #error Unsupported OS
-#endif                                             /* libtpms added end */
-#else /* !VBOX */
-# include <iprt/cdefs.h>
-# ifdef RT_LITTLE_ENDIAN
-#  define  BIG_ENDIAN_TPM       NO
-# else
-#  define  BIG_ENDIAN_TPM       YES
-# endif
-#endif
-#ifndef BIG_ENDIAN_TPM
-#define BIG_ENDIAN_TPM              NO
-#endif
-#ifndef LITTLE_ENDIAN_TPM
-#define LITTLE_ENDIAN_TPM           !BIG_ENDIAN_TPM
-#endif
-#ifndef MOST_SIGNIFICANT_BIT_0
-#define MOST_SIGNIFICANT_BIT_0      NO
-#endif
-#ifndef LEAST_SIGNIFICANT_BIT_0
-#define LEAST_SIGNIFICANT_BIT_0     !MOST_SIGNIFICANT_BIT_0
-#endif
-#ifndef AUTO_ALIGN
-#define AUTO_ALIGN                  NO
-#endif
-// Table 0:4 - Defines for Implemented Curves
-#ifndef ECC_NIST_P192
-#define ECC_NIST_P192                   YES /* libtpms enabled */
-#endif
-#ifndef ECC_NIST_P224
-#define ECC_NIST_P224                   YES /* libtpms enabled */
-#endif
-#ifndef ECC_NIST_P256
-#define ECC_NIST_P256                   YES
-#endif
-#ifndef ECC_NIST_P384
-#define ECC_NIST_P384                   YES
-#endif
-#ifndef ECC_NIST_P521
-#define ECC_NIST_P521                   YES /* libtpms enabled */
-#endif
-#ifndef ECC_BN_P256
-#define ECC_BN_P256                     YES
-#endif
-#ifndef ECC_BN_P638
-#define ECC_BN_P638                     YES /* libtpms enabled */
-#endif
-#ifndef ECC_SM2_P256
-#define ECC_SM2_P256                    YES /* libtpms enabled */
-#endif
 
-/* Table 0:6 - Defines for Implemented ACT */
+#include "TpmBuildSwitches.h"
+#include "TpmProfile_Common.h"
+#include "TpmProfile_CommandList.h"
+#include "TpmProfile_Misc.h"
+#include "TpmProfile_ErrorCodes.h"
+#include "VendorInfo.h"
 
-#ifndef RH_ACT_0
-#define RH_ACT_0                        NO  /* libtpms: no */
-#endif
-#ifndef RH_ACT_1
-#define RH_ACT_1                        NO
-#endif
-#ifndef RH_ACT_A
-#define RH_ACT_A                        NO  /* libtpms: no */
-#endif
-// libtpms added begin
-#if RH_ACT_0 + RH_ACT_1 + RH_ACT_2 + RH_ACT_3 + RH_ACT_4 + \
-    RH_ACT_1 + RH_ACT_5 + RH_ACT_6 + RH_ACT_7 + RH_ACT_8 + \
-    RH_ACT_9 + RH_ACT_A + RH_ACT_B + RH_ACT_C + RH_ACT_D + \
-    RH_ACT_E + RH_ACT_F == 0
-#define __ACT_DISABLED
-#endif
-// libtpms added end
-
-// Table 0:7 - Defines for Implementation Values
-#ifndef FIELD_UPGRADE_IMPLEMENTED
-#define FIELD_UPGRADE_IMPLEMENTED       NO
-#endif
-
-#ifndef VBOX
-#ifdef TPM_POSIX                       // libtpms added begin
-# include <openssl/bn.h>
-# ifdef THIRTY_TWO_BIT
-#  define RADIX_BITS                     32
-# endif
-# ifdef SIXTY_FOUR_BIT_LONG
-#  define RADIX_BITS                     64
-# endif
-# ifndef RADIX_BITS
-#  error Need to determine RADIX_BITS value
-# endif
-#endif
-#ifdef TPM_WINDOWS
-#define  RADIX_BITS                      32
-#endif                                 // libtpms added end
-#else
-# include <iprt/cdefs.h>
-# if defined(RT_ARCH_AMD64) || defined(RT_ARCH_SPARC64) || defined(RT_ARCH_ARM64)
-#  define RADIX_BITS                     64
-# elif defined(RT_ARCH_X86) || defined(RT_ARCH_SPARC) || defined(RT_ARCH_ARM32)
