Projects
Mega:23.09
libtpms
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:libtpms.spec
Changed
@@ -2,7 +2,7 @@ %define name libtpms %define version 0.9.5 -%define release 2 +%define release 4 # Valid crypto subsystems are 'freebl' and 'openssl' %if "%{?crypto_subsystem}" == "" @@ -23,6 +23,7 @@ Provides: libtpms-%{crypto_subsystem} = %{version}-%{release} Patch0: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch +Patch1: 0002-tpm2-add-SM3-and-SM4-support.patch %if "%{crypto_subsystem}" == "openssl" BuildRequires: openssl-devel @@ -77,6 +78,10 @@ %build +%if "%toolchain" == "clang" +export CFLAGS="${CFLAGS} -Wno-self-assign" +%endif + %if "%{crypto_subsystem}" == "openssl" %define _with_openssl --with-openssl %endif @@ -115,6 +120,12 @@ %postun -p /sbin/ldconfig %changelog +* Sat Nov 04 2023 fly2x <fly2x@hitls.org> - 0.9.5-4 +- Add SM3 and SM4 support + +* Tue Oct 10 2023 zhoujing <zhoujing106@huawei.com> - 0.9.5-3 +- Add -Wno-self-assign for building with clang + * Tue Mar 07 2023 jiangfangjie <jiangfangjie@huawei.com> - 0.9.5-2 - fix CVE-2023--1018 and CVE-2023-1017
View file
_service:tar_scm:0002-tpm2-add-SM3-and-SM4-support.patch
Added
@@ -0,0 +1,830 @@ +From 88d5468aaa577566eb5384d4e65f092adaf85afd Mon Sep 17 00:00:00 2001 +From: fly2x <fly2x@hitls.org> +Date: Thu, 2 Nov 2023 08:17:38 +0800 +Subject: PATCH tpm2 add SM3 and SM4 support + +--- + configure.ac | 14 +++ + src/tpm2/AlgorithmTests.c | 1 + + src/tpm2/HashTestData.h | 6 +- + src/tpm2/Marshal.c | 11 +- + src/tpm2/Marshal_fp.h | 4 + + src/tpm2/NVMarshal.c | 156 ++++++++++++++++++++++-- + src/tpm2/StateMarshal.c | 2 - + src/tpm2/SymmetricTest.h | 2 +- + src/tpm2/SymmetricTestData.h | 4 +- + src/tpm2/TpmProfile.h | 1 + + src/tpm2/Unmarshal_fp.h | 4 + + src/tpm2/Volatile.c | 2 - + src/tpm2/crypto/CryptSym.h | 4 + + src/tpm2/crypto/openssl/CryptCmac.c | 11 +- + src/tpm2/crypto/openssl/CryptSym.c | 18 +++ + src/tpm2/crypto/openssl/Helpers.c | 101 ++++++++++++++- + src/tpm2/crypto/openssl/TpmToOsslHash.h | 25 ++-- + src/tpm2/crypto/openssl/TpmToOsslSym.h | 33 ++--- + src/tpm_tpm2_interface.c | 3 + + 19 files changed, 351 insertions(+), 51 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d6a6c5e..f488467 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -106,6 +106,20 @@ AC_ARG_WITH(openssl, + + ) + ++AC_ARG_WITH(openssl-SM, ++ AS_HELP_STRING(--with-openssl-SM, libtpms supports SM3 and SM4, default not support), with_openssl_SM=yes, with_openssl_SM=no ++) ++ ++AS_IF(test "x$with_openssl_SM" != "xno", ++ AC_DEFINE(ALG_SM3_256, 1, 1 denotes to support SM3, and 0 not support) ++ AC_DEFINE(ALG_SM4, 1, 1 denotes to support SM4, and 0 not support) ++) ++ ++AS_IF(test "x$with_openssl_SM" = "xno", ++ AC_DEFINE(ALG_SM3_256, 0, 1 denotes to support SM3, and 0 not support) ++ AC_DEFINE(ALG_SM4, 0, 1 denotes to support SM4, and 0 not support) ++) ++ + case "$cryptolib" in + freebl) + AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true) +diff --git a/src/tpm2/AlgorithmTests.c b/src/tpm2/AlgorithmTests.c +index 08ee6b0..9cb2e29 100644 +--- a/src/tpm2/AlgorithmTests.c ++++ b/src/tpm2/AlgorithmTests.c +@@ -846,6 +846,7 @@ TestAlgorithm( + // if SM4 is implemented, its test is like other block ciphers but there + // aren't any test vectors for it yet + // case TPM_ALG_SM4: ++ case TPM_ALG_SM4: /* libtpms added */ + #endif + #if ALG_CAMELLIA + case TPM_ALG_CAMELLIA: // libtpms activated +diff --git