-#  define  RADIX_BITS                    32
-# else
-#  error "Unknown/missing RT_ARCH_*." /* vbox: 64-bit (cannot safely use ARCH_BITS without including iprt/cdefs.h) */
-# endif
-#endif
-
+//                                      libtpms: added begin
 #ifndef HASH_LIB
 #define HASH_LIB                        Ossl
@@ -216 +82 @@
 #endif
 #ifndef MATH_LIB
-#define MATH_LIB                        Ossl
+#define MATH_LIB                        TpmBigNum
 #endif
-#ifndef IMPLEMENTATION_PCR
-#define IMPLEMENTATION_PCR              24
+#ifndef BN_MATH_LIB
+#define BN_MATH_LIB                     Ossl
 #endif
-#ifndef PLATFORM_PCR
-#define PLATFORM_PCR                    24
-#endif
-#ifndef DRTM_PCR
-#define DRTM_PCR                        17
-#endif
-#ifndef HCRTM_PCR
-#define HCRTM_PCR                       0
-#endif
-#ifndef NUM_LOCALITIES
-#define NUM_LOCALITIES                  5
-#endif
-#ifndef MAX_HANDLE_NUM
-#define MAX_HANDLE_NUM                  3
-#endif
-#ifndef MAX_ACTIVE_SESSIONS
-#define MAX_ACTIVE_SESSIONS             64
-#endif
-#ifndef CONTEXT_SLOT
-#define CONTEXT_SLOT                    UINT16   /* libtpms: changed from UINT8 in v0.9.0 */
-#endif
-#ifndef MAX_LOADED_SESSIONS
-#define MAX_LOADED_SESSIONS             3
-#endif
-#ifndef MAX_SESSION_NUM
-#define MAX_SESSION_NUM                 3
-#endif
-#ifndef MAX_LOADED_OBJECTS
-#define MAX_LOADED_OBJECTS              3
-#endif
-#ifndef MIN_EVICT_OBJECTS
-#define MIN_EVICT_OBJECTS               7 /* libtpms changed -- for PC profile */
-#endif
-#ifndef NUM_POLICY_PCR_GROUP
-#define NUM_POLICY_PCR_GROUP            1
-#endif
-#ifndef NUM_AUTHVALUE_PCR_GROUP
-#define NUM_AUTHVALUE_PCR_GROUP         1
-#endif
-#ifndef MAX_CONTEXT_SIZE
-#define MAX_CONTEXT_SIZE                2680    /* libtpms changed */
-#endif
-#ifndef MAX_DIGEST_BUFFER
-#define MAX_DIGEST_BUFFER               1024
-#endif
-#ifndef MAX_NV_INDEX_SIZE
-#define MAX_NV_INDEX_SIZE               2048
-#endif
-#ifndef MAX_NV_BUFFER_SIZE
-#define MAX_NV_BUFFER_SIZE              1024
-#endif
-#ifndef MAX_CAP_BUFFER
-#define MAX_CAP_BUFFER                  1024
-#endif
+//                                      libtpms: added end
 
-/* for PC client, permits
-
-   1300 bytes reserved
-   7 * 2600 persistent objects
-   4000 NV indexes
-   60 * 68 nv index metadata
-*/
-
-#ifndef NV_MEMORY_SIZE
-/* libtmps: 65 OBJECTs in USER NVRAM expanded by 704 bytes due to size
- * increase of OBJECT from 2048 bit RSA keys to 3072 bit by 704 bytes*/
-#define NV_MEMORY_SIZE                  (128 * 1024 + 65 * 704)  /* libtpms changed */
-#endif
-#ifndef MIN_COUNTER_INDICES
-#define MIN_COUNTER_INDICES             8
-#endif
-#ifndef NUM_STATIC_PCR
-#define NUM_STATIC_PCR                  16
-#endif
-#ifndef MAX_ALG_LIST_SIZE
-#define MAX_ALG_LIST_SIZE               64
-#endif
-#ifndef PRIMARY_SEED_SIZE
-#define PRIMARY_SEED_SIZE               64 /* libtpms: 64 per define USE_SPEC_COMPLIANT_PROOFS */
-#endif
-#ifndef CONTEXT_ENCRYPT_ALGORITHM
-#define CONTEXT_ENCRYPT_ALGORITHM       AES
-#endif
-#ifndef NV_CLOCK_UPDATE_INTERVAL
-#define NV_CLOCK_UPDATE_INTERVAL        12
-#endif
-#ifndef NUM_POLICY_PCR
-#define NUM_POLICY_PCR                  1
-#endif
-#ifndef MAX_COMMAND_SIZE
-#define MAX_COMMAND_SIZE                TPM2_GetBufferSize() /* libtpms changed */
-#endif
-#ifndef MAX_RESPONSE_SIZE
-#define MAX_RESPONSE_SIZE               TPM2_GetBufferSize() /* libtpms changed */
-#endif
-#ifndef ORDERLY_BITS
-#define ORDERLY_BITS                    8
-#endif
-#ifndef MAX_SYM_DATA
-#define MAX_SYM_DATA                    128
-#endif
-#ifndef MAX_RNG_ENTROPY_SIZE
-#define MAX_RNG_ENTROPY_SIZE            64
-#endif
-#ifndef RAM_INDEX_SPACE
-#define RAM_INDEX_SPACE                 512
-#endif
-#ifndef RSA_DEFAULT_PUBLIC_EXPONENT
-#define RSA_DEFAULT_PUBLIC_EXPONENT     0x00010001
-#endif
-#ifndef ENABLE_PCR_NO_INCREMENT
-#define ENABLE_PCR_NO_INCREMENT         YES
-#endif
-#ifndef CRT_FORMAT_RSA
-#define CRT_FORMAT_RSA                  YES
-#endif
-#ifndef VENDOR_COMMAND_COUNT
-#define VENDOR_COMMAND_COUNT            0
-#endif
-#ifndef MAX_VENDOR_BUFFER_SIZE
-#define MAX_VENDOR_BUFFER_SIZE          1024
-#endif
-#ifndef SIZE_OF_X509_SERIAL_NUMBER
-#define SIZE_OF_X509_SERIAL_NUMBER      20
-#endif
-#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES
-#define PRIVATE_VENDOR_SPECIFIC_BYTES                                   \
-    ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2))  /* libtpms: keep as was in rev 150 */
-#endif
-// Table 0:2 - Defines for Implemented Algorithms
-#ifndef ALG_AES
-#define ALG_AES                         ALG_YES
-#endif
-#ifndef ALG_CAMELLIA
-#define ALG_CAMELLIA                    ALG_YES       /* libtpms: YES since v0.9 */
-#endif
-#ifndef ALG_CBC
-#define ALG_CBC                         ALG_YES
-#endif
-#ifndef ALG_CFB
-#define ALG_CFB                         ALG_YES
-#endif
-#ifndef ALG_CMAC
-#define ALG_CMAC                        ALG_YES
-#endif
-#ifndef ALG_CTR
-#define ALG_CTR                         ALG_YES
-#endif
-#ifndef ALG_ECB
-#define ALG_ECB                         ALG_YES
-#endif
-#ifndef ALG_ECC
-#define ALG_ECC                         ALG_YES
-#endif
-#ifndef ALG_ECDAA
-#define ALG_ECDAA                       (ALG_YES && ALG_ECC)
-#endif
-#ifndef ALG_ECDH
-#define ALG_ECDH                        (ALG_YES && ALG_ECC)
-#endif
-#ifndef ALG_ECDSA
-#define ALG_ECDSA                       (ALG_YES && ALG_ECC)
-#endif
-#ifndef ALG_ECMQV
-#define ALG_ECMQV                       (ALG_YES && ALG_ECC) /* libtpms enabled */
-#endif
-#ifndef ALG_ECSCHNORR
-#define ALG_ECSCHNORR                   (ALG_YES && ALG_ECC)
-#endif
-#ifndef ALG_HMAC
-#define ALG_HMAC                        ALG_YES
-#endif
-#ifndef ALG_KDF1_SP800_108
-#define ALG_KDF1_SP800_108              ALG_YES
-#endif
-#ifndef ALG_KDF1_SP800_56A
-#define ALG_KDF1_SP800_56A              (ALG_YES && ALG_ECC)
-#endif
-#ifndef ALG_KDF2
-#define ALG_KDF2                        ALG_YES
-#endif
-#ifndef ALG_KEYEDHASH