a/src/tpm2/HashTestData.h b/src/tpm2/HashTestData.h +index ea0b0af..fe5d25d 100644 +--- a/src/tpm2/HashTestData.h ++++ b/src/tpm2/HashTestData.h +@@ -130,7 +130,11 @@ TPM2B_SHA512 c_SHA512_digest = {{64, { + TPM2B_TYPE(EMPTY, 1); + + #if ALG_SM3_256 == YES +-TPM2B_EMPTY c_SM3_256_digest = {{0, {0}}}; ++TPM2B_TYPE(SM3_256, 32); ++TPM2B_SM3_256 c_SM3_256_digest = {{32, { ++ 0xbb,0x9e,0x23,0x79,0xfe,0xbb,0xf8,0xb0,0x1d,0x27,0x5f,0x30,0x71,0xbe,0xce,0x8a, ++ 0xb7,0x3f,0xee,0x6b,0xed,0xd7,0xee,0x45,0x4f,0x80,0xca,0x70,0x6c,0x09,0xb6,0x1a ++ }}}; + #endif + + #if ALG_SHA3_256 == YES +diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c +index fe83b21..706acdc 100644 +--- a/src/tpm2/Marshal.c ++++ b/src/tpm2/Marshal.c +@@ -1178,7 +1178,15 @@ TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) + written += TPM_KEY_BITS_Marshal(source, buffer, size); + return written; + } +- ++#if ALG_SM4 // libtpms add ++UINT16 ++TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) ++{ ++ UINT16 written = 0; ++ written += TPM_KEY_BITS_Marshal(source, buffer, size); ++ return written; ++} ++#endif + UINT16 // libtpms added begin + TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) + { +@@ -1186,7 +1194,6 @@ TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *siz + written += TPM_KEY_BITS_Marshal(source, buffer, size); + return written; + } +- + #if ALG_CAMELLIA + UINT16 + TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size) +diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h +index d52f497..e7562ef 100644 +--- a/src/tpm2/Marshal_fp.h ++++ b/src/tpm2/Marshal_fp.h +@@ -238,6 +238,10 @@ extern "C" { + TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); + UINT16 + TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); ++#if ALG_SM4 // libtpms added ++ UINT16 ++ TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); ++#endif + UINT16 // libtpms added + TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); + UINT16 +diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c +index c7cd1e0..e2f83de 100644 +--- a/src/tpm2/NVMarshal.c ++++ b/src/tpm2/NVMarshal.c +@@ -774,8 +774,8 @@ PCR_SAVE_Marshal(PCR_SAVE *data, BYTE **buffer, INT32 *size) + written += Array_Marshal((BYTE *)&data->Sm3_256, array_size, + buffer, size); + #endif +-#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256 +-#error SHA3 and SM3 are not supported ++#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 ++#error SHA3 is not supported + #endif + + /* end marker */ +@@ -879,8 +879,8 @@ PCR_SAVE_Unmarshal(PCR_SAVE *data, BYTE **buffer, INT32 *size, + t = (BYTE *)&data->Sm3_256; + break; + #endif +-#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256 +-#error SHA3 and SM3 are not supported ++#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 ++#error SHA3 is not supported + #endif + case TPM_ALG_NULL: + /* end marker */ +@@ -990,8 +990,8 @@ PCR_Marshal(PCR *data, BYTE **buffer, INT32 *size) + written += Array_Marshal((BYTE *)&data->Sm3_256Pcr, array_size, + buffer, size); + #endif +-#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256 +-#error SHA3 and SM3 are not supported ++#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 ++#error SHA3 is not supported + #endif + + /* end marker */ +@@ -1061,8 +1061,8 @@ PCR_Unmarshal(PCR *data, BYTE **buffer, INT32 *size, + t = (BYTE *)&data->Sm3_256Pcr; + break; + #endif +-#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 || ALG_SM3_256 +-#error SHA3 and SM3 are not supported ++#if ALG_SHA3_256 || ALG_SHA3_384 || ALG_SHA3_512 ++#error SHA3 is not supported + #endif + case TPM_ALG_NULL: + /* end marker */ +@@ -2032,6 +2032,134 @@ skip_future_versions: + } + #endif + ++#if ALG_SM3_256 ++ ++#define HASH_STATE_SM3_256_MAGIC 0x10854a09 ++#define HASH_STATE_SM3_256_VERSION 2 ++ ++static UINT16 ++tpmHashStateSM3_256_Marshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 *size, ++ UINT16 hashAlg) ++{ ++ UINT16 written = 0; ++ UINT16 array_size; ++ SM3_CTX *sm3_ctx = NULL; ++ BLOCK_SKIP_INIT; ++ ++ sm3_ctx = EVP_MD_CTX_md_data(*data); ++ written = NV_HEADER_Marshal(buffer, size, ++ HASH_STATE_SM3_256_VERSION, ++ HASH_STATE_SM3_256_MAGIC, 1); ++ written += UINT32_Marshal(&sm3_ctx->A, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->B, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->C, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->D, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->E, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->F, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->G, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->H, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->Nl, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->Nh, buffer, size); ++ /* data must be written as array */ ++ array_size = sizeof(sm3_ctx->data); ++ written += UINT16_Marshal(&array_size, buffer, size); ++ written += Array_Marshal((BYTE *)&sm3_ctx->data0, array_size, buffer, size); ++ written += UINT32_Marshal(&sm3_ctx->num, buffer, size); ++ written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); ++ /* future versions append below this line */ ++ ++ BLOCK_SKIP_WRITE_POP(size); ++ ++ BLOCK_SKIP_WRITE_CHECK; ++ ++ return written; ++} ++ ++static UINT16 ++tpmHashStateSM3_256_Unmarshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 *size, ++ UINT16 hashAlg) ++{ ++ UINT16 rc = TPM_RC_SUCCESS; ++ UINT16 array_size; ++ NV_HEADER hdr; ++ SM3_CTX *sm3_ctx = NULL; ++ ++ (*data) = EVP_MD_CTX_new(); ++ if ((*data) == NULL) { ++ rc = TPM_RC_FAILURE; ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ EVP_DigestInit_ex(*data, EVP_sm3(), NULL); ++ sm3_ctx = EVP_MD_CTX_md_data(*data); ++ } ++ ++ if (rc == TPM_RC_SUCCESS) { ++ rc = NV_HEADER_Unmarshal(&hdr, buffer, size, ++ HASH_STATE_SM3_256_VERSION, ++ HASH_STATE_SM3_256_MAGIC); ++ } ++ ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->A, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->B, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->C, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->D, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->E, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->F, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->G, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->H, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->Nl, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->Nh, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT16_Unmarshal(&array_size, buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS && ++ array_size != sizeof(sm3_ctx->data)) { ++ TPMLIB_LogTPM2Error("HASH_STATE_SM3_256: Bad array size for data; " ++ "expected %zu, got %u\n", ++ sizeof(sm3_ctx->data), array_size); ++ rc = TPM_RC_BAD_PARAMETER; ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = Array_Unmarshal((BYTE *)&sm3_ctx->data0, array_size, ++ buffer, size); ++ } ++ if (rc == TPM_RC_SUCCESS) { ++ rc = UINT32_Unmarshal(&sm3_ctx->num, buffer, size); ++ } ++ ++ /* version 2 starts having indicator for next versions that we can skip; ++ this allows us to downgrade state */ ++ if (rc == TPM_RC_SUCCESS && hdr.version >= 2) { ++ BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size, ++ "HASH_STATE_SM3_256", "version 3 or later"); ++ /* future versions nest-append here */ ++ } ++skip_future_versions: ++ ++ return rc; ++} ++#endif ++ + #define ANY_HASH_STATE_MAGIC 0x349d494b + #define ANY_HASH_STATE_VERSION 2 + +@@ -2068,6 +2196,12 @@ ANY_HASH_STATE_Marshal(ANY_HASH_STATE *data, BYTE **buffer, INT32 *size, + written += tpmHashStateSHA512_Marshal(&data->Sha512, buffer, size, + ALG_SHA512_VALUE); + break; ++#endif ++#if ALG_SM3_256 ++ case ALG_SM3_256_VALUE: ++ written += tpmHashStateSM3_256_Marshal(&data->Sm3_256, buffer, size, ++ ALG_SM3_256_VALUE); ++ break; + #endif + default: + break; +@@ -2118,6 +2252,12 @@ ANY_HASH_STATE_Unmarshal(ANY_HASH_STATE *data, BYTE **buffer, INT32 *size, + rc = tpmHashStateSHA512_Unmarshal(&data->Sha512, buffer, size, + ALG_SHA512_VALUE); + break; ++#endif ++#if ALG_SM3_256 ++ case ALG_SM3_256_VALUE: ++ rc = tpmHashStateSM3_256_Unmarshal(&data->Sm3_256, buffer, size, ++ ALG_SM3_256_VALUE); ++ break; + #endif + } + +diff --git a/src/tpm2/StateMarshal.c b/src/tpm2/StateMarshal.c +index fbb2662..3eabaf8 100644 +--- a/src/tpm2/StateMarshal.c ++++ b/src/tpm2/StateMarshal.c +@@ -38,8 +38,6 @@ + + #include <stdlib.h> + +-#include "config.h" +- + #include "StateMarshal.h" + #include "Volatile.h" + +diff --git a/src/tpm2/SymmetricTest.h b/src/tpm2/SymmetricTest.h +index 058f50a..8083191 100644 +--- a/src/tpm2/SymmetricTest.h ++++ b/src/tpm2/SymmetricTest.h +@@ -96,7 +96,7 @@ const SYMMETRIC_TEST_VECTOR c_symTestValuesNUM_SYMS + 1 = { + #if ALG_SM4 && SM4_128 // libtpms activated + {TPM_ALG_SM4, 128, key_SM4128, 16, sizeof(dataIn_SM4128), dataIn_SM4128, + {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, +- dataOut_SM4128_CFB, dataOut_AES128_ECB}}, ++ dataOut_SM4128_CFB, dataOut_SM4128_ECB}}, + #endif + // libtpms added begin + #if ALG_TDES && TDES_128 +diff --git a/src/tpm2/SymmetricTestData.h b/src/tpm2/SymmetricTestData.h +index 77321fa..f8a8e7e 100644 +--- a/src/tpm2/SymmetricTestData.h ++++ b/src/tpm2/SymmetricTestData.h +@@ -367,7 +367,7 @@ const BYTE dataOut_SM4128_ECB = { + 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9, + 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04, + 0x00, 0x2A, 0x8A, 0x4E, 0xFA, 0x86, 0x3C, 0xCA, +- 0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2} ++ 0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2}; + const BYTE dataOut_SM4128_CBC = { + 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48, + 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB, +@@ -389,7 +389,7 @@ const BYTE dataOut_SM4128_OFB = { + echo "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFAAAAAAAABBBBBBBB" | xxd -p -r > plain.txt + openssl enc -sm4-ctr -in plain.txt -iv "F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF" -out out.txt -K "0123456789ABCDEFFEDCBA9876543210" + */ +-const BYTE dataOut_SM4_CTR = { ++const BYTE dataOut_SM4128_CTR = { + 0xF4, 0x88, 0x4C, 0x6D, 0x39, 0x7E, 0x0B, 0x06, + 0x3D, 0xAC, 0xD9, 0x46, 0x1A, 0xA4, 0xA5, 0x6A, + 0x60, 0xDD, 0xA7, 0x5F, 0x86, 0xBC, 0xFE, 0xA4, +diff --git a/src/tpm2/TpmProfile.h