-#define ALG_KEYEDHASH                   ALG_YES
-#endif
-#ifndef ALG_MGF1
-#define ALG_MGF1                        ALG_YES
-#endif
-#ifndef ALG_OAEP
-#define ALG_OAEP                        (ALG_YES && ALG_RSA)
-#endif
-#ifndef ALG_OFB
-#define ALG_OFB                         ALG_YES
-#endif
-#ifndef ALG_RSA
-#define ALG_RSA                         ALG_YES
-#endif
-#ifndef ALG_RSAES
-#define ALG_RSAES                       (ALG_YES && ALG_RSA)
-#endif
-#ifndef ALG_RSAPSS
-#define ALG_RSAPSS                      (ALG_YES && ALG_RSA)
-#endif
-#ifndef ALG_RSASSA
-#define ALG_RSASSA                      (ALG_YES && ALG_RSA)
-#endif
-#ifndef ALG_SHA
-#define ALG_SHA                         ALG_NO      /* Not specified by vendor */
-#endif
-#ifndef ALG_SHA1
-#define ALG_SHA1                        ALG_YES
-#endif
-#ifndef ALG_SHA256
-#define ALG_SHA256                      ALG_YES
-#endif
-#ifndef ALG_SHA384
-#define ALG_SHA384                      ALG_YES
-#endif
-#ifndef ALG_SHA3_256
-#define ALG_SHA3_256                    ALG_NO      /* Not specified by vendor */
-#endif
-#ifndef ALG_SHA3_384
-#define ALG_SHA3_384                    ALG_NO      /* Not specified by vendor */
-#endif
-#ifndef ALG_SHA3_512
-#define ALG_SHA3_512                    ALG_NO      /* Not specified by vendor */
-#endif
-#ifndef ALG_SHA512
-#define ALG_SHA512                      ALG_YES
-#endif
-#ifndef ALG_SM2
-#define ALG_SM2                         (ALG_YES && ALG_ECC) /* libtpms enabled */
-#endif
-#ifndef ALG_SM3_256
-#define ALG_SM3_256                     ALG_NO      /* libtpms: NO */
-#endif
-#ifndef ALG_SM4
-#define ALG_SM4                         ALG_NO      /* libtpms: NO */
-#endif
-#ifndef ALG_SYMCIPHER
-#define ALG_SYMCIPHER                   ALG_YES
-#endif
-#ifndef ALG_TDES
-#define ALG_TDES                        ALG_YES /* libtpms enabled */
-#endif
-#ifndef ALG_XOR
-#define ALG_XOR                         ALG_YES
-#endif
-// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants
-#ifndef RSA_1024
-#define RSA_1024                    (ALG_RSA && YES)
-#endif
-#ifndef RSA_2048
-#define RSA_2048                    (ALG_RSA && YES)
-#endif
-#ifndef RSA_3072
-#define RSA_3072                    (ALG_RSA && YES)
-#endif
-#ifndef RSA_4096
-#define RSA_4096                    (ALG_RSA && NO)
-#endif
-#ifndef RSA_16384
-#define RSA_16384                   (ALG_RSA && NO)
-#endif
-
-// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants
-#ifndef AES_128
-#define AES_128                     (ALG_AES && YES)
-#endif
-#ifndef AES_192
-#define AES_192                     (ALG_AES && NO)
-#endif
-#ifndef AES_256
-#define AES_256                     (ALG_AES && YES)
-#endif
-// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants
-#ifndef SM4_128
-#define SM4_128                     (ALG_SM4 && YES)
-#endif
-// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants
-#ifndef CAMELLIA_128
-#define CAMELLIA_128                (ALG_CAMELLIA && YES)
-#endif
-#ifndef CAMELLIA_192
-#define CAMELLIA_192                (ALG_CAMELLIA && NO)
-#endif
-#ifndef CAMELLIA_256
-#define CAMELLIA_256                (ALG_CAMELLIA && YES)
-#endif
-// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants
-#ifndef TDES_128
-#define TDES_128                    (ALG_TDES && YES)
-#endif
-#ifndef TDES_192
-#define TDES_192                    (ALG_TDES && YES)
-#endif
-// Table 0:5 - Defines for Implemented Commands
-#ifndef CC_ACT_SetTimeout
-#define CC_ACT_SetTimeout                   CC_NO       /* libtpms: NO */
-#endif
-#ifndef CC_AC_GetCapability
-#define CC_AC_GetCapability                 CC_NO       /* kgold */
-#endif
-#ifndef CC_AC_Send
-#define CC_AC_Send                          CC_NO       /* kgold */
-#endif
-#ifndef CC_ActivateCredential
-#define CC_ActivateCredential               CC_YES
-#endif
-#ifndef CC_Certify
-#define CC_Certify                          CC_YES
-#endif
-#ifndef CC_CertifyCreation
-#define CC_CertifyCreation                  CC_YES
-#endif
-#ifndef CC_CertifyX509
-#define CC_CertifyX509                      CC_YES
-#endif
-#ifndef CC_ChangeEPS
-#define CC_ChangeEPS                        CC_YES
-#endif
-#ifndef CC_ChangePPS
-#define CC_ChangePPS                        CC_YES
-#endif
-#ifndef CC_Clear
-#define CC_Clear                            CC_YES
-#endif
-#ifndef CC_ClearControl
-#define CC_ClearControl                     CC_YES
-#endif
-#ifndef CC_ClockRateAdjust
-#define CC_ClockRateAdjust                  CC_YES
-#endif
-#ifndef CC_ClockSet
-#define CC_ClockSet                         CC_YES
-#endif
-#ifndef CC_Commit
-#define CC_Commit                           (CC_YES && ALG_ECC)
-#endif
-#ifndef CC_ContextLoad
-#define CC_ContextLoad                      CC_YES
-#endif
-#ifndef CC_ContextSave
-#define CC_ContextSave                      CC_YES
-#endif
-#ifndef CC_Create
-#define CC_Create                           CC_YES
-#endif
-#ifndef CC_CreateLoaded
-#define CC_CreateLoaded                     CC_YES
-#endif
-#ifndef CC_CreatePrimary
-#define CC_CreatePrimary                    CC_YES
-#endif
-#ifndef CC_DictionaryAttackLockReset
-#define CC_DictionaryAttackLockReset        CC_YES
-#endif
-#ifndef CC_DictionaryAttackParameters
-#define CC_DictionaryAttackParameters       CC_YES
-#endif
-#ifndef CC_Duplicate
-#define CC_Duplicate                        CC_YES
-#endif
-#ifndef CC_ECC_Decrypt
-#define CC_ECC_Decrypt                      (CC_NO && ALG_ECC)
-#endif
-#ifndef CC_ECC_Encrypt
-#define CC_ECC_Encrypt                      (CC_NO && ALG_ECC)
-#endif
-#ifndef CC_ECC_Parameters
-#define CC_ECC_Parameters                   (CC_YES && ALG_ECC)
-#endif
-#ifndef CC_ECDH_KeyGen
-#define CC_ECDH_KeyGen                      (CC_YES && ALG_ECC)
-#endif
-#ifndef CC_ECDH_ZGen
-#define CC_ECDH_ZGen                        (CC_YES && ALG_ECC)
-#endif
-#ifndef CC_EC_Ephemeral
-#define CC_EC_Ephemeral                     (CC_YES && ALG_ECC)
-#endif
-#ifndef CC_EncryptDecrypt
-#define CC_EncryptDecrypt                   CC_YES
-#endif
-#ifndef CC_EncryptDecrypt2