b/src/tpm2/TpmProfile.h +index 49aaad1..5dd3be2 100644 +--- a/src/tpm2/TpmProfile.h ++++ b/src/tpm2/TpmProfile.h +@@ -65,6 +65,7 @@ + // A.2 TpmProfile.h + #ifndef _TPM_PROFILE_H_ + #define _TPM_PROFILE_H_ ++#include "config.h" /* libtpms added */ + // Table 2:4 - Defines for Logic Values + #undef TRUE + #define TRUE 1 +diff --git a/src/tpm2/Unmarshal_fp.h b/src/tpm2/Unmarshal_fp.h +index e541347..9ffdf5e 100644 +--- a/src/tpm2/Unmarshal_fp.h ++++ b/src/tpm2/Unmarshal_fp.h +@@ -295,6 +295,10 @@ extern "C" { + #endif /* libtpms added */ + LIB_EXPORT TPM_RC + TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); ++#if ALG_SM4 /* libtpms added */ ++ LIB_EXPORT TPM_RC ++ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); ++#endif + LIB_EXPORT TPM_RC + TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size); + LIB_EXPORT TPM_RC /* libtpms added */ +diff --git a/src/tpm2/Volatile.c b/src/tpm2/Volatile.c +index ff15c7f..6ff6330 100644 +--- a/src/tpm2/Volatile.c ++++ b/src/tpm2/Volatile.c +@@ -45,8 +45,6 @@ + #endif + #include <string.h> + +-#include "config.h" +- + #include "assert.h" + #include "NVMarshal.h" + #include "Volatile.h" +diff --git a/src/tpm2/crypto/CryptSym.h b/src/tpm2/crypto/CryptSym.h +index 66cfb97..6e7e5d3 100644 +--- a/src/tpm2/crypto/CryptSym.h ++++ b/src/tpm2/crypto/CryptSym.h +@@ -124,6 +124,8 @@ typedef union tpmCryptKeySchedule_t { + # define DECRYPT(keySchedule, in, out) \ + decrypt(SWIZZLE(keySchedule, in, out)) + ++#define FINAL(keySchedule) final((void *)(keySchedule)) // libtpms added ++ + /* Note that the macros rely on encrypt as local values in the functions that use these + macros. Those parameters are set by the macro that set the key schedule to be used for the + call. */ +@@ -132,11 +134,13 @@ typedef union tpmCryptKeySchedule_t { + case TPM_ALG_##ALG: \ + TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ + encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ ++ final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; /* libtpms added */ \ + break; + #define DECRYPT_CASE(ALG, alg) \ + case TPM_ALG_##ALG: \ + TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ + decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ ++ final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; /* libtpms added */ \ + break; + + #endif +diff --git a/src/tpm2/crypto/openssl/CryptCmac.c b/src/tpm2/crypto/openssl/CryptCmac.c +index 0461e78..2cc98d2 100644 +--- a/src/tpm2/crypto/openssl/CryptCmac.c ++++ b/src/tpm2/crypto/openssl/CryptCmac.c +@@ -120,6 +120,7 @@ CryptCmacData( + UINT16 keySizeInBits = cmacState->keySizeBits; + tpmCryptKeySchedule_t keySchedule; + TpmCryptSetSymKeyCall_t encrypt; ++ TpmCryptSymFinal_t final; /* libtpms added */ + // + memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */ + // Set up the encryption values based on the algorithm +@@ -142,6 +143,10 @@ CryptCmacData( + cmacState->iv.t.buffercmacState->bcount ^= *buffer++; + } + } ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + } + + /* 10.2.6.3.3 CryptCmacEnd() */ +@@ -162,6 +167,7 @@ CryptCmacEnd( + UINT16 keySizeInBits = cState->keySizeBits; + tpmCryptKeySchedule_t keySchedule; + TpmCryptSetSymKeyCall_t encrypt; ++ TpmCryptSymFinal_t final; /* libtpms added */ + TPM2B_IV subkey = {{0, {0}}}; + BOOL xorVal; + UINT16 i; +@@ -203,7 +209,10 @@ CryptCmacEnd( + ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); + i = (UINT16)MIN(cState->iv.t.size, outSize); + MemoryCopy(outBuffer, cState->iv.t.buffer, i); +- ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + return i; + } + +diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c +index c8a0497..3be1d3c 100644 +--- a/src/tpm2/crypto/openssl/CryptSym.c ++++ b/src/tpm2/crypto/openssl/CryptSym.c +@@ -175,6 +175,7 @@ CryptSymmetricEncrypt( + tpmCryptKeySchedule_t keySchedule; + INT16 blockSize; + TpmCryptSetSymKeyCall_t encrypt; ++ TpmCryptSymFinal_t final; /* libtpms added */ + BYTE *iv; + BYTE defaultIvMAX_SYM_BLOCK_SIZE = {0}; + // +@@ -294,8 +295,16 @@ CryptSymmetricEncrypt( + break; + #endif + default: ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + return TPM_RC_FAILURE; + } ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + return TPM_RC_SUCCESS; + } + /* 10.2.20.5.1 CryptSymmetricDecrypt() */ +@@ -326,6 +335,7 @@ CryptSymmetricDecrypt( + BYTE *iv; + TpmCryptSetSymKeyCall_t encrypt; + TpmCryptSetSymKeyCall_t decrypt; ++ TpmCryptSymFinal_t final; /* libtpms added */ + BYTE defaultIvMAX_SYM_BLOCK_SIZE = {0}; + + memset(&keySchedule, 0, sizeof(keySchedule)); // libtpms added; coverity +@@ -466,8 +476,16 @@ CryptSymmetricDecrypt( + break; + #endif + default: ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + return TPM_RC_FAILURE; + } ++ /* libtpms added begin */ ++ if (final) ++ FINAL(&keySchedule); ++ /* libtpms added end */ + return TPM_RC_SUCCESS; + } + +diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c +index 896e37d..1711496 100644 +--- a/src/tpm2/crypto/openssl/Helpers.c ++++ b/src/tpm2/crypto/openssl/Helpers.c +@@ -63,8 +63,6 @@ + #include "Helpers_fp.h" + #include "TpmToOsslMath_fp.h" + +-#include "config.h" +- + #include <openssl/evp.h> + #include <openssl/rsa.h> + +@@ -358,11 +356,16 @@ static const struct hnames { + .name = "sha512", + .hashAlg = ALG_SHA512_VALUE, + }, { ++#endif ++#if ALG_SM3_256 ++ .name = "sm3", ++ .hashAlg = ALG_SM3_256_VALUE, ++ }, { + #endif + .name = NULL, + } + }; +-#if HASH_COUNT != ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA512 ++#if HASH_COUNT != ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA512 + ALG_SM3_256 + # error Missing entry in hnames array! + #endif + +@@ -620,3 +623,95 @@ OpenSSLCryptRsaGenerateKey( + } + + #endif // USE_OPENSSL_FUNCTIONS_RSA ++ ++ ++#if ALG_SM4 ++static int SetSM4Key(const uint8_t *key, SM4_KEY *ks, int direction) ++{ ++ int rc = 0; ++ UINT8 ivMAX_SM4_BLOCK_SIZE_BYTES = { 0 }; ++ const EVP_CIPHER *sm4Cipher = EVP_sm4_ecb(); ++ ++ *ks = EVP_CIPHER_CTX_new(); ++ if (*ks == NULL) { ++ return SM4_FAIL; ++ } ++ if (direction == SM4_ENCRYPT) { ++ rc = EVP_EncryptInit_ex(*ks, sm4Cipher, NULL, key, iv); ++ } else { ++ rc = EVP_DecryptInit_ex(*ks, sm4Cipher, NULL, key, iv); ++ } ++ if (rc != SM4_SUCCESS) { ++ return SM4_FAIL; ++ } ++ return SM4_SUCCESS; ++} ++ ++int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks) ++{ ++ return SetSM4Key(key, ks, SM4_ENCRYPT); ++} ++ ++int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks) ++{ ++ return SetSM4Key(key, ks, SM4_DECRYPT); ++} ++ ++static void SM4EncryptDecrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks, int direction) ++{ ++ int outLen = SM4_BLOCK_SIZES; ++ int rc = 0; ++ ++ if (direction == SM4_ENCRYPT) { ++ rc = EVP_EncryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES); ++ } else { ++ rc = EVP_DecryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES); ++ } ++ pAssert(rc != SM4_SUCCESS || outLen != SM4_BLOCK_SIZES); ++} ++ ++void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) ++{ ++ SM4EncryptDecrypt(in, out, ks, SM4_ENCRYPT); ++} ++ ++void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) ++{ ++ SM4EncryptDecrypt(in, out, ks, SM4_DECRYPT); ++} ++ ++void SM4_final(const SM4_KEY *ks) ++{ ++ if (*ks != NULL) { ++ EVP_CIPHER_CTX_cleanup(*ks); ++ } ++} ++#endif ++#if ALG_SM3_256 ++int sm3_init(SM3_TPM_CTX *c) ++{ ++ *c = EVP_MD_CTX_new(); ++ if (*c == NULL) { ++ return SM3_FAIL; ++ } ++ return EVP_DigestInit_ex(*c, EVP_sm3(), NULL); ++} ++ ++int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len) ++{ ++ return EVP_DigestUpdate(*c, data, len); ++} ++ ++int sm3_final(unsigned char *md, SM3_TPM_CTX *c) ++{ ++ uint32_t len = SM3_256_DIGEST_SIZE; ++ int ret = EVP_DigestFinal_ex(*c, md, &len); ++ ++ if (ret != SM3_SUCCESS || len != SM3_256_DIGEST_SIZE) { ++ ret = SM3_FAIL; ++ } ++ EVP_MD_CTX_destroy(*c); ++ *c = NULL; ++ return SM3_SUCCESS; ++} ++#endif +diff --git a/src/tpm2/crypto/openssl/TpmToOsslHash.h b/src/tpm2/crypto/openssl/TpmToOsslHash.h +index 9fa6479..ac10326 100644 +--- a/src/tpm2/crypto/openssl/TpmToOsslHash.h ++++ b/src/tpm2/crypto/openssl/TpmToOsslHash.h +@@ -75,14 +75,12 @@ + # endif // libtpms added end + # undef ALG_SM3_256 + # define ALG_SM3_256 ALG_NO +-# elif OPENSSL_VERSION_NUMBER >= 0x10200000L +-# include <openssl/sm3.h> + # else +-// OpenSSL 1.1.1 keeps smX.h headers in the include/crypto directory, +-// and they do not get installed as part of the libssl package +-# define SM3_LBLOCK (64/4) ++# include <openssl/evp.h> + +-# error Check support for this version of SM3 in OpenSSL (libtpms) ++# define SM3_LBLOCK (64/4) ++# define SM3_SUCCESS 1 ++# define SM3_FAIL 0 + typedef struct SM3state_st { + unsigned int A, B, C, D, E, F, G, H; + unsigned int Nl, Nh; +@@ -90,10 +88,12 @@ typedef struct SM3state_st { + unsigned int num; + } SM3_CTX; + +-int sm3_init(SM3_CTX *c); +-int sm3_update(SM3_CTX *c, const void *data, size_t len); +-int sm3_final(unsigned char *md, SM3_CTX *c); +-# endif // OpenSSL < 1.2 ++typedef EVP_MD_CTX* SM3_TPM_CTX; ++ ++int sm3_init(SM3_TPM_CTX *c); ++int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len); ++int sm3_final(unsigned char *md, SM3_TPM_CTX *c); ++#endif + #endif // ALG_SM3_256 + + #include <openssl/ossl_typ.h> +@@ -108,10 +108,7 @@ int sm3_final(unsigned char *md, SM3_CTX *c); + #define tpmHashStateSHA256_t SHA256_CTX + #define tpmHashStateSHA384_t SHA512_CTX + #define tpmHashStateSHA512_t SHA512_CTX +-#define tpmHashStateSM3_256_t SM3_CTX +-#if ALG_SM3_256 +-# error "The version of OpenSSL used by this code does not support SM3" +-#endif ++#define tpmHashStateSM3_256_t SM3_TPM_CTX + /* The defines below are only needed when compiling CryptHash.c or CryptSmac.c. This isolation + is primarily to avoid name space collision. However, if there is a real collision, it will + likely show up when the linker tries to put things together. */ +diff --git a/src/tpm2/crypto/openssl/TpmToOsslSym.h b/src/tpm2/crypto/openssl/TpmToOsslSym.h +index 521204f..8c6fea2 100644 +--- a/src/tpm2/crypto/openssl/TpmToOsslSym.h ++++ b/src/tpm2/crypto/openssl/TpmToOsslSym.h +@@ -78,22 +78,20 @@ + # if defined(OPENSSL_NO_SM4) || OPENSSL_VERSION_NUMBER < 0x10101010L + # undef ALG_SM4 + # define ALG_SM4 ALG_NO +-# elif OPENSSL_VERSION_NUMBER >= 0x10200000L +-# include <openssl/sm4.h> + # else +-// OpenSSL 1.1.1 keeps smX.h headers in the include/crypto directory, +-// and they do not get installed as part of the libssl package +- +-# define SM4_KEY_SCHEDULE 32 +- +-typedef struct SM4_KEY_st { +- uint32_t rkSM4_KEY_SCHEDULE; +-} SM4_KEY; +- +-int SM4_set_key(const uint8_t *key, SM4_KEY *ks); ++# include <openssl/evp.h> ++ typedef EVP_CIPHER_CTX* SM4_KEY; ++# define SM4_ENCRYPT 1 ++# define SM4_DECRYPT 0 ++# define SM4_SUCCESS 1 ++# define SM4_FAIL 0 ++ ++int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks); ++int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks); + void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); +-# endif // OpenSSL < 1.2 ++void SM4_final(const SM4_KEY *ks); ++# endif + #endif // ALG_SM4 + + #if ALG_CAMELLIA +@@ -120,6 +118,7 @@ typedef void(*TpmCryptSetSymKeyCall_t)( + void *keySchedule + ); + ++typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ + #define SYM_ALIGNMENT 4 /* libtpms: keep old value */ + + /* B.2.2.3.3. Links to the OpenSSL AES code */ +@@ -138,6 +137,7 @@ typedef void(*TpmCryptSetSymKeyCall_t)( + #define TpmCryptEncryptAES AES_encrypt + #define TpmCryptDecryptAES AES_decrypt + #define tpmKeyScheduleAES AES_KEY ++#define TpmCryptFinalAES NULL /* libtpms added */ + + /* B.2.2.3.4. Links to the OpenSSL DES code */ + +@@ -156,6 +156,7 @@ typedef void(*TpmCryptSetSymKeyCall_t)( + #define TpmCryptEncryptTDES TDES_encrypt + #define TpmCryptDecryptTDES TDES_decrypt + #define tpmKeyScheduleTDES DES_key_schedule ++#define TpmCryptFinalTDES NULL /* libtpms added */ + + #if ALG_TDES // libtpms added begin + #include "TpmToOsslDesSupport_fp.h" +@@ -165,14 +166,15 @@ typedef void(*TpmCryptSetSymKeyCall_t)( + /* Macros to set up the encryption/decryption key schedules */ + + #define TpmCryptSetEncryptKeySM4(key, keySizeInBits, schedule) \ +- SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule)) ++ SM4_set_encrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ + #define TpmCryptSetDecryptKeySM4(key, keySizeInBits, schedule) \ +- SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule)) ++ SM4_set_decrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ + /* Macros to alias encryption calls to specific algorithms. This should be used sparingly. */ + + #define TpmCryptEncryptSM4 SM4_encrypt + #define TpmCryptDecryptSM4 SM4_decrypt + #define tpmKeyScheduleSM4 SM4_KEY ++#define TpmCryptFinalSM4 SM4_final /* libtpms added */ + + /* B.2.2.3.6. Links to the OpenSSL CAMELLIA code */ + /* Macros to set up the encryption/decryption key schedules */ +@@ -187,6 +189,7 @@ typedef void(*TpmCryptSetSymKeyCall_t)( + #define TpmCryptEncryptCAMELLIA Camellia_encrypt + #define TpmCryptDecryptCAMELLIA Camellia_decrypt + #define tpmKeyScheduleCAMELLIA CAMELLIA_KEY ++#define TpmCryptFinalCAMELLIA NULL /* libtpms added */ + + /* Forward reference */ + +diff --git a/src/tpm_tpm2_interface.c b/src/tpm_tpm2_interface.c +index 8d8117e..757ff00 100644 +--- a/src/tpm_tpm2_interface.c ++++ b/src/tpm_tpm2_interface.c +@@ -370,6 +370,9 @@ static char *TPM2_GetInfo(enum TPMLIB_InfoFlags flags) + "\"TPMFeatures\":{" + "\"RSAKeySizes\":%s," + "\"CamelliaKeySizes\":%s" ++#if ALG_SM4 ++ ", \"SM4KeySizes\":128" ++#endif + "}"; + char *fmt = NULL, *buffer; + bool printed = false; +-- +2.39.3 (Apple Git-145) +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/libtpms.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2