-#define CC_EncryptDecrypt2                  CC_YES
-#endif
-#ifndef CC_EventSequenceComplete
-#define CC_EventSequenceComplete            CC_YES
-#endif
-#ifndef CC_EvictControl
-#define CC_EvictControl                     CC_YES
-#endif
-#ifndef CC_FieldUpgradeData
-#define CC_FieldUpgradeData                 CC_NO
-#endif
-#ifndef CC_FieldUpgradeStart
-#define CC_FieldUpgradeStart                CC_NO
-#endif
-#ifndef CC_FirmwareRead
-#define CC_FirmwareRead                     CC_NO
-#endif
-#ifndef CC_FlushContext
-#define CC_FlushContext                     CC_YES
-#endif
-#ifndef CC_GetCapability
-#define CC_GetCapability                    CC_YES
-#endif
-#ifndef CC_GetCommandAuditDigest
-#define CC_GetCommandAuditDigest            CC_YES
-#endif
-#ifndef CC_GetRandom
-#define CC_GetRandom                        CC_YES
-#endif
-#ifndef CC_GetSessionAuditDigest
-#define CC_GetSessionAuditDigest            CC_YES
-#endif
-#ifndef CC_GetTestResult
-#define CC_GetTestResult                    CC_YES
-#endif
-#ifndef CC_GetTime
-#define CC_GetTime                          CC_YES
-#endif
-#ifndef CC_HMAC
-#define CC_HMAC                             (CC_YES && !ALG_CMAC)
-#endif
-#ifndef CC_HMAC_Start
-#define CC_HMAC_Start                       (CC_YES && !ALG_CMAC)
-#endif
-#ifndef CC_Hash
-#define CC_Hash                             CC_YES
-#endif
-#ifndef CC_HashSequenceStart
-#define CC_HashSequenceStart                CC_YES
-#endif
-#ifndef CC_HierarchyChangeAuth
-#define CC_HierarchyChangeAuth              CC_YES
-#endif
-#ifndef CC_HierarchyControl
-#define CC_HierarchyControl                 CC_YES
-#endif
-#ifndef CC_Import
-#define CC_Import                           CC_YES
-#endif
-#ifndef CC_IncrementalSelfTest
-#define CC_IncrementalSelfTest              CC_YES
-#endif
-#ifndef CC_Load
-#define CC_Load                             CC_YES
-#endif
-#ifndef CC_LoadExternal
-#define CC_LoadExternal                     CC_YES
-#endif
-#ifndef CC_MAC
-#define CC_MAC                              (CC_YES && ALG_CMAC)
-#endif
-#ifndef CC_MAC_Start
-#define CC_MAC_Start                        (CC_YES && ALG_CMAC)
-#endif
-#ifndef CC_MakeCredential
-#define CC_MakeCredential                   CC_YES
-#endif
-#ifndef CC_NV_Certify
-#define CC_NV_Certify                       CC_YES
-#endif
-#ifndef CC_NV_ChangeAuth
-#define CC_NV_ChangeAuth                    CC_YES
-#endif
-#ifndef CC_NV_DefineSpace
-#define CC_NV_DefineSpace                   CC_YES
-#endif
-#ifndef CC_NV_Extend
-#define CC_NV_Extend                        CC_YES
-#endif
-#ifndef CC_NV_GlobalWriteLock
-#define CC_NV_GlobalWriteLock               CC_YES
-#endif
-#ifndef CC_NV_Increment
-#define CC_NV_Increment                     CC_YES
-#endif
-#ifndef CC_NV_Read
-#define CC_NV_Read                          CC_YES
-#endif
-#ifndef CC_NV_ReadLock
-#define CC_NV_ReadLock                      CC_YES
-#endif
-#ifndef CC_NV_ReadPublic
-#define CC_NV_ReadPublic                    CC_YES
-#endif
-#ifndef CC_NV_SetBits
-#define CC_NV_SetBits                       CC_YES
-#endif
-#ifndef CC_NV_UndefineSpace
-#define CC_NV_UndefineSpace                 CC_YES
-#endif
-#ifndef CC_NV_UndefineSpaceSpecial
-#define CC_NV_UndefineSpaceSpecial          CC_YES
-#endif
-#ifndef CC_NV_Write
-#define CC_NV_Write                         CC_YES
-#endif
-#ifndef CC_NV_WriteLock
-#define CC_NV_WriteLock                     CC_YES
-#endif
-#ifndef CC_ObjectChangeAuth
-#define CC_ObjectChangeAuth                 CC_YES
-#endif
-#ifndef CC_PCR_Allocate
-#define CC_PCR_Allocate                     CC_YES
-#endif
-#ifndef CC_PCR_Event
-#define CC_PCR_Event                        CC_YES
-#endif
-#ifndef CC_PCR_Extend
-#define CC_PCR_Extend                       CC_YES
-#endif
-#ifndef CC_PCR_Read
-#define CC_PCR_Read                         CC_YES
-#endif
-#ifndef CC_PCR_Reset
-#define CC_PCR_Reset                        CC_YES
-#endif
-#ifndef CC_PCR_SetAuthPolicy
-#define CC_PCR_SetAuthPolicy                CC_YES
-#endif
-#ifndef CC_PCR_SetAuthValue
-#define CC_PCR_SetAuthValue                 CC_YES
-#endif
-#ifndef CC_PP_Commands
-#define CC_PP_Commands                      CC_YES
-#endif
-#ifndef CC_PolicyAuthValue
-#define CC_PolicyAuthValue                  CC_YES
-#endif
-#ifndef CC_PolicyAuthorize
-#define CC_PolicyAuthorize                  CC_YES
-#endif
-#ifndef CC_PolicyAuthorizeNV
-#define CC_PolicyAuthorizeNV                CC_YES
-#endif
-#ifndef CC_PolicyCommandCode
-#define CC_PolicyCommandCode                CC_YES
-#endif
-#ifndef CC_PolicyCounterTimer
-#define CC_PolicyCounterTimer               CC_YES
-#endif
-#ifndef CC_PolicyCpHash
-#define CC_PolicyCpHash                     CC_YES
-#endif
-#ifndef CC_PolicyDuplicationSelect
-#define CC_PolicyDuplicationSelect          CC_YES
-#endif
-#ifndef CC_PolicyGetDigest
-#define CC_PolicyGetDigest                  CC_YES
-#endif
-#ifndef CC_PolicyLocality
-#define CC_PolicyLocality                   CC_YES
-#endif
-#ifndef CC_PolicyNV
-#define CC_PolicyNV                         CC_YES
-#endif
-#ifndef CC_PolicyNameHash
-#define CC_PolicyNameHash                   CC_YES
-#endif
-#ifndef CC_PolicyNvWritten
-#define CC_PolicyNvWritten                  CC_YES
-#endif
-#ifndef CC_PolicyOR
-#define CC_PolicyOR                         CC_YES
-#endif
-#ifndef CC_PolicyPCR
-#define CC_PolicyPCR                        CC_YES
-#endif
-#ifndef CC_PolicyPassword
-#define CC_PolicyPassword                   CC_YES
-#endif
-#ifndef CC_PolicyPhysicalPresence
-#define CC_PolicyPhysicalPresence           CC_YES
-#endif
-#ifndef CC_PolicyRestart
-#define CC_PolicyRestart                    CC_YES
-#endif
-#ifndef CC_PolicySecret
-#define CC_PolicySecret                     CC_YES
-#endif
-#ifndef CC_PolicySigned
-#define CC_PolicySigned                     CC_YES
-#endif
-#ifndef CC_PolicyTemplate
-#define CC_PolicyTemplate                   CC_YES
-#endif
-#ifndef CC_PolicyTicket
-#define CC_PolicyTicket                     CC_YES
-#endif
-#ifndef CC_Policy_AC_SendSelect
-#define CC_Policy_AC_SendSelect             CC_NO       /* kgold */
-#endif
-#ifndef CC_Quote
-#define CC_Quote                            CC_YES
-#endif
-#ifndef CC_RSA_Decrypt
-#define CC_RSA_Decrypt                      (CC_YES && ALG_RSA)
-#endif
-#ifndef CC_RSA_Encrypt
-#define CC_RSA_Encrypt                      (CC_YES && ALG_RSA)
-#endif
-#ifndef CC_ReadClock
-#define CC_ReadClock                        CC_YES
-#endif
-#ifndef CC_ReadPublic
-#define CC_ReadPublic                       CC_YES
-#endif
-#ifndef CC_Rewrap
-#define CC_Rewrap                           CC_YES
-#endif
-#ifndef CC_SelfTest
-#define CC_SelfTest                         CC_YES
-#endif
-#ifndef CC_SequenceComplete
-#define CC_SequenceComplete                 CC_YES
-#endif
-#ifndef CC_SequenceUpdate
-#define CC_SequenceUpdate                   CC_YES
-#endif
-#ifndef CC_SetAlgorithmSet
-#define CC_SetAlgorithmSet                  CC_YES
-#endif
-#ifndef CC_SetCommandCodeAuditStatus
-#define CC_SetCommandCodeAuditStatus        CC_YES
-#endif
-#ifndef CC_SetPrimaryPolicy
-#define CC_SetPrimaryPolicy                 CC_YES
-#endif
-#ifndef CC_Shutdown
-#define CC_Shutdown                         CC_YES
-#endif
-#ifndef CC_Sign
-#define CC_Sign                             CC_YES
-#endif
-#ifndef CC_StartAuthSession
-#define CC_StartAuthSession                 CC_YES
-#endif
-#ifndef CC_Startup
-#define CC_Startup                          CC_YES
-#endif
-#ifndef CC_StirRandom
-#define CC_StirRandom                       CC_YES
-#endif
-#ifndef CC_TestParms
-#define CC_TestParms                        CC_YES
-#endif
-#ifndef CC_Unseal
-#define CC_Unseal                           CC_YES
-#endif
-#ifndef CC_Vendor_TCG_Test
-#define CC_Vendor_TCG_Test                  CC_NO /* libtpms changed */
-#endif
-#ifndef CC_VerifySignature
-#define CC_VerifySignature                  CC_YES
-#endif
-#ifndef CC_ZGen_2Phase
-#define CC_ZGen_2Phase                      (CC_YES && ALG_ECC)
-#endif
-#endif // _TPM_PROFIL
+#endif  // _TPM_PROFILE_H_

trunk/src/libs/libtpms-0.10.0/src/tpm2/Volatile.c ¶

@@ -45 +45 @@
 # include <endian.h>
 #endif
-#endif
+#endif /* VBOX */
 #include <string.h>
 

trunk/src/libs/libtpms-0.10.0/src/tpm_library.c ¶

@@ -521 +521 @@
 int TPMLIB_LogPrintf(const char *format, ...)
 {
-#ifndef VBOX
+#ifndef VBOX    
     unsigned level = debug_level, i;
     va_list args;

trunk/src/libs/libtpms-0.10.0/src/tpm_library_conf.h ¶

@@ -169 +169 @@
 #define TPM_LONG_DURATION     (300 * 1000 * 1000)
 
-
 #ifdef VBOX
 # if defined(RT_OS_WINDOWS)
@@ -195 +194 @@
 # endif
 #endif
+
 #endif /* TPM_LIBRARY_CONF_H */

trunk/src/libs/libtpms-0.10.0/src/tpm_library_intern.h ¶

@@ -118 +118 @@
 #define TPMLIB_LogTPM2Error(format, ...) \
      TPMLIB_LogPrintfA(~0, "libtpms/tpm2: "format, __VA_ARGS__)
-#else
+#else /* !VBOX*/
 # define TPMLIB_LogError(format, ...)
 # define TPMLIB_LogTPM12Error(format, ...)
 # define TPMLIB_LogTPM2Error(format, ...)
-#endif
-
+#endif /* !VBOX*/
+     
 int TPMLIB_asprintf(char **strp, const char *fmt, ...);